Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
NL Hybrid.exe

Overview

General Information

Sample name:NL Hybrid.exe
Analysis ID:1582853
MD5:9758f9f6962c1b2244ac185c6fb4482f
SHA1:ac2281ca5f67e2045eb0688ff5b720a77269cffc
SHA256:8638581592e1368094aee96942006f6ed6161f58ed18b3492450c7c21dea133d
Tags:exeuser-JaffaCakes118
Infos:

Detection

Titanium Proxy, PureLog Stealer
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected PureLog Stealer
.NET source code contains potential unpacker
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Yara detected Costura Assembly Loader
Yara detected Titanium Proxy
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (may stop execution after checking a module file name)
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara signature match

Classification

Process Tree

  • System is w10x64
  • NL Hybrid.exe (PID: 5672 cmdline: "C:\Users\user\Desktop\NL Hybrid.exe" MD5: 9758F9F6962C1B2244AC185C6FB4482F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
NL Hybrid.exeMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
  • 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
  • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
  • 0x700:$s3: 83 EC 38 53 B0 E7 88 44 24 2B 88 44 24 2F B0 29 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
  • 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
  • 0x1e9d0:$s5: delete[]
  • 0x1de88:$s6: constructor or from DllMain.

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000003.1751993822.0000000004D61000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_TitaniumProxyYara detected Titanium ProxyJoe Security
    00000000.00000002.2739113849.00000000086C0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_TitaniumProxyYara detected Titanium ProxyJoe Security
      00000000.00000002.2736469369.0000000004A25000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_TitaniumProxyYara detected Titanium ProxyJoe Security
        00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_TitaniumProxyYara detected Titanium ProxyJoe Security
          00000000.00000003.1672793617.0000000005D56000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            Click to see the 12 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.NL Hybrid.exe.4a25fd8.9.raw.unpackJoeSecurity_TitaniumProxyYara detected Titanium ProxyJoe Security
              0.2.NL Hybrid.exe.4a25fd8.9.unpackJoeSecurity_TitaniumProxyYara detected Titanium ProxyJoe Security
                0.2.NL Hybrid.exe.86c0000.17.unpackJoeSecurity_TitaniumProxyYara detected Titanium ProxyJoe Security
                  0.2.NL Hybrid.exe.86c0000.17.raw.unpackJoeSecurity_TitaniumProxyYara detected Titanium ProxyJoe Security
                    0.0.NL Hybrid.exe.400000.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                    • 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
                    • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
                    • 0x700:$s3: 83 EC 38 53 B0 E7 88 44 24 2B 88 44 24 2F B0 29 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
                    • 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
                    • 0x1e9d0:$s5: delete[]
                    • 0x1de88:$s6: constructor or from DllMain.
                    Click to see the 25 entries

                    Sigma Signatures

                    No Sigma rule has matched

                    Suricata Signatures

                    No Suricata rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Multi AV Scanner detection for submitted file
                    Source: NL Hybrid.exeReversingLabs: Detection: 48%
                    Source: NL Hybrid.exeVirustotal: Detection: 62%Perma Link
                    Machine Learning detection for sample
                    Source: NL Hybrid.exeJoe Sandbox ML: detected
                    Source: NL Hybrid.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 104.21.24.64:443 -> 192.168.2.4:49730 version: TLS 1.0
                    Source: unknownHTTPS traffic detected: 104.21.24.64:443 -> 192.168.2.4:49733 version: TLS 1.0
                    Source: unknownHTTPS traffic detected: 104.21.24.64:443 -> 192.168.2.4:49734 version: TLS 1.0
                    Source: Binary string: D:\a\titanium-web-proxy\titanium-web-proxy\src\Titanium.Web.Proxy\obj\Debug\net461\Titanium.Web.Proxy.pdbSHA256H source: NL Hybrid.exe, 00000000.00000002.2739113849.00000000086C0000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004A25000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2735477238.0000000004015000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection/Release/net462/Microsoft.Extensions.DependencyInjection.pdb source: NL Hybrid.exe, 00000000.00000002.2738020279.0000000007710000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: costura.costura.dll.compressedcostura.costura.pdb.compressed source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netfx\System.Memory.pdb source: NL Hybrid.exe, 00000000.00000002.2739226077.0000000008930000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000003.1751993822.0000000004D61000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2735477238.0000000004015000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004925000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: costura.dotnetzip.pdb.compressed source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: D:\a\titanium-web-proxy\titanium-web-proxy\src\Titanium.Web.Proxy\obj\Debug\net461\Titanium.Web.Proxy.pdb source: NL Hybrid.exe, 00000000.00000002.2739113849.00000000086C0000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004A25000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2735477238.0000000004015000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2740147398.0000000009550000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: /_/src/CommunityToolkit.Mvvm/obj/Release/netstandard2.0/CommunityToolkit.Mvvm.pdbSHA256 source: NL Hybrid.exe, 00000000.00000002.2738108174.0000000007850000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2740147398.0000000009550000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: $^q1costura.telerik.networkconnections.pdb.compressedlB^q source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: $^q,costura.communitytoolkit.mvvm.pdb.compressed source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: costura.costura.pdb.compressed source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: $^q costura.dotnetzip.pdb.compressed source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection.Abstractions/Release/net462/Microsoft.Extensions.DependencyInjection.Abstractions.pdb source: NL Hybrid.exe, 00000000.00000002.2734291147.00000000028E0000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection.Abstractions/Release/net462/Microsoft.Extensions.DependencyInjection.Abstractions.pdbSHA256OE source: NL Hybrid.exe, 00000000.00000002.2734291147.00000000028E0000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection/Release/net462/Microsoft.Extensions.DependencyInjection.pdbSHA256# source: NL Hybrid.exe, 00000000.00000002.2738020279.0000000007710000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Threading.Tasks.Extensions\netfx\System.Threading.Tasks.Extensions.pdb source: NL Hybrid.exe, 00000000.00000002.2738087250.0000000007840000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: microsoft.extensions.dependencyinjection.abstractions costura.microsoft.extensions.dependencyinjection.abstractions.dll.compressed!microsoft.extensions.dependencyinjection"costura.microsoft.extensions.dependencyinjection.dll.compressed#microsoft.extensions.diagnostics.abstractions$costura.microsoft.extensions.diagnostics.abstractions.dll.compressed%microsoft.extensions.diagnostics&costura.microsoft.extensions.diagnostics.dll.compressed'microsoft.extensions.fileproviders.abstractions(costura.microsoft.extensions.fileproviders.abstractions.dll.compressed)microsoft.extensions.fileproviders.physical*costura.microsoft.extensions.fileproviders.physical.dll.compressed+microsoft.extensions.filesystemglobbing,costura.microsoft.extensions.filesystemglobbing.dll.compressed-microsoft.extensions.hosting.abstractions.costura.microsoft.extensions.hosting.abstractions.dll.compressed/microsoft.extensions.hosting0costura.microsoft.extensions.hosting.dll.compressed1microsoft.extensions.logging.abstractions2costura.microsoft.extensions.logging.abstractions.dll.compressed3microsoft.extensions.logging.configuration4costura.microsoft.extensions.logging.configuration.dll.compressed5microsoft.extensions.logging.console6costura.microsoft.extensions.logging.console.dll.compressed7microsoft.extensions.logging.debug8costura.microsoft.extensions.logging.debug.dll.compressed9microsoft.extensions.logging:costura.microsoft.extensions.logging.dll.compressed;microsoft.extensions.logging.eventlog<costura.microsoft.extensions.logging.eventlog.dll.compressed=microsoft.extensions.logging.eventsource>costura.microsoft.extensions.logging.eventsource.dll.compressed?microsoft.extensions.options.configurationextensions@costura.microsoft.extensions.options.configurationextensions.dll.compressedAmicrosoft.extensions.optionsBcostura.microsoft.extensions.options.dll.compressedCmicrosoft.extensions.primitivesDcostura.microsoft.extensions.primitives.dll.compressedEmicrosoft.win32.registryFcostura.microsoft.win32.registry.dll.compressedGnewtonsoft.jsonHcostura.newtonsoft.json.dll.compressedIrestsharpJcostura.restsharp.dll.compressedKsystem.buffersLcostura.system.buffers.dll.compressedMsystem.componentmodel.annotationsNcostura.system.componentmodel.annotations.dll.compressedOsystem.diagnostics.diagnosticsourcePcostura.system.diagnostics.diagnosticsource.dll.compressedQsystem.io.pipelinesRcostura.system.io.pipelines.dll.compressedSsystem.memoryTcostura.system.memory.dll.compressedUsystem.numerics.vectorsVcostura.system.numerics.vectors.dll.compressedWsystem.runtime.compilerservices.unsafeXcostura.system.runtime.compilerservices.unsafe.dll.compressedYsystem.security.accesscontrolZcostura.system.security.accesscontrol.dll.compressed[system.security.principal.windows\costura.system.security.principal.windows.dll.compressed]system.text.encodings.web^costura.system.text.encodings.web.dll.compressed_system.text.json`costura.system.text.json.dll.compressedasystem.threading.tasks.extensionsbcostura.system.
                    Source: Binary string: /_/src/CommunityToolkit.Mvvm/obj/Release/netstandard2.0/CommunityToolkit.Mvvm.pdb source: NL Hybrid.exe, 00000000.00000002.2738108174.0000000007850000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/Release/net462/Microsoft.Bcl.AsyncInterfaces.pdb source: NL Hybrid.exe, 00000000.00000002.2738066835.0000000007830000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/Release/net462/Microsoft.Bcl.AsyncInterfaces.pdbSHA256 source: NL Hybrid.exe, 00000000.00000002.2738066835.0000000007830000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: costura.communitytoolkit.mvvm.pdb.compressed source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmp

                    Networking

                    barindex
                    Performs DNS queries to domains with low reputation
                    Source: DNS query: nlhybrid.xyz
                    Yara detected Titanium Proxy
                    Source: Yara matchFile source: 0.2.NL Hybrid.exe.4a25fd8.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NL Hybrid.exe.4a25fd8.9.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NL Hybrid.exe.86c0000.17.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NL Hybrid.exe.86c0000.17.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000003.1751993822.0000000004D61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2739113849.00000000086C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2736469369.0000000004A25000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: NL Hybrid.exe PID: 5672, type: MEMORYSTR
                    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                    Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                    Source: global trafficHTTP traffic detected: GET /app3/download/fn.png HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: nlhybrid.xyzConnection: Keep-Alive
                    Source: unknownHTTPS traffic detected: 104.21.24.64:443 -> 192.168.2.4:49730 version: TLS 1.0
                    Source: unknownHTTPS traffic detected: 104.21.24.64:443 -> 192.168.2.4:49733 version: TLS 1.0
                    Source: unknownHTTPS traffic detected: 104.21.24.64:443 -> 192.168.2.4:49734 version: TLS 1.0
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /app3/download/fn.png HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: nlhybrid.xyzConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: nlhybrid.xyz
                    Source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2740147398.0000000009550000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004925000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2738108174.0000000007850000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                    Source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2740147398.0000000009550000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004925000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2738108174.0000000007850000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
                    Source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2740147398.0000000009550000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004925000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2738108174.0000000007850000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                    Source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2740147398.0000000009550000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004925000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2738108174.0000000007850000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                    Source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2740147398.0000000009550000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004925000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2738108174.0000000007850000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
                    Source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2740147398.0000000009550000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004925000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2738108174.0000000007850000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                    Source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2740147398.0000000009550000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004925000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2738108174.0000000007850000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
                    Source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2740147398.0000000009550000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004925000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2738108174.0000000007850000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                    Source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2740147398.0000000009550000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004925000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2738108174.0000000007850000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                    Source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2740147398.0000000009550000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004925000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2738108174.0000000007850000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
                    Source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004925000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2738108174.0000000007850000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0
                    Source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2740147398.0000000009550000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003EF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/NL%20Hybrid;component/views/pages/dashboardpage.xamld
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003EF2000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2735477238.0000000003E1D000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2735477238.0000000003E79000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2735477238.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2735477238.00000000040B9000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2735477238.0000000003EB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Wpf.Ui;component/Resources/Fonts/fluentsystemicons-regular.ttfd
                    Source: NL Hybrid.exe, 00000000.00000003.1735555890.0000000004DFC000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000003.1754574936.0000000009453000.00000004.00000020.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000003.1755337806.0000000009453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fontello.com
                    Source: NL Hybrid.exe, 00000000.00000003.1736201498.0000000007ACE000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2739357964.0000000008C3D000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000003.1735555890.0000000004DFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontello.comFluentSystemIcons-FilledRegularFluentSystemIcons-FilledFluentSystemIcons-FilledVe
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.00000000040B9000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2739357964.0000000008C3D000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://fontello.comFluentSystemIcons-RegularRegularFluentSystemIcons-RegularFluentSystemIcons-Regula
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003EF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/views/pages/dashboardpage.baml
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003EF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/views/pages/dashboardpage.bamld
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003EF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/views/pages/dashboardpage.xaml
                    Source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://james.newtonking.com/projects/json
                    Source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2740147398.0000000009550000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004925000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2738108174.0000000007850000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                    Source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2740147398.0000000009550000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004925000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2738108174.0000000007850000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                    Source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2740147398.0000000009550000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004925000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2738108174.0000000007850000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
                    Source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2740147398.0000000009550000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004925000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2738108174.0000000007850000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                    Source: NL Hybrid.exe, 00000000.00000003.1736201498.0000000007ACE000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2735477238.0000000003EF2000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2739357964.0000000008B40000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000003.1736201498.00000000079D2000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2735477238.0000000003D24000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000003.1735555890.0000000004DFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.lepo.co/wpfui/2022/xaml
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003B29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2740147398.0000000009550000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004925000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2738108174.0000000007850000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account-public-service-prod.ol.epicgames.com/account/api/oauth/exchange
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account-public-service-prod.ol.epicgames.com/account/api/oauth/tokenFgrant_type=device_code&
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account-public-service-prod.ol.epicgames.com/account/api/public/account/
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account-public-service-prod03.ol.epicgames.com/account/api/oauth/deviceAuthorization
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account-public-service-prod03.ol.epicgames.com/account/api/oauth/token:grant_type=client_cre
                    Source: NL Hybrid.exe, 00000000.00000002.2738108174.0000000007850000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://aka.ms/toolkit/dotnet
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bstlar.com/Hb/nlproxykeyw/NL
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bstlar.com/keys/validate/
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fortnite-api.com/v2/cosmetics/br/search?
                    Source: NL Hybrid.exe, 00000000.00000002.2738108174.0000000007850000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/CommunityToolkit/dotnet
                    Source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2740147398.0000000009550000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
                    Source: NL Hybrid.exe, 00000000.00000002.2739226077.0000000008930000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000003.1751993822.0000000004D61000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2735477238.0000000004015000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004925000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/32b491939fbd125f304031c35038b1e14b4e3958
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000004015000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004925000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/32b491939fbd125f304031c35038b1e14b4e39588
                    Source: NL Hybrid.exe, 00000000.00000002.2738087250.0000000007840000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f
                    Source: NL Hybrid.exe, 00000000.00000002.2738087250.0000000007840000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f8
                    Source: NL Hybrid.exe, 00000000.00000002.2738066835.0000000007830000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2734291147.00000000028E0000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2738020279.0000000007710000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/runtime
                    Source: NL Hybrid.exe, 00000000.00000003.1736201498.0000000007ACE000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2739357964.0000000008B40000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000003.1736201498.00000000079D2000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000003.1735555890.0000000004DFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lepoco/wpfui
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003B29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nlhybrid.xyz
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003B29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nlhybrid.xyz/app1
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nlhybrid.xyz/app1/download/OGmdnsNSP.dllZhttps://nlhybrid.xyz/app3/download/NLUtil.exe
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003B29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nlhybrid.xyz/app1/download/currentversion.json
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nlhybrid.xyz/app1vhttps://nlhybrid.xyz/app1/download/currentversion.json
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nlhybrid.xyz/app2/login?username=
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nlhybrid.xyz/app3/download/RealSplashScreen.png?raw=true
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nlhybrid.xyz/app3/download/SplashScreen.png
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003F66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nlhybrid.xyz/app3/download/disco
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003F66000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2735477238.0000000003D24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nlhybrid.xyz/app3/download/discord.png
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nlhybrid.xyz/app3/download/discord.pngj/NL
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003EF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nlhybrid.xyz/app3/download/f
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.00000000040B9000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2735477238.0000000003D24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nlhybrid.xyz/app3/download/fn.png
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nlhybrid.xyz/app3/download/mdnsNSP.dll
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nlhybrid.xyz/locker/add/
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nlhybrid.xyz/locker/clear/test/
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nlhybrid.xyz/locker/remove/
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nlhybrid.xyz/locker/reset/test/NSuccessfully
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nlhybrid.xyz/stats/
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003F66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nlhybrid.xyzD
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nlhybrid.xyzvSoftware
                    Source: NL Hybrid.exe, 00000000.00000002.2738229369.00000000078D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/CommunityToolkit/dotnet/5320d4f621e145c60ef4180ea66fe57f12f0f58a/
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.discord.gg/namelessctX/C
                    Source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2740147398.0000000009550000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.newtonsoft.com/json
                    Source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.newtonsoft.com/jsonschema
                    Source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2740147398.0000000009550000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: NL Hybrid.exe, type: SAMPLEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.0.NL Hybrid.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.2.NL Hybrid.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_00408C600_2_00408C60
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_0040DC110_2_0040DC11
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_00407C3F0_2_00407C3F
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_00418CCC0_2_00418CCC
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_00406CA00_2_00406CA0
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_004028B00_2_004028B0
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_0041A4BE0_2_0041A4BE
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_00408C600_2_00408C60
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_004182440_2_00418244
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_004016500_2_00401650
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_00402F200_2_00402F20
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_004193C40_2_004193C4
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_004187880_2_00418788
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_00402F890_2_00402F89
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_00402B900_2_00402B90
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_004073A00_2_004073A0
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_029050F80_2_029050F8
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_029051080_2_02905108
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_076F6D200_2_076F6D20
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_076F6D100_2_076F6D10
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_077319080_2_07731908
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_077300F10_2_077300F1
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_077318FB0_2_077318FB
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_078CDDC70_2_078CDDC7
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_078CDDD80_2_078CDDD8
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_083A87DF0_2_083A87DF
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: String function: 0040E1D8 appears 43 times
                    Source: NL Hybrid.exe, 00000000.00000003.1736201498.0000000007ACE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWpf.Ui.dll. vs NL Hybrid.exe
                    Source: NL Hybrid.exe, 00000000.00000002.2738066835.0000000007830000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Bcl.AsyncInterfaces.dll@ vs NL Hybrid.exe
                    Source: NL Hybrid.exe, 00000000.00000003.1672590900.0000000000BC2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMsMpLics.dllj% vs NL Hybrid.exe
                    Source: NL Hybrid.exe, 00000000.00000003.1672459297.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMsMpLics.dllj% vs NL Hybrid.exe
                    Source: NL Hybrid.exe, 00000000.00000002.2734291147.00000000028E0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Extensions.DependencyInjection.Abstractions.dll@ vs NL Hybrid.exe
                    Source: NL Hybrid.exe, 00000000.00000002.2738087250.0000000007840000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSystem.Threading.Tasks.Extensions.dllT vs NL Hybrid.exe
                    Source: NL Hybrid.exe, 00000000.00000002.2739113849.00000000086C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTitanium.Web.Proxy.dllF vs NL Hybrid.exe
                    Source: NL Hybrid.exe, 00000000.00000002.2739226077.0000000008930000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSystem.Memory.dllT vs NL Hybrid.exe
                    Source: NL Hybrid.exe, 00000000.00000003.1751993822.0000000004D61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSystem.Memory.dllT vs NL Hybrid.exe
                    Source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTitanium.Web.Proxy.dllF vs NL Hybrid.exe
                    Source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs NL Hybrid.exe
                    Source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004A25000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTitanium.Web.Proxy.dllF vs NL Hybrid.exe
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs NL Hybrid.exe
                    Source: NL Hybrid.exe, 00000000.00000003.1735555890.00000000050DD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWpf.Ui.dll. vs NL Hybrid.exe
                    Source: NL Hybrid.exe, 00000000.00000002.2738020279.0000000007710000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Extensions.DependencyInjection.dll@ vs NL Hybrid.exe
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000004015000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTitanium.Web.Proxy.dllF vs NL Hybrid.exe
                    Source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000004015000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSystem.Memory.dllT vs NL Hybrid.exe
                    Source: NL Hybrid.exe, 00000000.00000002.2740147398.0000000009550000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs NL Hybrid.exe
                    Source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004925000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSystem.Memory.dllT vs NL Hybrid.exe
                    Source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs NL Hybrid.exe
                    Source: NL Hybrid.exe, 00000000.00000002.2739357964.0000000008C3D000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameWpf.Ui.dll. vs NL Hybrid.exe
                    Source: NL Hybrid.exe, 00000000.00000002.2738108174.0000000007850000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCommunityToolkit.Mvvm.dllN vs NL Hybrid.exe
                    Source: NL Hybrid.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                    Source: NL Hybrid.exe, type: SAMPLEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.0.NL Hybrid.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.2.NL Hybrid.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.2.NL Hybrid.exe.86c0000.17.raw.unpack, TcpConnectionFactory.csTask registration methods: 'CreateTask'
                    Source: 0.2.NL Hybrid.exe.4a25fd8.9.raw.unpack, TcpConnectionFactory.csTask registration methods: 'CreateTask'
                    Source: 0.2.NL Hybrid.exe.7710000.13.raw.unpack, DependencyInjectionEventSourceExtensions.csSuspicious method names: .DependencyInjectionEventSourceExtensions.ExpressionTreeGenerated
                    Source: 0.2.NL Hybrid.exe.7710000.13.raw.unpack, DependencyInjectionEventSource.csSuspicious method names: .DependencyInjectionEventSource.ExpressionTreeGenerated
                    Source: 0.2.NL Hybrid.exe.7710000.13.raw.unpack, DependencyInjectionEventSource.csSuspicious method names: .DependencyInjectionEventSource.ServiceRealizationFailed
                    Source: 0.2.NL Hybrid.exe.7710000.13.raw.unpack, DependencyInjectionEventSource.csSuspicious method names: .DependencyInjectionEventSource.ScopeDisposed
                    Source: 0.2.NL Hybrid.exe.7710000.13.raw.unpack, DependencyInjectionEventSource.csSuspicious method names: .DependencyInjectionEventSource.DynamicMethodBuilt
                    Source: 0.2.NL Hybrid.exe.7710000.13.raw.unpack, DependencyInjectionEventSource.csSuspicious method names: .DependencyInjectionEventSource.ServiceProviderDescriptors
                    Source: 0.2.NL Hybrid.exe.7710000.13.raw.unpack, DependencyInjectionEventSource.csSuspicious method names: .DependencyInjectionEventSource.WriteServiceProviderBuilt
                    Source: 0.2.NL Hybrid.exe.7710000.13.raw.unpack, DependencyInjectionEventSource.csSuspicious method names: .DependencyInjectionEventSource.ServiceResolved
                    Source: 0.2.NL Hybrid.exe.7710000.13.raw.unpack, DependencyInjectionEventSource.csSuspicious method names: .DependencyInjectionEventSource.ServiceProviderBuilt
                    Source: 0.2.NL Hybrid.exe.7710000.13.raw.unpack, DependencyInjectionEventSource.csSuspicious method names: .DependencyInjectionEventSource.OnEventCommand
                    Source: 0.2.NL Hybrid.exe.7710000.13.raw.unpack, DependencyInjectionEventSource.csSuspicious method names: .DependencyInjectionEventSource.CallSiteBuilt
                    Source: 0.2.NL Hybrid.exe.7710000.13.raw.unpack, DependencyInjectionEventSource.csSuspicious method names: .DependencyInjectionEventSource.ServiceProviderDisposed
                    Source: 0.2.NL Hybrid.exe.7710000.13.raw.unpack, DependencyInjectionEventSource.csSuspicious method names: .DependencyInjectionEventSource.AppendServiceDescriptor
                    Source: classification engineClassification label: mal84.troj.evad.winEXE@1/2@1/1
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,KiUserExceptionDispatcher,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,KiUserExceptionDispatcher,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
                    Source: C:\Users\user\Desktop\NL Hybrid.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF756B.tmpJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeMutant created: NULL
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCommand line argument: 08A0_2_00413780
                    Source: NL Hybrid.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: C:\Users\user\Desktop\NL Hybrid.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: NL Hybrid.exeReversingLabs: Detection: 48%
                    Source: NL Hybrid.exeVirustotal: Detection: 62%
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: dwmapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: d3d9.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: d3d10warp.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: powrprof.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: umpdc.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: dataexchange.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: d3d11.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: dcomp.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: dxgi.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: twinapi.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: resourcepolicyclient.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: dxcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: msctfui.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: uiautomationcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: d3dcompiler_47.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\NL Hybrid.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: NL Hybrid.exeStatic file information: File size 6482432 > 1048576
                    Source: NL Hybrid.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x60ca00
                    Source: NL Hybrid.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: Binary string: D:\a\titanium-web-proxy\titanium-web-proxy\src\Titanium.Web.Proxy\obj\Debug\net461\Titanium.Web.Proxy.pdbSHA256H source: NL Hybrid.exe, 00000000.00000002.2739113849.00000000086C0000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004A25000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2735477238.0000000004015000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection/Release/net462/Microsoft.Extensions.DependencyInjection.pdb source: NL Hybrid.exe, 00000000.00000002.2738020279.0000000007710000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: costura.costura.dll.compressedcostura.costura.pdb.compressed source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netfx\System.Memory.pdb source: NL Hybrid.exe, 00000000.00000002.2739226077.0000000008930000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000003.1751993822.0000000004D61000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2735477238.0000000004015000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004925000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: costura.dotnetzip.pdb.compressed source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: D:\a\titanium-web-proxy\titanium-web-proxy\src\Titanium.Web.Proxy\obj\Debug\net461\Titanium.Web.Proxy.pdb source: NL Hybrid.exe, 00000000.00000002.2739113849.00000000086C0000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004A25000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2735477238.0000000004015000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2740147398.0000000009550000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: /_/src/CommunityToolkit.Mvvm/obj/Release/netstandard2.0/CommunityToolkit.Mvvm.pdbSHA256 source: NL Hybrid.exe, 00000000.00000002.2738108174.0000000007850000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: NL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2740147398.0000000009550000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: $^q1costura.telerik.networkconnections.pdb.compressedlB^q source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: $^q,costura.communitytoolkit.mvvm.pdb.compressed source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: costura.costura.pdb.compressed source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: $^q costura.dotnetzip.pdb.compressed source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection.Abstractions/Release/net462/Microsoft.Extensions.DependencyInjection.Abstractions.pdb source: NL Hybrid.exe, 00000000.00000002.2734291147.00000000028E0000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection.Abstractions/Release/net462/Microsoft.Extensions.DependencyInjection.Abstractions.pdbSHA256OE source: NL Hybrid.exe, 00000000.00000002.2734291147.00000000028E0000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection/Release/net462/Microsoft.Extensions.DependencyInjection.pdbSHA256# source: NL Hybrid.exe, 00000000.00000002.2738020279.0000000007710000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Threading.Tasks.Extensions\netfx\System.Threading.Tasks.Extensions.pdb source: NL Hybrid.exe, 00000000.00000002.2738087250.0000000007840000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: microsoft.extensions.dependencyinjection.abstractions costura.microsoft.extensions.dependencyinjection.abstractions.dll.compressed!microsoft.extensions.dependencyinjection"costura.microsoft.extensions.dependencyinjection.dll.compressed#microsoft.extensions.diagnostics.abstractions$costura.microsoft.extensions.diagnostics.abstractions.dll.compressed%microsoft.extensions.diagnostics&costura.microsoft.extensions.diagnostics.dll.compressed'microsoft.extensions.fileproviders.abstractions(costura.microsoft.extensions.fileproviders.abstractions.dll.compressed)microsoft.extensions.fileproviders.physical*costura.microsoft.extensions.fileproviders.physical.dll.compressed+microsoft.extensions.filesystemglobbing,costura.microsoft.extensions.filesystemglobbing.dll.compressed-microsoft.extensions.hosting.abstractions.costura.microsoft.extensions.hosting.abstractions.dll.compressed/microsoft.extensions.hosting0costura.microsoft.extensions.hosting.dll.compressed1microsoft.extensions.logging.abstractions2costura.microsoft.extensions.logging.abstractions.dll.compressed3microsoft.extensions.logging.configuration4costura.microsoft.extensions.logging.configuration.dll.compressed5microsoft.extensions.logging.console6costura.microsoft.extensions.logging.console.dll.compressed7microsoft.extensions.logging.debug8costura.microsoft.extensions.logging.debug.dll.compressed9microsoft.extensions.logging:costura.microsoft.extensions.logging.dll.compressed;microsoft.extensions.logging.eventlog<costura.microsoft.extensions.logging.eventlog.dll.compressed=microsoft.extensions.logging.eventsource>costura.microsoft.extensions.logging.eventsource.dll.compressed?microsoft.extensions.options.configurationextensions@costura.microsoft.extensions.options.configurationextensions.dll.compressedAmicrosoft.extensions.optionsBcostura.microsoft.extensions.options.dll.compressedCmicrosoft.extensions.primitivesDcostura.microsoft.extensions.primitives.dll.compressedEmicrosoft.win32.registryFcostura.microsoft.win32.registry.dll.compressedGnewtonsoft.jsonHcostura.newtonsoft.json.dll.compressedIrestsharpJcostura.restsharp.dll.compressedKsystem.buffersLcostura.system.buffers.dll.compressedMsystem.componentmodel.annotationsNcostura.system.componentmodel.annotations.dll.compressedOsystem.diagnostics.diagnosticsourcePcostura.system.diagnostics.diagnosticsource.dll.compressedQsystem.io.pipelinesRcostura.system.io.pipelines.dll.compressedSsystem.memoryTcostura.system.memory.dll.compressedUsystem.numerics.vectorsVcostura.system.numerics.vectors.dll.compressedWsystem.runtime.compilerservices.unsafeXcostura.system.runtime.compilerservices.unsafe.dll.compressedYsystem.security.accesscontrolZcostura.system.security.accesscontrol.dll.compressed[system.security.principal.windows\costura.system.security.principal.windows.dll.compressed]system.text.encodings.web^costura.system.text.encodings.web.dll.compressed_system.text.json`costura.system.text.json.dll.compressedasystem.threading.tasks.extensionsbcostura.system.
                    Source: Binary string: /_/src/CommunityToolkit.Mvvm/obj/Release/netstandard2.0/CommunityToolkit.Mvvm.pdb source: NL Hybrid.exe, 00000000.00000002.2738108174.0000000007850000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/Release/net462/Microsoft.Bcl.AsyncInterfaces.pdb source: NL Hybrid.exe, 00000000.00000002.2738066835.0000000007830000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/Release/net462/Microsoft.Bcl.AsyncInterfaces.pdbSHA256 source: NL Hybrid.exe, 00000000.00000002.2738066835.0000000007830000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: costura.communitytoolkit.mvvm.pdb.compressed source: NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: 0.2.NL Hybrid.exe.86c0000.17.raw.unpack, WinCertificateMaker.cs.Net Code: MakeCertificate
                    Source: 0.2.NL Hybrid.exe.4a25fd8.9.raw.unpack, WinCertificateMaker.cs.Net Code: MakeCertificate
                    Source: 0.2.NL Hybrid.exe.9550000.20.raw.unpack, DynamicUtils.cs.Net Code: CreateSharpArgumentInfoArray
                    Source: 0.2.NL Hybrid.exe.9550000.20.raw.unpack, LateBoundReflectionDelegateFactory.cs.Net Code: CreateDefaultConstructor
                    Yara detected Costura Assembly Loader
                    Source: Yara matchFile source: 0.3.NL Hybrid.exe.5d56f28.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.NL Hybrid.exe.4f81f90.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NL Hybrid.exe.3014f36.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NL Hybrid.exe.3014f36.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.NL Hybrid.exe.4f81f90.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NL Hybrid.exe.64c0000.11.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NL Hybrid.exe.64c0f08.10.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.NL Hybrid.exe.5d56f28.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NL Hybrid.exe.6c20000.12.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NL Hybrid.exe.6c20000.12.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NL Hybrid.exe.64c0f08.10.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NL Hybrid.exe.64c0000.11.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000003.1672793617.0000000005D56000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2734701441.0000000003014000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2737516864.0000000006C20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2737121958.00000000064C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000003.1682595717.0000000004E2A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: NL Hybrid.exe PID: 5672, type: MEMORYSTR
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,KiUserExceptionDispatcher,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
                    Source: NL Hybrid.exeStatic PE information: real checksum: 0x23bfb should be: 0x63655d
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_0040E21D push ecx; ret 0_2_0040E230
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_0040BB97 push dword ptr [ecx-75h]; iretd 0_2_0040BBA3
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_076F50AA push 8B049258h; iretd 0_2_076F50AF
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_076F5A62 push ds; retf 0003h0_2_076F5A6F
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_07737659 push esp; retf 0_2_07737664
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_083A3245 push 0000005Eh; iretd 0_2_083A32EE
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_095478FD push ebx; iretd 0_2_0954790A
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeMemory allocated: 2860000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeMemory allocated: 3920000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeMemory allocated: 2860000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeMemory allocated: 79D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeMemory allocated: 89D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,KiUserExceptionDispatcher,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
                    Source: C:\Users\user\Desktop\NL Hybrid.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeWindow / User API: threadDelayed 446Jump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_0-59494
                    Source: C:\Users\user\Desktop\NL Hybrid.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_0-59535
                    Source: C:\Users\user\Desktop\NL Hybrid.exe TID: 3848Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exe TID: 3848Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exe TID: 6692Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exe TID: 4280Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: NL Hybrid.exe, 00000000.00000003.1744125442.000000000796E000.00000004.00000020.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000003.1785379436.000000000796E000.00000004.00000020.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2738385812.000000000796E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll[
                    Source: C:\Users\user\Desktop\NL Hybrid.exeAPI call chain: ExitProcess graph end nodegraph_0-59496
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_078C2400 LdrInitializeThunk,0_2_078C2400
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0040CE09
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,KiUserExceptionDispatcher,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,KiUserExceptionDispatcher,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_0040ADB0 GetProcessHeap,HeapFree,0_2_0040ADB0
                    Source: C:\Users\user\Desktop\NL Hybrid.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0040CE09
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0040E61C
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00416F6A
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_004123F1 SetUnhandledExceptionFilter,0_2_004123F1
                    Source: C:\Users\user\Desktop\NL Hybrid.exeMemory allocated: page read and write | page guardJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: GetLocaleInfoA,0_2_00417A20
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Controls.Ribbon\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Controls.Ribbon.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF756B.tmp VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NL Hybrid.exeCode function: 0_2_00412A15 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00412A15
                    Source: C:\Users\user\Desktop\NL Hybrid.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 0.3.NL Hybrid.exe.5d56f28.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.NL Hybrid.exe.4f81f90.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NL Hybrid.exe.3014f36.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NL Hybrid.exe.3014f36.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.NL Hybrid.exe.4f81f90.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NL Hybrid.exe.64c0000.11.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NL Hybrid.exe.64c0f08.10.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.NL Hybrid.exe.5d56f28.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NL Hybrid.exe.6c20000.12.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NL Hybrid.exe.6c20000.12.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NL Hybrid.exe.64c0f08.10.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NL Hybrid.exe.64c0000.11.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000003.1672793617.0000000005D56000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2734701441.0000000003014000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2737516864.0000000006C20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2737121958.00000000064C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000003.1682595717.0000000004E2A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                    Remote Access Functionality

                    barindex
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 0.3.NL Hybrid.exe.5d56f28.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.NL Hybrid.exe.4f81f90.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NL Hybrid.exe.3014f36.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NL Hybrid.exe.3014f36.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.NL Hybrid.exe.4f81f90.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NL Hybrid.exe.64c0000.11.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NL Hybrid.exe.64c0f08.10.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.NL Hybrid.exe.5d56f28.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NL Hybrid.exe.6c20000.12.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NL Hybrid.exe.6c20000.12.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NL Hybrid.exe.64c0f08.10.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NL Hybrid.exe.64c0000.11.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000003.1672793617.0000000005D56000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2734701441.0000000003014000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2737516864.0000000006C20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2737121958.00000000064C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000003.1682595717.0000000004E2A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                    Command and Scripting Interpreter                    		1
                    Scheduled Task/Job                    		1
                    Scheduled Task/Job                    		1
                    Masquerading                    		OS Credential Dumping1
                    System Time Discovery                    		Remote Services1
                    Archive Collected Data                    		11
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		LSASS Memory31
                    Security Software Discovery                    		Remote Desktop ProtocolData from Removable Media1
                    Ingress Tool Transfer                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain Accounts2
                    Native API                    		Logon Script (Windows)Logon Script (Windows)31
                    Virtualization/Sandbox Evasion                    		Security Account Manager31
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin SharesData from Network Shared Drive2
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                    Deobfuscate/Decode Files or Information                    		NTDS2
                    Process Discovery                    		Distributed Component Object ModelInput Capture13
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
                    Obfuscated Files or Information                    		LSA Secrets1
                    Application Window Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Software Packing                    		Cached Domain Credentials23
                    System Information Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    DLL Side-Loading                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    NL Hybrid.exe49%ReversingLabsWin32.Infostealer.Tinba
                    NL Hybrid.exe62%VirustotalBrowse
                    NL Hybrid.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://foo/bar/views/pages/dashboardpage.bamld0%Avira URL Cloudsafe
                    https://nlhybrid.xyz/app3/download/disco0%Avira URL Cloudsafe
                    https://nlhybrid.xyzD0%Avira URL Cloudsafe
                    http://fontello.comFluentSystemIcons-RegularRegularFluentSystemIcons-RegularFluentSystemIcons-Regula0%Avira URL Cloudsafe
                    https://www.discord.gg/namelessctX/C0%Avira URL Cloudsafe
                    https://nlhybrid.xyz/app1/download/OGmdnsNSP.dllZhttps://nlhybrid.xyz/app3/download/NLUtil.exe0%Avira URL Cloudsafe
                    https://nlhybrid.xyz/stats/0%Avira URL Cloudsafe
                    https://nlhybrid.xyz/app1/download/currentversion.json0%Avira URL Cloudsafe
                    https://nlhybrid.xyz/app2/login?username=0%Avira URL Cloudsafe
                    https://nlhybrid.xyz/app3/download/SplashScreen.png0%Avira URL Cloudsafe
                    https://nlhybrid.xyz/app3/download/f0%Avira URL Cloudsafe
                    https://nlhybrid.xyz/app3/download/RealSplashScreen.png?raw=true0%Avira URL Cloudsafe
                    https://fortnite-api.com/v2/cosmetics/br/search?0%Avira URL Cloudsafe
                    http://defaultcontainer/NL%20Hybrid;component/views/pages/dashboardpage.xamld0%Avira URL Cloudsafe
                    http://defaultcontainer/Wpf.Ui;component/Resources/Fonts/fluentsystemicons-regular.ttfd0%Avira URL Cloudsafe
                    http://foo/bar/views/pages/dashboardpage.baml0%Avira URL Cloudsafe
                    http://schemas.lepo.co/wpfui/2022/xaml0%Avira URL Cloudsafe
                    https://nlhybrid.xyz/app3/download/discord.png0%Avira URL Cloudsafe
                    https://nlhybrid.xyz/locker/clear/test/0%Avira URL Cloudsafe
                    https://nlhybrid.xyz/app10%Avira URL Cloudsafe
                    https://nlhybrid.xyz/app3/download/fn.png0%Avira URL Cloudsafe
                    http://fontello.comFluentSystemIcons-FilledRegularFluentSystemIcons-FilledFluentSystemIcons-FilledVe0%Avira URL Cloudsafe
                    https://nlhybrid.xyz/locker/reset/test/NSuccessfully0%Avira URL Cloudsafe
                    https://nlhybrid.xyz/app1vhttps://nlhybrid.xyz/app1/download/currentversion.json0%Avira URL Cloudsafe
                    https://nlhybrid.xyzvSoftware0%Avira URL Cloudsafe
                    https://nlhybrid.xyz/app3/download/mdnsNSP.dll0%Avira URL Cloudsafe
                    https://nlhybrid.xyz0%Avira URL Cloudsafe
                    https://nlhybrid.xyz/locker/remove/0%Avira URL Cloudsafe
                    http://foo/views/pages/dashboardpage.xaml0%Avira URL Cloudsafe
                    https://nlhybrid.xyz/locker/add/0%Avira URL Cloudsafe
                    https://nlhybrid.xyz/app3/download/discord.pngj/NL0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    nlhybrid.xyz
                    		104.21.24.64
                    		truetrue
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://nlhybrid.xyz/app3/download/fn.pngfalse
                      • Avira URL Cloud: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://account-public-service-prod.ol.epicgames.com/account/api/public/account/NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f8NL Hybrid.exe, 00000000.00000002.2738087250.0000000007840000.00000004.08000000.00040000.00000000.sdmpfalse
                          		high
                          https://aka.ms/toolkit/dotnetNL Hybrid.exe, 00000000.00000002.2738108174.0000000007850000.00000004.08000000.00040000.00000000.sdmpfalse
                            		high
                            https://nlhybrid.xyz/app3/download/discoNL Hybrid.exe, 00000000.00000002.2735477238.0000000003F66000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://fontello.comFluentSystemIcons-RegularRegularFluentSystemIcons-RegularFluentSystemIcons-RegulaNL Hybrid.exe, 00000000.00000002.2735477238.00000000040B9000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2739357964.0000000008C3D000.00000004.08000000.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://foo/bar/views/pages/dashboardpage.bamldNL Hybrid.exe, 00000000.00000002.2735477238.0000000003EF2000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.newtonsoft.com/jsonNL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2740147398.0000000009550000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://account-public-service-prod.ol.epicgames.com/account/api/oauth/tokenFgrant_type=device_code&NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://nlhybrid.xyzDNL Hybrid.exe, 00000000.00000002.2735477238.0000000003F66000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://nlhybrid.xyz/stats/NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://nlhybrid.xyz/app2/login?username=NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://nlhybrid.xyz/app1/download/currentversion.jsonNL Hybrid.exe, 00000000.00000002.2735477238.0000000003B29000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.discord.gg/namelessctX/CNL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://github.com/dotnet/runtimeNL Hybrid.exe, 00000000.00000002.2738066835.0000000007830000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2734291147.00000000028E0000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2738020279.0000000007710000.00000004.08000000.00040000.00000000.sdmpfalse
                                  		high
                                  https://github.com/lepoco/wpfuiNL Hybrid.exe, 00000000.00000003.1736201498.0000000007ACE000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2739357964.0000000008B40000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000003.1736201498.00000000079D2000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000003.1735555890.0000000004DFC000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://raw.githubusercontent.com/CommunityToolkit/dotnet/5320d4f621e145c60ef4180ea66fe57f12f0f58a/NL Hybrid.exe, 00000000.00000002.2738229369.00000000078D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://nlhybrid.xyz/app1/download/OGmdnsNSP.dllZhttps://nlhybrid.xyz/app3/download/NLUtil.exeNL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://nlhybrid.xyz/app3/download/SplashScreen.pngNL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://nlhybrid.xyz/app3/download/fNL Hybrid.exe, 00000000.00000002.2735477238.0000000003EF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://nlhybrid.xyz/app3/download/RealSplashScreen.png?raw=trueNL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://defaultcontainer/NL%20Hybrid;component/views/pages/dashboardpage.xamldNL Hybrid.exe, 00000000.00000002.2735477238.0000000003EF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://account-public-service-prod.ol.epicgames.com/account/api/oauth/exchangeNL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://nlhybrid.xyz/app1NL Hybrid.exe, 00000000.00000002.2735477238.0000000003B29000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://github.com/dotnet/corefx/tree/32b491939fbd125f304031c35038b1e14b4e39588NL Hybrid.exe, 00000000.00000002.2735477238.0000000004015000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004925000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameNL Hybrid.exe, 00000000.00000002.2735477238.0000000003B29000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://fortnite-api.com/v2/cosmetics/br/search?NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://github.com/JamesNK/Newtonsoft.JsonNL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2740147398.0000000009550000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://defaultcontainer/Wpf.Ui;component/Resources/Fonts/fluentsystemicons-regular.ttfdNL Hybrid.exe, 00000000.00000002.2735477238.0000000003EF2000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2735477238.0000000003E1D000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2735477238.0000000003E79000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2735477238.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2735477238.00000000040B9000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2735477238.0000000003EB3000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://github.com/dotnet/corefx/tree/32b491939fbd125f304031c35038b1e14b4e3958NL Hybrid.exe, 00000000.00000002.2739226077.0000000008930000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000003.1751993822.0000000004D61000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2735477238.0000000004015000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004925000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://schemas.lepo.co/wpfui/2022/xamlNL Hybrid.exe, 00000000.00000003.1736201498.0000000007ACE000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2735477238.0000000003EF2000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2739357964.0000000008B40000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000003.1736201498.00000000079D2000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2735477238.0000000003D24000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000003.1735555890.0000000004DFC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://github.com/CommunityToolkit/dotnetNL Hybrid.exe, 00000000.00000002.2738108174.0000000007850000.00000004.08000000.00040000.00000000.sdmpfalse
                                                  		high
                                                  https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4fNL Hybrid.exe, 00000000.00000002.2738087250.0000000007840000.00000004.08000000.00040000.00000000.sdmpfalse
                                                    		high
                                                    http://fontello.comNL Hybrid.exe, 00000000.00000003.1735555890.0000000004DFC000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000003.1754574936.0000000009453000.00000004.00000020.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000003.1755337806.0000000009453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://nlhybrid.xyz/app3/download/discord.pngNL Hybrid.exe, 00000000.00000002.2735477238.0000000003F66000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2735477238.0000000003D24000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://foo/bar/views/pages/dashboardpage.bamlNL Hybrid.exe, 00000000.00000002.2735477238.0000000003EF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://bstlar.com/Hb/nlproxykeyw/NLNL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://nlhybrid.xyz/locker/clear/test/NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://fontello.comFluentSystemIcons-FilledRegularFluentSystemIcons-FilledFluentSystemIcons-FilledVeNL Hybrid.exe, 00000000.00000003.1736201498.0000000007ACE000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2739357964.0000000008C3D000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000003.1735555890.0000000004DFC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://nlhybrid.xyz/app3/download/mdnsNSP.dllNL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://james.newtonking.com/projects/jsonNL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://nlhybrid.xyz/locker/reset/test/NSuccessfullyNL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://nlhybrid.xyz/app1vhttps://nlhybrid.xyz/app1/download/currentversion.jsonNL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://nlhybrid.xyzvSoftwareNL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://nlhybrid.xyz/locker/remove/NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://nlhybrid.xyzNL Hybrid.exe, 00000000.00000002.2735477238.0000000003B29000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://nlhybrid.xyz/locker/add/NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://www.newtonsoft.com/jsonschemaNL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://foo/views/pages/dashboardpage.xamlNL Hybrid.exe, 00000000.00000002.2735477238.0000000003EF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://www.nuget.org/packages/Newtonsoft.Json.BsonNL Hybrid.exe, 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2740147398.0000000009550000.00000004.08000000.00040000.00000000.sdmp, NL Hybrid.exe, 00000000.00000002.2736469369.0000000004C7E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://account-public-service-prod03.ol.epicgames.com/account/api/oauth/deviceAuthorizationNL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://nlhybrid.xyz/app3/download/discord.pngj/NLNL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://bstlar.com/keys/validate/NL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://account-public-service-prod03.ol.epicgames.com/account/api/oauth/token:grant_type=client_creNL Hybrid.exe, 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high

                                                                    World Map of Contacted IPs

                                                                    • No. of IPs < 25%
                                                                    • 25% < No. of IPs < 50%
                                                                    • 50% < No. of IPs < 75%
                                                                    • 75% < No. of IPs

                                                                    Public IPs

                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                    104.21.24.64
                                                                    		nlhybrid.xyzUnited States
                                                                    		13335CLOUDFLARENETUStrue

                                                                    General Information

                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                    Analysis ID:1582853
                                                                    Start date and time:2024-12-31 17:06:43 +01:00
                                                                    Joe Sandbox product:CloudBasic
                                                                    Overall analysis duration:0h 8m 10s
                                                                    Hypervisor based Inspection enabled:false
                                                                    Report type:full
                                                                    Cookbook file name:default.jbs
                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                    Run name:Run with higher sleep bypass
                                                                    Number of analysed new started processes analysed:6
                                                                    Number of new started drivers analysed:0
                                                                    Number of existing processes analysed:0
                                                                    Number of existing drivers analysed:0
                                                                    Number of injected processes analysed:0
                                                                    Technologies:
                                                                    • HCA enabled
                                                                    • EGA enabled
                                                                    • AMSI enabled
                                                                    Analysis Mode:default
                                                                    Analysis stop reason:Timeout
                                                                    Sample name:NL Hybrid.exe
                                                                    Detection:MAL
                                                                    Classification:mal84.troj.evad.winEXE@1/2@1/1
                                                                    EGA Information:
                                                                    • Successful, ratio: 100%
                                                                    HCA Information:
                                                                    • Successful, ratio: 91%
                                                                    • Number of executed functions: 230
                                                                    • Number of non-executed functions: 37
                                                                    Cookbook Comments:
                                                                    • Found application associated with file extension: .exe
                                                                    • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                    • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                    Warnings

                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                    • Excluded IPs from analysis (whitelisted): 184.28.90.27, 172.202.163.200, 52.149.20.212, 13.107.246.45
                                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                    Simulations

                                                                    Behavior and APIs

                                                                    No simulations

                                                                    Joe Sandbox View / Context

                                                                    IPs

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    104.21.24.64http://halffreesk.liveGet hashmaliciousUnknownBrowse

                                                                      Domains

                                                                      No context

                                                                      ASNs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      CLOUDFLARENETUSover.ps1Get hashmaliciousVidarBrowse
                                                                      • 172.64.41.3
                                                                      http://trezorbridge.org/Get hashmaliciousUnknownBrowse
                                                                      • 104.16.79.73
                                                                      http://knoxoms.comGet hashmaliciousUnknownBrowse
                                                                      • 188.114.97.3
                                                                      EdYEXasNiR.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                      • 188.114.96.3
                                                                      SMmAznmdAa.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.21.48.1
                                                                      DypA6KbLrn.lnkGet hashmaliciousUnknownBrowse
                                                                      • 104.21.87.65
                                                                      IOnqEVA4Dz.lnkGet hashmaliciousUnknownBrowse
                                                                      • 172.67.129.82
                                                                      HngJMpDqxP.lnkGet hashmaliciousUnknownBrowse
                                                                      • 188.114.97.3
                                                                      https://br.custmercompa.de/Get hashmaliciousUnknownBrowse
                                                                      • 172.67.139.222

                                                                      JA3 Fingerprints

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      54328bd36c14bd82ddaa0c04b25ed9adfile.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                      • 104.21.24.64
                                                                      PO_2024_056209_MQ04865_ENQ_1045.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                      • 104.21.24.64
                                                                      RtU8kXPnKr.exeGet hashmaliciousQuasarBrowse
                                                                      • 104.21.24.64
                                                                      PO_KB#67897.cmdGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                      • 104.21.24.64
                                                                      Requested Documentation.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                      • 104.21.24.64
                                                                      Dotc67890990.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                      • 104.21.24.64
                                                                      INQUIRY.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                      • 104.21.24.64
                                                                      Technonomic.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                      • 104.21.24.64
                                                                      HALKBANK EKSTRE.exeGet hashmaliciousMassLogger RATBrowse
                                                                      • 104.21.24.64

                                                                      Dropped Files

                                                                      No context

                                                                      Created / dropped Files

                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NL Hybrid.exe.log

                                                                      Download File
                                                                      Process:C:\Users\user\Desktop\NL Hybrid.exe
                                                                      File Type:ASCII text, with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):2898
                                                                      Entropy (8bit):5.353343974040986
                                                                      Encrypted:false
                                                                      SSDEEP:48:MIHK5HKlYHKh3ouHgJHreylHKoAH8EHitHo6hAHKzeSHajHKx1qHGicrEHKtHAHO:Pq5qlYqh3ou0aylqb5CtI6eqzTWqxw1C
                                                                      MD5:A6C7A231110DFAA739DC745D157C9EC2
                                                                      SHA1:626296948C9832FC53AEEAAE643F3CDF54E8507F
                                                                      SHA-256:4D41604F69F79878955A682BDD7F24DE92394D0CDB5BF9F0FA4F817536FC4A03
                                                                      SHA-512:A497C6BDDA1D1C16A730C13557D43BDD5B11A723331BB761433F48A715946F0B86BD96CFB3DE1CBAED5EB6F8409F5C0233947526A7742175A2A3E44DFC0548D9
                                                                      Malicious:true
                                                                      Reputation:low
                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\4d760e3e4675c4a4c66b64205fb0d001\WindowsBase.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\17470ef0c7a174f38bdcadacc3e310ad\PresentationCore.ni.dll",0..3,"System.Xaml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b7

                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF756B.tmp

                                                                      Download File
                                                                      Process:C:\Users\user\Desktop\NL Hybrid.exe
                                                                      File Type:PNG image data, 308 x 410, 8-bit/color RGBA, non-interlaced
                                                                      Category:dropped
                                                                      Size (bytes):175692
                                                                      Entropy (8bit):7.995265342657706
                                                                      Encrypted:true
                                                                      SSDEEP:3072:6RAONU05yBXKjqXYse0myyJo8wWQo8g7ohjh/MoGlHtjAT77LeTpl:6RlMXKjqXY73o/HogPM5JFAuTX
                                                                      MD5:8B2B1650095E3EE6724C94FB4184FC65
                                                                      SHA1:75BFDFE46262ED43EEB30109B53A7EE8E93DFB41
                                                                      SHA-256:9FDFBE3771FA905DB9E726F4F46A14B6B21363BD2341EF5EC67361F7E3E54530
                                                                      SHA-512:4FAF2E4219483C7B82188BCCF5D79B37F6381BEBCD696C0B901D756CEA923AC55FEC0FE770469A10566A0E28E54BFAE27A20036DB8D7EF69A2CBCDAAA0C5ED6F
                                                                      Malicious:false
                                                                      Reputation:low
                                                                      Preview:.PNG........IHDR...4............... .IDATx....%.Y&.E..w.^....].l.....`.3..;.. .3.0...,.3.5....2...$....4H....k..Uwuu.w......=.........{U.]].............._x.~.......}..M....^.....".}.v..?......W....+.b........^.>.c!....,u.z.}..zA.37rB.i;<..D.._tej..n..1..dD..B.g...1.7..t:.^..wzo.@^......k.9S...V.0..{.....wjC...{.HE.J...AMir'.%B......Jg.<.F....d}...W;..J=..:`..Bv........u.[.....$..*.....2...}.h\....`....m.FlL^....I-....+...F..%.}R...(.l"..+1.S....L.6...,........E..nQ...nn.X....V..Ld....m.M..R...".......n68.C..>Bu.}.....bx......._iF..t.^%diI..`..T..<........,&._[q.M..6.d......h#.....~..6.M..UEV...f...6.W..fh.x2...^..@..X...;a.^.......H4.{.z..W.f....v.O.F.....X9./}....q.........%..n}0....A.c.uj.....'.~...-;>.....k..(...5..H.o...Dy..8.0...E].y#h7...<...m.&..O.y.H.........ZgF..g..i.V...+...0..h.KT.......K@b.....a...0..T.v._.Z......./.8.....|..?...."n4./Ap....}.....'z..W!...........^....;......a..{]/...K.....nl_..I.F..C.....x..g.5D..

                                                                      Static File Info

                                                                      General

                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                      Entropy (8bit):7.997692654622295
                                                                      TrID:
                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                      File name:NL Hybrid.exe
                                                                      File size:6'482'432 bytes
                                                                      MD5:9758f9f6962c1b2244ac185c6fb4482f
                                                                      SHA1:ac2281ca5f67e2045eb0688ff5b720a77269cffc
                                                                      SHA256:8638581592e1368094aee96942006f6ed6161f58ed18b3492450c7c21dea133d
                                                                      SHA512:d31714fcd91c13f5f1ae78cadf5fa205538bcdbe1e2549a1a2310433cc3a36ac34855cf16eef00e153c7ec565666bd77ff29b3dce75e97cb229387df93af0618
                                                                      SSDEEP:196608:XmTCV2GK0Nu92FRI0C93iZPPBg/tOrQBg4:J2GH8nt3/iQB3
                                                                      TLSH:3566331631A39BF7EA700CF611C4CBB91CF63CA50F7A9757AADD21A81F2005676B29C1
                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......h..-,q.~,q.~,q.~2#.~?q.~...~+q.~,q.~\q.~2#n~.q.~2#i~.q.~2#{~-q.~Rich,q.~.................;......PE..L...t..P..........#........

                                                                      File Icon

                                                                      Icon Hash:b23969ccd47069b2

                                                                      Static PE Info

                                                                      General

                                                                      Entrypoint:0x40cd2f
                                                                      Entrypoint Section:.text
                                                                      Digitally signed:false
                                                                      Imagebase:0x400000
                                                                      Subsystem:windows gui
                                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                      DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                      Time Stamp:0x5000A574 [Fri Jul 13 22:47:16 2012 UTC]
                                                                      TLS Callbacks:
                                                                      CLR (.Net) Version:
                                                                      OS Version Major:5
                                                                      OS Version Minor:0
                                                                      File Version Major:5
                                                                      File Version Minor:0
                                                                      Subsystem Version Major:5
                                                                      Subsystem Version Minor:0
                                                                      Import Hash:bf5a4aa99e5b160f8521cadd6bfe73b8

                                                                      Entrypoint Preview

                                                                      Instruction
                                                                      call 00007F8914816436h
                                                                      jmp 00007F89148105F9h
                                                                      mov edi, edi
                                                                      push ebp
                                                                      mov ebp, esp
                                                                      sub esp, 20h
                                                                      mov eax, dword ptr [ebp+08h]
                                                                      push esi
                                                                      push edi
                                                                      push 00000008h
                                                                      pop ecx
                                                                      mov esi, 0041F058h
                                                                      lea edi, dword ptr [ebp-20h]
                                                                      rep movsd
                                                                      mov dword ptr [ebp-08h], eax
                                                                      mov eax, dword ptr [ebp+0Ch]
                                                                      pop edi
                                                                      mov dword ptr [ebp-04h], eax
                                                                      pop esi
                                                                      test eax, eax
                                                                      je 00007F891481075Eh
                                                                      test byte ptr [eax], 00000008h
                                                                      je 00007F8914810759h
                                                                      mov dword ptr [ebp-0Ch], 01994000h
                                                                      lea eax, dword ptr [ebp-0Ch]
                                                                      push eax
                                                                      push dword ptr [ebp-10h]
                                                                      push dword ptr [ebp-1Ch]
                                                                      push dword ptr [ebp-20h]
                                                                      call dword ptr [0041B000h]
                                                                      leave
                                                                      retn 0008h
                                                                      ret
                                                                      mov eax, 00413563h
                                                                      mov dword ptr [004228E4h], eax
                                                                      mov dword ptr [004228E8h], 00412C4Ah
                                                                      mov dword ptr [004228ECh], 00412BFEh
                                                                      mov dword ptr [004228F0h], 00412C37h
                                                                      mov dword ptr [004228F4h], 00412BA0h
                                                                      mov dword ptr [004228F8h], eax
                                                                      mov dword ptr [004228FCh], 004134DBh
                                                                      mov dword ptr [00422900h], 00412BBCh
                                                                      mov dword ptr [00422904h], 00412B1Eh
                                                                      mov dword ptr [00422908h], 00412AABh
                                                                      ret
                                                                      mov edi, edi
                                                                      push ebp
                                                                      mov ebp, esp
                                                                      call 00007F89148106EBh
                                                                      call 00007F8914816F70h
                                                                      cmp dword ptr [ebp+00h], 00000000h

                                                                      Rich Headers

                                                                      Programming Language:
                                                                      • [ASM] VS2008 build 21022
                                                                      • [IMP] VS2005 build 50727
                                                                      • [C++] VS2008 build 21022
                                                                      • [ C ] VS2008 build 21022
                                                                      • [LNK] VS2008 build 21022

                                                                      Data Directories

                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x215b40x50.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x260000x60c978.rsrc
                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x1b1c00x1c.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x20da00x40.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x1b0000x184.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                      Sections

                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                      .text0x10000x197180x198007e0293b3adaf38eb399a7a96a2662023False0.5789483762254902data6.748587638365796IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                      .rdata0x1b0000x6db40x6e005826801f33fc1b607aa8e942aa92e9faFalse0.5467329545454546data6.442956247632331IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                      .data0x220000x30c00x16002fe51a72ede820cd7cf55a77ba59b1f4False0.3126775568181818data3.2625868398009703IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                      .rsrc0x260000x60c9780x60ca00b91b567d97c71ad8e52b958fe9467e5eunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                      Resources

                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                      RT_ICON0x261b40xe98Device independent bitmap graphic, 32 x 56 x 32, image size 3584, resolution 3779 x 3779 px/m0.3498394004282655
                                                                      RT_RCDATA0x2704c0x60a841data1.0003108978271484
                                                                      RT_RCDATA0x6318900x20data1.28125
                                                                      RT_GROUP_ICON0x6318b00x14data1.1
                                                                      RT_VERSION0x6318c40x35edata0.425754060324826
                                                                      RT_MANIFEST0x631c240xd53XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.38463793608912344

                                                                      Imports

                                                                      DLLImport
                                                                      KERNEL32.dllRaiseException, GetLastError, MultiByteToWideChar, lstrlenA, InterlockedDecrement, GetProcAddress, LoadLibraryA, FreeResource, SizeofResource, LockResource, LoadResource, FindResourceA, GetModuleHandleA, Module32Next, CloseHandle, Module32First, CreateToolhelp32Snapshot, GetCurrentProcessId, SetEndOfFile, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, GetLocaleInfoA, HeapFree, GetProcessHeap, HeapAlloc, GetCommandLineA, HeapCreate, VirtualFree, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, HeapSize, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetModuleHandleW, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, ReadFile, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, FlushFileBuffers, SetFilePointer, SetHandleCount, GetFileType, GetStartupInfoA, RtlUnwind, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, CompareStringA, CompareStringW, SetEnvironmentVariableA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetStdHandle, CreateFileA
                                                                      ole32.dllOleInitialize
                                                                      OLEAUT32.dllSafeArrayCreate, SafeArrayAccessData, SafeArrayUnaccessData, SafeArrayDestroy, SafeArrayCreateVector, VariantClear, VariantInit, SysFreeString, SysAllocString

                                                                      Network Behavior

                                                                      Network Port Distribution

                                                                      TCP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Dec 31, 2024 17:07:41.315337896 CET49730443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:41.315376997 CET44349730104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:41.315448046 CET49730443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:41.384154081 CET49730443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:41.384180069 CET44349730104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:41.958873987 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:41.958924055 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:41.959001064 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:41.970146894 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:41.970163107 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:41.983609915 CET49734443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:41.983709097 CET44349734104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:41.983800888 CET49734443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:41.984159946 CET49734443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:41.984198093 CET44349734104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.055228949 CET44349730104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.055336952 CET49730443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.066656113 CET49730443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.066679001 CET44349730104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.066973925 CET44349730104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.115098953 CET49730443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.447336912 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.447412968 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.454490900 CET44349734104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.454582930 CET49734443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.561496019 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.561530113 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.561929941 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.576260090 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.598282099 CET49734443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.598316908 CET44349734104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.598890066 CET44349734104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.619337082 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.700638056 CET49730443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.700752974 CET44349730104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.700891972 CET49730443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.701363087 CET49734443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.701488972 CET44349734104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.701543093 CET49734443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.721939087 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.721986055 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.722018003 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.722047091 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.722069025 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.722080946 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.722095013 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.722095966 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.722131014 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.722680092 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.722726107 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.723176956 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.723226070 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.723234892 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.723412037 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.726618052 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.812433004 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.812467098 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.812495947 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.812524080 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.812551975 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.812593937 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.812609911 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.812740088 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.812762022 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.812769890 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.812799931 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.812813044 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.812819958 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.812844038 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.812849045 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.813620090 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.813654900 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.813677073 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.813689947 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.813711882 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.813721895 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.813764095 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.813791990 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.813802958 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.813808918 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.813831091 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.814565897 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.814594984 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.814615011 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.814620972 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.814659119 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.814688921 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.814704895 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.814713001 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.814723969 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.880815029 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.880825043 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.903346062 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.903386116 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.903417110 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.903449059 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.903485060 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.903491974 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.903493881 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.903532028 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.903553963 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.903799057 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.903834105 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.903841019 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.903847933 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.903866053 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.903866053 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.903879881 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.903886080 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.903911114 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.904387951 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.904441118 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.904448032 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.904481888 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.904541969 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.904550076 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.905400991 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.905436993 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.905448914 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.905456066 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.905469894 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.905492067 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.905515909 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.905520916 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.905631065 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.906270027 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.906308889 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.906322956 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.906330109 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.906352997 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.906368017 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.906374931 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.906383991 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.906421900 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.907236099 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.907273054 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.907279968 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.907285929 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.907321930 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.990117073 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.993798018 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.993815899 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.993864059 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.993864059 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.993899107 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.993913889 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.993921995 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.993946075 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.994204998 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.994235992 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.994252920 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.994266033 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.994278908 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.994550943 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.994595051 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.994601011 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.994612932 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.994654894 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.994662046 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.995059013 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.995100975 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.995110035 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.995121002 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.995147943 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.995187998 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.995223999 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.995230913 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.995239973 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.995270014 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.995287895 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.995326042 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.995332003 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.995527029 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.996032953 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.996072054 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.996077061 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.996083021 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.996115923 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.996153116 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.996210098 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.996227026 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.996273994 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:42.996754885 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.996804953 CET44349733104.21.24.64192.168.2.4
                                                                      Dec 31, 2024 17:07:42.997044086 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:43.047549009 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:43.097311020 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:43.106657028 CET49733443192.168.2.4104.21.24.64
                                                                      Dec 31, 2024 17:07:43.106692076 CET44349733104.21.24.64192.168.2.4

                                                                      UDP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Dec 31, 2024 17:07:41.294410944 CET5592053192.168.2.41.1.1.1
                                                                      Dec 31, 2024 17:07:41.304517031 CET53559201.1.1.1192.168.2.4

                                                                      DNS Queries

                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                      Dec 31, 2024 17:07:41.294410944 CET192.168.2.41.1.1.10x2590Standard query (0)nlhybrid.xyzA (IP address)IN (0x0001)false

                                                                      DNS Answers

                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                      Dec 31, 2024 17:07:41.304517031 CET1.1.1.1192.168.2.40x2590No error (0)nlhybrid.xyz104.21.24.64A (IP address)IN (0x0001)false
                                                                      Dec 31, 2024 17:07:41.304517031 CET1.1.1.1192.168.2.40x2590No error (0)nlhybrid.xyz172.67.217.81A (IP address)IN (0x0001)false

                                                                      HTTP Request Dependency Graph

                                                                      • nlhybrid.xyz

                                                                      HTTPS Proxied Packets

                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      0192.168.2.449733104.21.24.644435672C:\Users\user\Desktop\NL Hybrid.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-12-31 16:07:42 UTC246OUTGET /app3/download/fn.png HTTP/1.1
                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                      Host: nlhybrid.xyz
                                                                      Connection: Keep-Alive
                                                                      2024-12-31 16:07:42 UTC960INHTTP/1.1 200 OK
                                                                      Date: Tue, 31 Dec 2024 16:07:42 GMT
                                                                      Content-Type: image/png
                                                                      Content-Length: 219821
                                                                      Connection: close
                                                                      Content-Disposition: attachment; filename=fn.png
                                                                      Last-Modified: Fri, 06 Dec 2024 00:16:55 GMT
                                                                      Cache-Control: max-age=14400
                                                                      ETag: "1733444215.0149584-219821-2091977069"
                                                                      CF-Cache-Status: REVALIDATED
                                                                      Accept-Ranges: bytes
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m5WGGp9EOc5nBTJbVamjOjBaWEUw%2FBNX66CFPCwwnoVGUVpza3Y5s3rjkSymeppkSI1nfHNgoxZQWRv1f5igBqCgpUOh4Plje%2FFI3YrygWAD5dmnMGkUYr8Tysoyiuw%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8fab862b6d6842b1-EWR
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1577&min_rtt=1573&rtt_var=599&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2828&recv_bytes=860&delivery_rate=1811414&cwnd=211&unsent_bytes=0&cid=27e76752dc199567&ts=283&x=0"
                                                                      2024-12-31 16:07:42 UTC409INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 34 00 00 01 9a 08 06 00 00 00 81 97 bf 01 00 00 20 00 49 44 41 54 78 9c ec bd 07 b4 25 c9 59 26 f8 45 9a eb 9f 77 f5 5e d9 2e d3 d5 5d ed bb 85 6c cb 1b 90 84 e0 60 05 33 c0 b2 3b 87 c3 20 96 33 cc 30 b0 b3 ec 2c cc 9e 33 c3 9c 35 c0 02 cb cc 32 0b 07 e1 24 10 92 06 8d 34 48 8c 0c 92 90 6b b5 da 55 77 75 75 97 77 cf fb eb ef cd cc 88 3d ff 1f 99 f7 e6 cd eb f2 d6 7b 55 dd 5d 5d 7f 9f d7 af de bd 99 91 11 91 11 7f fc e6 fb ff 5f 78 7f 7e 9f c2 b8 c0 a0 a4 94 ea 7d c7 e0 4d ee 2e f5 ea 5e c7 ef 94 df e9 f0 97 22 f2 7d 8c 76 94 ff 3f d5 ef 9a 9e 9d e9 f0 fc 57 08 c5 1e db 2b 89 62 be 87 97 e3 eb ea f7 0a 5e c2 3e f7 63 21 83 92 d8 04 2c 75 0c 7a d4 7d 07 d6 7a 41 a3 33 37 72 42 06 69 3b 3c 84 e8 44 a9
                                                                      Data Ascii: PNGIHDR4 IDATx%Y&Ew^.]l`3; 30,352$4HkUwuuw={U]]_x~}M.^"}v?W+b^>c!,uz}zA37rBi;<D
                                                                      2024-12-31 16:07:42 UTC1369INData Raw: 32 a6 0e 13 7d ab 68 5c b7 e9 e6 d3 ab 60 ed dc 08 9e 6d f1 46 6c 4c 5e e4 11 dd cc 49 2d 97 ec e2 cc 2b a3 e7 d7 46 d0 0f 25 9a 7d 52 a2 eb c4 28 7f 6c 22 e0 a8 d7 2b 31 f5 53 9f c2 c6 80 db 4c ec 36 dd a6 97 8c 2c 96 ce 02 09 ad 97 a8 d2 45 e3 0c 6e 51 bd d8 ed 6e 6e f2 58 12 90 cf bc a2 56 c7 01 4c 64 f1 ae eb d3 fe 6d ba 4d b7 e9 a6 52 ab 84 d6 22 91 f5 11 08 a3 f6 aa 6e 36 38 d5 43 8a 8b 3e 42 75 d3 7d fd af db ae ef a0 85 f6 62 78 9d 9c 03 d1 b6 e2 d8 e1 5f 69 46 ef db 74 9b 5e 25 64 69 49 a6 c3 60 bb f9 54 07 f2 3c 0e c6 14 fb b7 d7 e7 b3 8e 0c 2c 26 dc a2 5f 5b 71 db b8 4d b7 e9 36 bd 64 d4 9d a1 a1 0b f3 1a 68 23 ab ae cd f4 ba 7e d7 e8 36 d3 b9 4d b7 e9 55 45 56 cf c1 de 66 08 b7 e9 36 dd a6 57 10 f5 66 68 af 78 32 00 e5 02 5e b1 fb 40 84 0d 58
                                                                      Data Ascii: 2}h\`mFlL^I-+F%}R(l"+1SL6,EnQnnXVLdmMR"n68C>Bu}bx_iFt^%diI`T<,&_[qM6dh#~6MUEVf6Wfhx2^@X
                                                                      2024-12-31 16:07:42 UTC1369INData Raw: 02 e3 f0 af 40 9e ff 3f 20 46 ee 1f f8 fe 57 34 11 13 aa 2d 6b 49 82 22 28 a2 54 73 b4 d4 14 6b 22 2d a0 72 95 d5 3c 31 f2 81 ee 97 8d bc 06 6a e9 af 80 cc b1 26 d3 23 06 97 98 82 71 e8 43 5d ef 53 f3 1f 05 64 1f a0 a8 74 60 ec fb 1f 20 f6 7c 00 b0 47 3a 5f 93 3d 0c e3 d8 ff 02 35 f5 7e c8 a7 7e 54 4b 52 e9 c3 4d 69 8a bc b6 43 27 20 46 1e e9 dc 0f 23 0d e3 f8 bf 86 d8 ff 13 ed 63 1b 7f 03 d4 ca 67 80 c5 4f 40 4c 7d 77 f7 bc 82 f9 33 5a 15 66 86 e6 cf 5d 75 9e a5 53 e3 e1 bf 86 98 fe 9e ce 37 9a 36 c4 d4 bb 60 4e bd 0b ea ea 9f 02 ce 36 90 e8 e1 7c b8 c5 e9 36 43 eb 42 c6 dd bf 01 b5 fa 39 a0 72 21 9e 5a 73 ab 50 6a 2f 8c d7 7d b6 3b ec 82 ec 38 c9 b9 98 83 15 40 72 06 f2 c2 6f c2 9c fb a0 96 38 3a 5d 35 f9 4e c8 f9 3f 6b dd eb f5 55 88 d9 1f ef de 74 75
                                                                      Data Ascii: @? FW4-kI"(Tsk"-r<1j&#qC]Sdt` |G:_=5~~TKRMiC' F#cgO@L}w3Zf]uS76`N6|6CB9r!ZsPj/};8@ro8:]5N?kUtu
                                                                      2024-12-31 16:07:42 UTC1369INData Raw: a9 de 36 b8 40 9a 8b 43 04 bc 75 d6 3a 27 c4 bc 2e 52 7d d4 e9 4e 0c 8b 16 ba 78 d5 c3 36 6e 0a 43 eb c4 90 5e 2e f8 3f 66 68 dc 99 24 54 62 1c ee d3 3f 03 f3 6d 27 81 c4 70 0b 03 14 dd 16 8a e8 5e b9 bd ff c3 a5 0e 96 56 b5 f8 31 a3 71 6a 20 ec 94 58 d5 ec a2 72 f6 4b 45 de 93 0c 08 92 8c ae fd 69 47 86 46 cc d4 20 90 aa 1f 0b 19 25 c2 b2 29 ca ba 3b 7c ef 60 e3 b7 27 a1 28 7c 88 73 86 e9 54 dc 82 85 9a 3d 5d 6f 51 4e 89 63 25 39 f0 bc 1f 79 85 9d e7 33 6b 90 a1 61 2b 4e 8f da 00 e4 dd 65 89 53 fa 29 d5 05 3b 1e 04 c5 83 de 66 68 bb 4f 61 66 f5 ca 01 2e 7b 10 a9 7d 50 f9 93 90 cf fd 33 18 0f ff b1 9f 34 4f 6f 1c d5 b5 4e a9 8e 24 94 52 f1 a5 8d 4a f2 2a c6 d8 49 ad e0 b4 df 35 3f db 43 3f f2 4f 6e 0e c9 79 25 2e 5c 09 64 0e 68 a3 7e e9 22 90 6d 37 7c 1b
                                                                      Data Ascii: 6@Cu:'.R}Nx6nC^.?fh$Tb?m'p^V1qj XrKEiGF %);|`'(|sT=]oQNc%9y3ka+NeS);fhOaf.{}P34OoN$RJ*I5?C?Ony%.\dh~"m7|
                                                                      2024-12-31 16:07:42 UTC1369INData Raw: 2b 68 21 64 93 15 7e 83 c1 67 41 44 07 c4 4d 45 0c 04 5e 9b eb 12 0e c9 16 51 5b 86 77 e6 b7 3a 1b 4c 09 36 51 78 11 8a 54 19 d5 34 46 37 99 9a 03 64 ef 04 b6 be 05 f9 f4 cf 41 0c dd d9 de 46 00 66 2c 9e 86 b2 a7 1b 53 23 52 04 22 fd 26 bc f3 bf ed cf db 6e 20 c8 0d a8 c2 69 08 62 6a d7 f3 12 08 82 b0 f5 0d 48 bf 4f e1 59 15 c1 58 ea 5b da 59 61 76 69 9f 9e 5d 3c dd b1 0d 04 6d 10 7e cb ab 74 45 fb 33 71 e4 c0 38 d4 fa 57 75 cd 01 3b d3 c6 af 58 62 5a fe af 3a b5 34 c5 7a 76 3a b2 ed 29 a0 72 4e cf 33 3a 58 9e 2b 0b 10 b9 49 a8 53 ff 23 e4 da 97 20 e6 7e 08 82 62 46 7d 70 30 d5 14 50 1b 5f 83 bc f6 17 50 db 8f 41 10 33 8b d4 37 10 a9 3d 50 cb 9f 86 57 bd d6 0e df e1 39 db d6 76 4d 8e dd ec 40 f4 39 4d cb 99 ff 4d a7 ff ee d0 86 da 7a 92 d7 4c f3 bd 2a 9d
                                                                      Data Ascii: +h!d~gADME^Q[w:L6QxT4F7dAFf,S#R"&n ibjHOYX[Yavi]<m~tE3q8Wu;XbZ:4zv:)rN3:X+IS# ~bF}p0P_PA37=PW9vM@9MMzL*
                                                                      2024-12-31 16:07:42 UTC1369INData Raw: 18 ec 7a 44 e5 8c a3 52 b5 00 6f 49 f5 54 a2 79 88 d2 81 2b 55 c3 a4 06 f4 df dc 61 d5 32 2e 23 53 fe 85 1d 13 47 f6 1b c3 80 d4 7f 4f a9 f6 13 37 72 4f e7 f7 18 e7 e5 de 22 1b 5a f9 79 f2 41 1e cf 4d 8d a9 22 e6 06 9d 6c 91 f1 6a 94 0f 8e 72 7b c1 cf 2f 16 93 6e 45 1b 5a e7 35 b7 1b 6b e1 fa 9c 78 4d 53 53 ab 08 17 48 48 71 db 93 bb 2c ad 75 92 d0 ac f0 97 fd 5b 68 97 97 55 c8 9e 46 b6 5b 49 7f 1b a1 88 82 a8 83 21 f4 bc 36 67 44 cf ce b7 33 b0 4e d7 bf 24 87 7a 0c a6 dd 7e 4b ff 8e de 2a f2 89 08 18 17 61 c9 e8 c7 e8 12 41 b0 03 a7 d1 6e d1 4d 61 90 d7 a1 2a ef 64 98 cd 21 75 d6 60 44 48 b5 e8 35 fe 16 e6 16 b2 bb 0d c2 d8 94 1f 44 bf 5b 6c 2d ca 5e 9a a1 4f 71 67 2c c8 cf df b8 de 1f 99 d4 d1 90 ac 72 fa a9 52 74 78 5e d4 ae b6 33 46 d6 4b 8a eb b7 b8
                                                                      Data Ascii: zDRoITy+Ua2.#SGO7rO"ZyAM"ljr{/nEZ5kxMSSHHq,u[hUF[I!6gD3N$z~K*aAnMa*d!u`DH5D[l-^Oqg,rRtx^3FK
                                                                      2024-12-31 16:07:42 UTC1369INData Raw: c6 d2 2f bf fb 5b 95 3b 29 ee d7 81 94 d1 94 e1 0d 3e 82 bd c6 d3 a5 0c 4e 2c bd 30 84 11 64 4b 85 ae 7a ae af f2 8d 93 c1 8b 8d 8e 2b da df 57 6f b9 fc 5b 96 fa 30 f5 96 25 11 61 7e 22 f2 7d f8 df 51 46 a8 ad 21 cd 1c 5a 54 98 43 46 4f ec d0 b5 82 37 a2 e8 d0 56 f3 21 86 69 86 fa 45 d2 9c e9 a7 93 ee 30 2e 83 64 33 93 19 5b 50 53 a0 b1 ee b9 28 8c d2 b6 eb 90 3a 2e c2 1a 80 61 c0 12 94 c9 d6 85 0d 1b 46 22 81 64 c2 e6 b0 21 62 3b 86 aa 43 09 9b 25 2c e9 7a 2c 45 59 42 4b 84 c2 34 78 0c 6c 12 97 06 60 4a 28 5b 31 13 6a 24 3f f5 5c 28 c2 70 71 0c 6e 42 ab df ca cf 16 4c ff 36 6d 2d 8d 98 26 54 bd 0e d8 a6 cf cc 94 3e 49 68 4c 24 9c 58 09 fd 19 97 ee b3 20 48 e0 09 a4 51 b2 57 7b 8a 55 67 62 45 ae b4 58 ac b6 ac 8e 05 18 48 12 32 3a 48 39 9a f4 e7 7d c2 52
                                                                      Data Ascii: /[;)>N,0dKz+Wo[0%a~"}QF!ZTCFO7V!iE0.d3[PS(:.aF"d!b;C%,z,EYBK4xl`J([1j$?\(pqnBL6m-&T>IhL$X HQW{UgbEXH2:H9}R
                                                                      2024-12-31 16:07:42 UTC1369INData Raw: 07 ae 56 2d 49 8c 32 d9 a3 a8 15 3b d6 d6 38 22 c8 68 30 5a 9e ef 86 47 59 4f 36 db f8 02 db a1 af fe 32 23 b6 4c 4e 13 45 cc 4a 32 63 53 b0 48 5a a3 cf 7d 6f 30 4b 60 b2 a9 c6 d3 b5 2a c0 a3 b1 e9 89 9e 6f ea cf 7c 2f 2a 4b 68 96 9f 5b 9d 0c 9b d4 46 d2 b4 60 27 7c 3d db 51 b0 5d a0 ee 08 54 3d b7 71 8e a8 1b bc fd 68 c1 e5 46 86 31 35 33 8d 8b a7 9e 87 5b ab 23 c1 83 95 50 16 70 f4 d8 11 56 43 e9 74 20 46 22 6c 83 55 38 c7 30 1a 8b dc bb 09 22 4e b0 69 99 85 d2 02 70 6a 90 d5 12 2c 78 f0 84 a9 25 5a c3 b7 01 39 75 c8 5a 55 6f 26 43 ab 24 61 8a 9e e8 b7 42 8e d6 7e 36 38 23 b4 fe 1b 36 45 36 3e cb 8e 90 b3 00 ae 64 aa 00 d2 d0 fe 9c 86 14 a6 ff 62 bb 8f a9 85 08 56 57 a5 cf d8 a2 2a 74 3b c3 6a 25 15 95 a0 a2 83 89 7c 20 c3 26 15 d5 2e c1 ed 36 05 2a 71
                                                                      Data Ascii: V-I2;8"h0ZGYO62#LNEJ2cSHZ}o0K`*o|/*Kh[F`'|=Q]T=qhF153[#PpVCt F"lU80"Nipj,x%Z9uZUo&C$aB~68#6E6>dbVW*t;j%| &.6*q
                                                                      2024-12-31 16:07:42 UTC1369INData Raw: a3 32 84 f4 99 a9 6a 78 39 15 c3 42 54 23 d2 52 f8 9e 5a c3 df bf 04 53 69 30 31 61 84 fa 81 96 b9 34 7f f9 97 7e e9 df b4 c6 57 f9 86 54 61 34 5d b8 b4 f9 24 49 68 0e 54 23 c7 7b 87 04 48 2a 48 5b ab 27 c8 08 40 78 75 47 23 8a c9 ce 24 1d 1d f6 42 2a 09 e3 53 64 33 e9 ad d2 9f 99 be a8 4c 72 be 45 e2 a8 07 ec 99 99 c1 c4 f8 04 9e 3f 75 0a d5 5a 8d dd b4 74 7a 96 ca 65 0e 4c b3 12 96 36 5c 92 94 e4 f9 27 3b 01 ed fc 71 f0 1c 84 6a f2 a9 a8 ca d4 4d 35 ed f6 b9 2f f4 52 7f e9 45 6c af af b1 5b 99 a4 84 54 26 85 62 a1 84 6c 26 a3 a1 23 d5 3a b6 56 56 91 49 26 b5 1a 40 35 5f d3 19 76 22 ac 2d af f2 c2 c9 64 d2 6c 77 68 84 73 89 d0 7c 76 f8 61 ef 4f 97 ef d0 25 35 4b e0 5d eb f6 d3 62 b7 ee 33 0f 81 2d ab 99 b0 58 e8 d3 95 df 9f ff 1e fd 1f 5b ea 39 0a 7e 0c
                                                                      Data Ascii: 2jx9BT#RZSi01a4~WTa4]$IhT#{H*H['@xuG#$B*Sd3LrE?uZtzeL6\';qjM5/REl[T&bl&#:VVI&@5_v"-dlwhs|vaO%5K]b3-X[9~
                                                                      2024-12-31 16:07:42 UTC1369INData Raw: 8d 61 64 64 04 a9 5c 16 55 d2 20 12 36 c6 26 c7 31 35 35 85 99 c9 09 28 3b 81 c9 99 49 fc f0 07 7f 04 a7 f6 1e c0 d7 3e ff 79 ac 5c 9b 47 61 71 19 63 d3 63 98 da 37 87 62 3e 8f 82 a5 5d f8 9e 53 63 26 ba bd b2 82 7a b9 84 ca d6 16 b6 d6 56 e1 9d 7a 1e 77 3e f8 10 f6 1c 3c 04 99 50 b8 eb f8 11 7c ed d9 d3 58 38 23 f9 7d 4f 7b 12 99 84 09 91 4e a0 5c 29 22 97 cd c1 0b 95 d7 a3 75 3f 96 1b c6 ea b5 05 2c 9c bb 80 83 c7 8f a2 4c d0 a5 48 95 29 e1 a3 17 9a 91 33 fe bf 77 01 91 d1 af 09 2f a4 ce 36 e4 a6 d0 be d5 c1 e1 aa e1 ac 30 42 b8 12 c1 b1 a2 81 54 e8 a3 f3 1b 4e 0c c9 ac 91 0e 46 66 1e 52 b5 b9 28 7c 1c c1 40 e3 69 8d 37 35 9a 01 9d a1 ef d9 eb 49 4c ae 11 de 28 1a 41 fd 71 a9 23 43 6b 52 13 b9 0d 76 0c 08 a4 cd 24 2c 4f c0 76 04 ea 64 80 37 04 1c 8e a9
                                                                      Data Ascii: add\U 6&155(;I>y\Gaqcc7b>]Sc&zVzw><P|X8#}O{N\)"u?,LH)3w/60BTNFfR(|@i75IL(Aq#CkRv$,Ovd7


                                                                      Statistics

                                                                      CPU Usage

                                                                      Click to jump to process

                                                                      Memory Usage

                                                                      Click to jump to process

                                                                      High Level Behavior Distribution

                                                                      Click to dive into process behavior distribution

                                                                      System Behavior

                                                                      General

                                                                      Target ID:0
                                                                      Start time:11:07:33
                                                                      Start date:31/12/2024
                                                                      Path:C:\Users\user\Desktop\NL Hybrid.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Users\user\Desktop\NL Hybrid.exe"
                                                                      Imagebase:0x400000
                                                                      File size:6'482'432 bytes
                                                                      MD5 hash:9758F9F6962C1B2244AC185C6FB4482F
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_TitaniumProxy, Description: Yara detected Titanium Proxy, Source: 00000000.00000003.1751993822.0000000004D61000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_TitaniumProxy, Description: Yara detected Titanium Proxy, Source: 00000000.00000002.2739113849.00000000086C0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_TitaniumProxy, Description: Yara detected Titanium Proxy, Source: 00000000.00000002.2736469369.0000000004A25000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_TitaniumProxy, Description: Yara detected Titanium Proxy, Source: 00000000.00000002.2736469369.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000003.1672793617.0000000005D56000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1672793617.0000000005D56000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2734701441.0000000003014000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2734701441.0000000003014000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2737516864.0000000006C20000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2737516864.0000000006C20000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2737121958.00000000064C0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2737121958.00000000064C0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000003.1682595717.0000000004E2A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1682595717.0000000004E2A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2735477238.0000000003921000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      Reputation:low
                                                                      Has exited:true

                                                                      Disassembly

                                                                      Reset < >

                                                                        Execution Graph

                                                                        Execution Coverage:5.5%
                                                                        Dynamic/Decrypted Code Coverage:4%
                                                                        Signature Coverage:14.9%
                                                                        Total number of Nodes:329
                                                                        Total number of Limit Nodes:31
                                                                        execution_graph 59462 40ad50 59465 40b84d 59462->59465 59466 40b900 59465->59466 59467 40b85f 59465->59467 59492 40d2e3 6 API calls __decode_pointer 59466->59492 59469 40b870 59467->59469 59475 40ad5f 59467->59475 59476 40b8bc RtlAllocateHeap 59467->59476 59478 40b8ec 59467->59478 59481 40b8f1 59467->59481 59488 40b7fe 63 API calls 4 library calls 59467->59488 59489 40d2e3 6 API calls __decode_pointer 59467->59489 59469->59467 59483 40ec4d 63 API calls 2 library calls 59469->59483 59484 40eaa2 63 API calls 7 library calls 59469->59484 59485 40e7ee 59469->59485 59470 40b906 59493 40bfc1 63 API calls __getptd_noexit 59470->59493 59476->59467 59490 40bfc1 63 API calls __getptd_noexit 59478->59490 59491 40bfc1 63 API calls __getptd_noexit 59481->59491 59483->59469 59484->59469 59494 40e7c3 GetModuleHandleW 59485->59494 59488->59467 59489->59467 59490->59481 59491->59475 59492->59470 59493->59475 59495 40e7d7 GetProcAddress 59494->59495 59496 40e7ec ExitProcess 59494->59496 59495->59496 59497 40e7e7 CorExitProcess 59495->59497 59497->59496 59892 29050e0 59893 29050e9 59892->59893 59895 29079cc 59892->59895 59898 290dc20 59895->59898 59900 290dc33 59898->59900 59902 290dcd8 59900->59902 59903 290dd20 VirtualProtect 59902->59903 59905 29079eb 59903->59905 59498 40cbf7 59499 40cc08 59498->59499 59533 40d534 HeapCreate 59499->59533 59502 40cc46 59535 41087e GetModuleHandleW 59502->59535 59506 40cc57 __RTC_Initialize 59569 411a15 59506->59569 59509 40cc66 59510 40cc72 GetCommandLineA 59509->59510 59703 40e79a 63 API calls 3 library calls 59509->59703 59584 412892 59510->59584 59513 40cc71 59513->59510 59517 40cc97 59623 41255f 59517->59623 59523 40ccb0 59525 40ccbb 59523->59525 59706 40e79a 63 API calls 3 library calls 59523->59706 59524 40cca8 59638 40e859 59524->59638 59644 4019f0 OleInitialize 59525->59644 59528 40ccd8 59529 40ccea 59528->59529 59698 40ea0a 59528->59698 59707 40ea36 63 API calls _doexit 59529->59707 59532 40ccef ___lock_fhandle 59534 40cc3a 59533->59534 59534->59502 59701 40cbb4 63 API calls 3 library calls 59534->59701 59536 410892 59535->59536 59537 410899 59535->59537 59708 40e76a Sleep GetModuleHandleW 59536->59708 59539 410a01 59537->59539 59540 4108a3 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 59537->59540 59730 410598 7 API calls __decode_pointer 59539->59730 59542 4108ec TlsAlloc 59540->59542 59541 410898 59541->59537 59545 40cc4c 59542->59545 59546 41093a TlsSetValue 59542->59546 59545->59506 59702 40cbb4 63 API calls 3 library calls 59545->59702 59546->59545 59547 41094b 59546->59547 59709 40ea54 6 API calls 4 library calls 59547->59709 59549 410950 59710 41046e TlsGetValue 59549->59710 59552 41046e __encode_pointer 6 API calls 59553 41096b 59552->59553 59554 41046e __encode_pointer 6 API calls 59553->59554 59555 41097b 59554->59555 59556 41046e __encode_pointer 6 API calls 59555->59556 59557 41098b 59556->59557 59720 40d564 InitializeCriticalSectionAndSpinCount ___lock_fhandle 59557->59720 59559 410998 59559->59539 59721 4104e9 6 API calls __crt_waiting_on_module_handle 59559->59721 59561 4109ac 59561->59539 59722 411cba 59561->59722 59565 4109df 59565->59539 59566 4109e6 59565->59566 59729 4105d5 63 API calls 5 library calls 59566->59729 59568 4109ee GetCurrentThreadId 59568->59545 59759 40e1d8 59569->59759 59571 411a21 GetStartupInfoA 59572 411cba __calloc_crt 63 API calls 59571->59572 59573 411a42 59572->59573 59574 411c60 ___lock_fhandle 59573->59574 59576 411cba __calloc_crt 63 API calls 59573->59576 59579 411ba7 59573->59579 59581 411b2a 59573->59581 59574->59509 59575 411bdd GetStdHandle 59575->59579 59576->59573 59577 411c42 SetHandleCount 59577->59574 59578 411bef GetFileType 59578->59579 59579->59574 59579->59575 59579->59577 59579->59578 59761 41389c InitializeCriticalSectionAndSpinCount ___lock_fhandle 59579->59761 59580 411b53 GetFileType 59580->59581 59581->59574 59581->59579 59581->59580 59760 41389c InitializeCriticalSectionAndSpinCount ___lock_fhandle 59581->59760 59585 4128b0 GetEnvironmentStringsW 59584->59585 59586 4128cf 59584->59586 59587 4128b8 59585->59587 59589 4128c4 GetLastError 59585->59589 59586->59587 59588 412968 59586->59588 59590 4128eb GetEnvironmentStringsW 59587->59590 59595 4128fa WideCharToMultiByte 59587->59595 59591 412971 GetEnvironmentStrings 59588->59591 59592 40cc82 59588->59592 59589->59586 59590->59592 59590->59595 59591->59592 59598 412981 59591->59598 59610 4127d7 59592->59610 59596 41295d FreeEnvironmentStringsW 59595->59596 59597 41292e 59595->59597 59596->59592 59762 411c75 63 API calls _malloc 59597->59762 59764 411c75 63 API calls _malloc 59598->59764 59601 41299b 59603 4129a2 FreeEnvironmentStringsA 59601->59603 59604 4129ae _memcpy_s 59601->59604 59602 412934 59602->59596 59605 41293c WideCharToMultiByte 59602->59605 59603->59592 59608 4129b8 FreeEnvironmentStringsA 59604->59608 59606 412956 59605->59606 59607 41294e 59605->59607 59606->59596 59763 40b6b5 63 API calls 2 library calls 59607->59763 59608->59592 59611 4127f1 GetModuleFileNameA 59610->59611 59612 4127ec 59610->59612 59614 412818 59611->59614 59771 41446b 107 API calls __setmbcp 59612->59771 59765 41263d 59614->59765 59617 40cc8c 59617->59517 59704 40e79a 63 API calls 3 library calls 59617->59704 59618 412854 59772 411c75 63 API calls _malloc 59618->59772 59620 41285a 59620->59617 59621 41263d _parse_cmdline 73 API calls 59620->59621 59622 412874 59621->59622 59622->59617 59624 412568 59623->59624 59628 41256d _strlen 59623->59628 59774 41446b 107 API calls __setmbcp 59624->59774 59626 40cc9d 59626->59524 59705 40e79a 63 API calls 3 library calls 59626->59705 59627 411cba __calloc_crt 63 API calls 59629 4125a2 _strlen 59627->59629 59628->59626 59628->59627 59629->59626 59630 412600 59629->59630 59632 411cba __calloc_crt 63 API calls 59629->59632 59633 412626 59629->59633 59636 4125e7 59629->59636 59775 40ef42 63 API calls __cftof_l 59629->59775 59777 40b6b5 63 API calls 2 library calls 59630->59777 59632->59629 59778 40b6b5 63 API calls 2 library calls 59633->59778 59636->59629 59776 40e61c 10 API calls 3 library calls 59636->59776 59639 40e867 __IsNonwritableInCurrentImage 59638->59639 59779 413586 59639->59779 59641 40e885 __initterm_e 59643 40e8a4 __IsNonwritableInCurrentImage __initterm 59641->59643 59783 40d2bd 74 API calls __cinit 59641->59783 59643->59523 59645 401ab9 59644->59645 59784 40b99e 59645->59784 59647 401abf 59648 401acd GetCurrentProcessId CreateToolhelp32Snapshot Module32First 59647->59648 59674 402467 59647->59674 59649 401dc3 CloseHandle GetModuleHandleA 59648->59649 59655 401c55 59648->59655 59797 401650 59649->59797 59651 401e8b FindResourceA LoadResource LockResource SizeofResource 59652 40b84d _malloc 63 API calls 59651->59652 59653 401ebf 59652->59653 59799 40af66 59653->59799 59656 401c9c CloseHandle 59655->59656 59661 401cf9 Module32Next 59655->59661 59656->59528 59657 401ecb _memset 59658 401efc SizeofResource 59657->59658 59659 401f1c 59658->59659 59660 401f5f 59658->59660 59659->59660 59837 401560 __VEC_memcpy ___sbh_free_block 59659->59837 59663 401f92 _memset 59660->59663 59838 401560 __VEC_memcpy ___sbh_free_block 59660->59838 59661->59649 59670 401d0f 59661->59670 59665 401fa2 FreeResource 59663->59665 59666 40b84d _malloc 63 API calls 59665->59666 59667 401fbb SizeofResource 59666->59667 59668 401fe5 _memset 59667->59668 59669 4020aa LoadLibraryA 59668->59669 59671 401650 59669->59671 59670->59656 59673 401dad Module32Next 59670->59673 59672 40216c GetProcAddress 59671->59672 59672->59674 59675 4021aa 59672->59675 59673->59649 59673->59670 59674->59528 59675->59674 59811 4018f0 59675->59811 59677 40243f 59677->59674 59839 40b6b5 63 API calls 2 library calls 59677->59839 59679 4021f1 59679->59677 59823 401870 59679->59823 59681 402269 VariantInit 59682 401870 76 API calls 59681->59682 59683 40228b VariantInit 59682->59683 59684 4022a7 59683->59684 59685 4022d9 SafeArrayCreate SafeArrayAccessData 59684->59685 59828 40b350 59685->59828 59688 40232c 59689 402354 SafeArrayDestroy 59688->59689 59697 40235b 59688->59697 59689->59697 59690 402392 SafeArrayCreateVector 59691 4023a4 59690->59691 59692 4023bc VariantClear VariantClear 59691->59692 59830 4019a0 59692->59830 59695 40242e 59696 4019a0 66 API calls 59695->59696 59696->59677 59697->59690 59861 40e8de 59698->59861 59700 40ea1b 59700->59529 59701->59502 59702->59506 59703->59513 59704->59517 59705->59524 59706->59525 59707->59532 59708->59541 59709->59549 59711 4104a7 GetModuleHandleW 59710->59711 59712 410486 59710->59712 59714 4104c2 GetProcAddress 59711->59714 59715 4104b7 59711->59715 59712->59711 59713 410490 TlsGetValue 59712->59713 59719 41049b 59713->59719 59716 41049f 59714->59716 59731 40e76a Sleep GetModuleHandleW 59715->59731 59716->59552 59718 4104bd 59718->59714 59718->59716 59719->59711 59719->59716 59720->59559 59721->59561 59725 411cc3 59722->59725 59724 4109c5 59724->59539 59728 4104e9 6 API calls __crt_waiting_on_module_handle 59724->59728 59725->59724 59726 411ce1 Sleep 59725->59726 59732 40e231 59725->59732 59727 411cf6 59726->59727 59727->59724 59727->59725 59728->59565 59729->59568 59731->59718 59733 40e23d ___lock_fhandle 59732->59733 59734 40e255 59733->59734 59744 40e274 _memset 59733->59744 59745 40bfc1 63 API calls __getptd_noexit 59734->59745 59736 40e25a 59746 40e744 6 API calls 2 library calls 59736->59746 59737 40e2e6 HeapAlloc 59737->59744 59741 40e26a ___lock_fhandle 59741->59725 59744->59737 59744->59741 59747 40d6e0 59744->59747 59754 40def2 5 API calls 2 library calls 59744->59754 59755 40e32d LeaveCriticalSection _doexit 59744->59755 59756 40d2e3 6 API calls __decode_pointer 59744->59756 59745->59736 59748 40d6f5 59747->59748 59749 40d708 EnterCriticalSection 59747->59749 59757 40d61d 63 API calls 9 library calls 59748->59757 59749->59744 59751 40d6fb 59751->59749 59758 40e79a 63 API calls 3 library calls 59751->59758 59753 40d707 59753->59749 59754->59744 59755->59744 59756->59744 59757->59751 59758->59753 59759->59571 59760->59581 59761->59579 59762->59602 59763->59606 59764->59601 59767 41265c 59765->59767 59769 4126c9 59767->59769 59773 416836 73 API calls x_ismbbtype_l 59767->59773 59768 4127c7 59768->59617 59768->59618 59769->59768 59770 416836 73 API calls _parse_cmdline 59769->59770 59770->59769 59771->59611 59772->59620 59773->59767 59774->59628 59775->59629 59776->59636 59777->59626 59778->59626 59780 41358c 59779->59780 59781 41046e __encode_pointer 6 API calls 59780->59781 59782 4135a4 59780->59782 59781->59780 59782->59641 59783->59643 59787 40b9aa ___lock_fhandle _strnlen 59784->59787 59785 40b9b8 59840 40bfc1 63 API calls __getptd_noexit 59785->59840 59787->59785 59790 40b9ec 59787->59790 59788 40b9bd 59841 40e744 6 API calls 2 library calls 59788->59841 59791 40d6e0 __lock 63 API calls 59790->59791 59792 40b9f3 59791->59792 59842 40b917 121 API calls 3 library calls 59792->59842 59793 40b9cd ___lock_fhandle 59793->59647 59795 40b9ff 59843 40ba18 LeaveCriticalSection _doexit 59795->59843 59798 4017cc _memcpy_s 59797->59798 59798->59651 59801 40af70 59799->59801 59800 40b84d _malloc 63 API calls 59800->59801 59801->59800 59802 40af8a 59801->59802 59804 40af8c std::bad_alloc::bad_alloc 59801->59804 59844 40d2e3 6 API calls __decode_pointer 59801->59844 59802->59657 59809 40afb2 59804->59809 59845 40d2bd 74 API calls __cinit 59804->59845 59806 40afbc 59847 40cd39 RaiseException 59806->59847 59846 40af49 63 API calls std::exception::exception 59809->59846 59810 40afca 59812 401903 lstrlenA 59811->59812 59813 4018fc 59811->59813 59848 4017e0 59812->59848 59813->59679 59816 401940 GetLastError 59818 40194b MultiByteToWideChar 59816->59818 59819 40198d 59816->59819 59817 401996 59817->59679 59820 4017e0 73 API calls 59818->59820 59819->59817 59856 401030 GetLastError 59819->59856 59821 401970 MultiByteToWideChar 59820->59821 59821->59819 59824 40af66 75 API calls 59823->59824 59825 40187c 59824->59825 59826 401885 SysAllocString 59825->59826 59827 4018a4 59825->59827 59826->59827 59827->59681 59829 40231a SafeArrayUnaccessData 59828->59829 59829->59688 59831 4019aa InterlockedDecrement 59830->59831 59836 4019df VariantClear 59830->59836 59832 4019b8 59831->59832 59831->59836 59833 4019c2 SysFreeString 59832->59833 59834 4019c9 59832->59834 59832->59836 59833->59834 59860 40aec0 64 API calls 2 library calls 59834->59860 59836->59695 59837->59659 59838->59663 59839->59674 59840->59788 59842->59795 59843->59793 59844->59801 59845->59809 59846->59806 59847->59810 59849 4017e9 59848->59849 59854 401844 59849->59854 59855 40182d 59849->59855 59857 40b783 73 API calls 4 library calls 59849->59857 59853 40186d MultiByteToWideChar 59853->59816 59853->59817 59854->59853 59859 40b743 63 API calls 2 library calls 59854->59859 59855->59854 59858 40b6b5 63 API calls 2 library calls 59855->59858 59857->59855 59858->59854 59859->59854 59860->59836 59862 40e8ea ___lock_fhandle 59861->59862 59863 40d6e0 __lock 63 API calls 59862->59863 59864 40e8f1 59863->59864 59865 40e9ba __initterm 59864->59865 59866 40e91d 59864->59866 59880 40e9f5 59865->59880 59885 4104e9 6 API calls __crt_waiting_on_module_handle 59866->59885 59870 40e928 59872 40e9aa __initterm 59870->59872 59886 4104e9 6 API calls __crt_waiting_on_module_handle 59870->59886 59871 40e9f2 ___lock_fhandle 59871->59700 59872->59865 59875 40e9e9 59876 40e7ee _malloc 4 API calls 59875->59876 59876->59871 59877 4104e0 6 API calls _raise 59878 40e93d 59877->59878 59878->59872 59878->59877 59879 4104e9 6 API calls __decode_pointer 59878->59879 59879->59878 59881 40e9d6 59880->59881 59882 40e9fb 59880->59882 59881->59871 59884 40d606 LeaveCriticalSection 59881->59884 59887 40d606 LeaveCriticalSection 59882->59887 59884->59875 59885->59870 59886->59878 59887->59881 59888 290dea8 59889 290dee8 CloseHandle 59888->59889 59891 290df19 59889->59891 59460 78c2400 59461 78c2403 LdrInitializeThunk 59460->59461

                                                                        Executed Functions

                                                                        Function 004019F0 Relevance: 146.0, APIs: 34, Strings: 49, Instructions: 747comprocessCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 0 4019f0-401ac7 OleInitialize call 401650 call 40b99e 5 40248a-402496 0->5 6 401acd-401c4f GetCurrentProcessId CreateToolhelp32Snapshot Module32First 0->6 7 401dc3-401ed4 CloseHandle GetModuleHandleA call 401650 FindResourceA LoadResource LockResource SizeofResource call 40b84d call 40af66 6->7 8 401c55-401c6c call 401650 6->8 27 401ed6-401eed call 40ba30 7->27 28 401eef 7->28 14 401c73-401c77 8->14 16 401c93-401c95 14->16 17 401c79-401c7b 14->17 18 401c98-401c9a 16->18 20 401c7d-401c83 17->20 21 401c8f-401c91 17->21 22 401cb0-401cce call 401650 18->22 23 401c9c-401caf CloseHandle 18->23 20->16 25 401c85-401c8d 20->25 21->18 33 401cd0-401cd4 22->33 25->14 25->21 31 401ef3-401f1a call 401300 SizeofResource 27->31 28->31 38 401f1c-401f2f 31->38 39 401f5f-401f69 31->39 36 401cf0-401cf2 33->36 37 401cd6-401cd8 33->37 42 401cf5-401cf7 36->42 40 401cda-401ce0 37->40 41 401cec-401cee 37->41 43 401f33-401f5d call 401560 38->43 44 401f73-401f75 39->44 45 401f6b-401f72 39->45 40->36 46 401ce2-401cea 40->46 41->42 42->23 47 401cf9-401d09 Module32Next 42->47 43->39 49 401f92-4021a4 call 40ba30 FreeResource call 40b84d SizeofResource call 40ac60 call 40ba30 call 401650 LoadLibraryA call 401650 GetProcAddress 44->49 50 401f77-401f8d call 401560 44->50 45->44 46->33 46->41 47->7 51 401d0f 47->51 49->5 86 4021aa-4021c0 49->86 50->49 55 401d10-401d2e call 401650 51->55 60 401d30-401d34 55->60 63 401d50-401d52 60->63 64 401d36-401d38 60->64 68 401d55-401d57 63->68 66 401d3a-401d40 64->66 67 401d4c-401d4e 64->67 66->63 70 401d42-401d4a 66->70 67->68 68->23 71 401d5d-401d7b call 401650 68->71 70->60 70->67 77 401d80-401d84 71->77 79 401da0-401da2 77->79 80 401d86-401d88 77->80 81 401da5-401da7 79->81 83 401d8a-401d90 80->83 84 401d9c-401d9e 80->84 81->23 85 401dad-401dbd Module32Next 81->85 83->79 87 401d92-401d9a 83->87 84->81 85->7 85->55 89 4021c6-4021ca 86->89 90 40246a-402470 86->90 87->77 87->84 89->90 93 4021d0-402217 call 4018f0 89->93 91 402472-402475 90->91 92 40247a-402480 90->92 91->92 92->5 94 402482-402487 92->94 98 40221d-40223d 93->98 99 40244f-40245f 93->99 94->5 98->99 103 402243-402251 98->103 99->90 100 402461-402467 call 40b6b5 99->100 100->90 103->99 106 402257-4022b7 call 401870 VariantInit call 401870 VariantInit call 4018d0 103->106 114 4022c3-40232a call 4018d0 SafeArrayCreate SafeArrayAccessData call 40b350 SafeArrayUnaccessData 106->114 115 4022b9-4022be call 40ad90 106->115 122 402336-40234d call 4018d0 114->122 123 40232c-402331 call 40ad90 114->123 115->114 152 40234e call 27bd01d 122->152 153 40234e call 27bd007 122->153 123->122 127 402350-402352 128 402354-402355 SafeArrayDestroy 127->128 129 40235b-402361 127->129 128->129 130 402363-402368 call 40ad90 129->130 131 40236d-402375 129->131 130->131 133 402377-402379 131->133 134 40237b 131->134 135 40237d-40238f call 4018d0 133->135 134->135 154 402390 call 27bd01d 135->154 155 402390 call 27bd007 135->155 138 402392-4023a2 SafeArrayCreateVector 139 4023a4-4023a9 call 40ad90 138->139 140 4023ae-4023b4 138->140 139->140 142 4023b6-4023b8 140->142 143 4023ba 140->143 144 4023bc-402417 VariantClear * 2 call 4019a0 142->144 143->144 146 40241c-40242c VariantClear 144->146 147 402436-402445 call 4019a0 146->147 148 40242e-402433 146->148 147->99 151 402447-40244c 147->151 148->147 151->99 152->127 153->127 154->138 155->138
                                                                        APIs
                                                                        • OleInitialize.OLE32(00000000), ref: 004019FD
                                                                        • _getenv.LIBCMT ref: 00401ABA
                                                                        • GetCurrentProcessId.KERNEL32 ref: 00401ACD
                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401AD6
                                                                        • Module32First.KERNEL32 ref: 00401C48
                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000008,00000000), ref: 00401C9D
                                                                        • Module32Next.KERNEL32(00000000,?), ref: 00401D02
                                                                        • Module32Next.KERNEL32(00000000,?), ref: 00401DB6
                                                                        • CloseHandle.KERNEL32(00000000), ref: 00401DC4
                                                                        • GetModuleHandleA.KERNEL32(00000000), ref: 00401DCB
                                                                        • FindResourceA.KERNEL32(00000000,00000000,00000008), ref: 00401E90
                                                                        • LoadResource.KERNEL32(00000000,00000000), ref: 00401E9E
                                                                        • LockResource.KERNEL32(00000000), ref: 00401EA7
                                                                        • SizeofResource.KERNEL32(00000000,00000000), ref: 00401EB3
                                                                        • _malloc.LIBCMT ref: 00401EBA
                                                                        • _memset.LIBCMT ref: 00401EDD
                                                                        • SizeofResource.KERNEL32(00000000,?), ref: 00401F02
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$HandleModule32$CloseNextSizeof$CreateCurrentFindFirstInitializeLoadLockModuleProcessSnapshotToolhelp32_getenv_malloc_memset
                                                                        • String ID: !$!$!$"$%$'$'$)$*$*$.$.$0$4$4$4$5$6$8$:$D$E$U$V$V$W$W$W$W$[$[$_._$___$h$o$o$o$v$v$v$v$x$x$x$x${${${${
                                                                        • API String ID: 1430744539-2962942730
                                                                        • Opcode ID: f33ec6517a8e462eea4e7ce496cce69d106849ef0d44fd50fc6c48668fb332a6
                                                                        • Instruction ID: 7b7814addfdf4b3cbdaef5ede101091f5fb3e94df766619d88950efa0d528cfd
                                                                        • Opcode Fuzzy Hash: f33ec6517a8e462eea4e7ce496cce69d106849ef0d44fd50fc6c48668fb332a6
                                                                        • Instruction Fuzzy Hash: B3628C2100C7C19EC321DB388888A5FBFE55FA6328F484A5DF1E55B2E2C7799509C76B
                                                                        Function 07731908 Relevance: 5.7, Strings: 4, Instructions: 673COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 407 7731908-773193a 409 7731d33-7731d51 407->409 410 7731940-7731951 407->410 415 7732185-7732191 409->415 411 7731953 410->411 412 7731958-7731a1f 410->412 411->412 458 7731cf5-7731d19 412->458 459 7731a25-7731a2e 412->459 416 7732197-77321ab 415->416 417 7731d5f-7731d6b 415->417 420 7732172-7732177 417->420 421 7731d71-7731df6 417->421 425 7732182 420->425 439 7731dfc-7731dfe 421->439 425->415 440 7731e00-7731e06 439->440 441 7731e16-7731e2f 439->441 443 7731e0a-7731e0c 440->443 444 7731e08 440->444 446 7731e31-7731e5a 441->446 447 7731e5f-7731e9d 441->447 443->441 444->441 446->425 463 7731ec2-7731edc 447->463 464 7731e9f-7731ec0 447->464 468 7731d20-7731d26 458->468 461 7731a30-7731a34 459->461 462 7731a35-7731a3a 459->462 461->462 465 7731a3f-7731a5f 462->465 466 7731a3c 462->466 488 7731ee3-7731ee9 463->488 464->488 474 7731a61 465->474 475 7731a64-7731a6d 465->475 466->465 469 7731d30 468->469 470 7731d28 468->470 469->409 470->469 474->475 477 7731a73-7731a91 475->477 478 7731c7c-7731c87 475->478 482 7731a93-7731a95 477->482 483 7731acc-7731ad5 477->483 480 7731c89 478->480 481 7731c8c-7731cc5 478->481 480->481 520 7731cc7-7731ceb 481->520 521 7731ced 481->521 482->483 487 7731a97-7731a9d 482->487 484 7731d1b 483->484 485 7731adb-7731aeb 483->485 484->468 485->484 489 7731af1-7731b02 485->489 491 7731aa3 487->491 492 7731b25-7731b8e 487->492 493 7731eeb-7731f06 488->493 494 7731f08-7731f63 488->494 489->484 495 7731b08-7731b18 489->495 496 7731aa6-7731aa8 491->496 504 7731b90-7731b92 492->504 505 7731be8-7731bfc 492->505 493->494 529 7731f69-7731f6e 494->529 530 773207e-77320bd 494->530 495->484 498 7731b1e-7731b23 495->498 502 7731aaa 496->502 503 7731aad-7731ab8 496->503 498->492 502->503 503->484 506 7731abe-7731ac8 503->506 504->505 511 7731b94-7731ba0 504->511 505->484 508 7731c02-7731c1c 505->508 506->496 507 7731aca 506->507 507->492 508->484 513 7731c22-7731c3f 508->513 514 7731ba6 511->514 515 7731c6d-7731c76 511->515 513->484 517 7731c45-7731c63 513->517 519 7731bac-7731bae 514->519 515->477 515->478 517->484 522 7731c69 517->522 523 7731bb0-7731bb4 519->523 524 7731bb8-7731bd4 519->524 520->521 521->458 522->515 523->524 524->484 526 7731bda-7731be1 524->526 526->519 527 7731be3 526->527 527->515 533 7731f78-7731f7b 529->533 542 77320db-77320ec 530->542 543 77320bf-77320d9 530->543 534 7731f81 533->534 535 7732046-773206e 533->535 536 7731fea-7732016 534->536 537 7731fb9-7731fe5 534->537 538 7731f88-7731fb4 534->538 539 7732018-7732044 534->539 544 7732074-7732078 535->544 536->544 537->544 538->544 539->544 547 77320f5-7732170 542->547 543->547 544->530 544->533 547->425
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738043753.0000000007730000.00000040.00000800.00020000.00000000.sdmp, Offset: 07730000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7730000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: TJcq$Te^q$pbq$xbaq
                                                                        • API String ID: 0-1954897716
                                                                        • Opcode ID: 538d93b376bd3451f1b349328e0a28b08a3481807222b18742e406b8e9fd4d4c
                                                                        • Instruction ID: 8d7ed34ddf84710b443d2adae7ce4d3296ca5ac74fe15ab2a76079bec1f97925
                                                                        • Opcode Fuzzy Hash: 538d93b376bd3451f1b349328e0a28b08a3481807222b18742e406b8e9fd4d4c
                                                                        • Instruction Fuzzy Hash: 25523975A00618DFCB15DFA8C984EA9BBB2FF49300F5685A8E5099B276CB31ED51CF40
                                                                        Function 077300F1 Relevance: 2.4, Strings: 1, Instructions: 1146COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 719 77300f1-77300fd 720 7730103-7730108 719->720 721 773184a-773184f 719->721 722 7730131-7730176 720->722 723 773010a-7730113 720->723 722->721 730 773017c-77302f0 722->730 723->721 725 7730119-7730123 723->725 727 7730d36-7730dc8 725->727 740 7730e87-7730ec0 727->740 741 7730dce-7730e7e 727->741 852 77302f6-7730302 730->852 853 773085d-773088e 730->853 749 7730f82-7730ffc 740->749 750 7730ec6-7730ef2 740->750 741->740 781 7730e80 741->781 779 7731002-773108e 749->779 780 7731090-77310ca 749->780 760 7730ef8-7730f01 750->760 761 773119c-77311e0 750->761 760->721 763 7730f07-7730f3c 760->763 787 77311e6-7731207 761->787 788 77313d5-77313db 761->788 763->721 776 7730f42-7730f46 763->776 1034 7730f48 call 76f1deb 776->1034 1035 7730f48 call 76f1be4 776->1035 1036 7730f48 call 76f19d2 776->1036 797 77310d1-77310dc 779->797 780->797 781->740 783 7730f4e-7730f68 802 7730f6a 783->802 803 7730f6d-7730f77 783->803 795 773120d 787->795 796 77313bc-77313cf 787->796 1037 77313dd call 7733770 788->1037 1038 77313dd call 7733760 788->1038 793 77313e3-77313fe 820 7731406 793->820 804 7731302-7731335 795->804 805 7731231-7731269 795->805 806 7731214-7731220 795->806 807 77312b4-77312fd 795->807 808 773133a-773136d 795->808 809 7731389-77313b5 795->809 810 773136f-773137b 795->810 811 773126e-77312af 795->811 796->787 796->788 797->761 812 77310e2-77310eb 797->812 802->803 803->760 813 7730f7d 803->813 804->796 805->796 806->721 814 7731226-773122c 806->814 807->796 808->796 809->796 810->721 817 7731381-7731387 810->817 811->796 812->721 815 77310f1-7731113 812->815 813->761 814->796 842 7731153-773116b 815->842 843 7731115-773112d 815->843 817->796 830 7731806-773181d 820->830 857 7731828-773183f 830->857 842->721 850 7731171-7731181 842->850 843->721 848 7731133-7731151 843->848 862 773118c-7731196 848->862 850->862 852->721 855 7730308-7730383 852->855 867 77308f3-7730924 853->867 868 7730890-77308bc 853->868 892 7730385-773039a 855->892 893 773039c-77303eb 855->893 857->721 862->761 862->812 881 7730a46-7730a8e 867->881 882 773092a-77309c7 867->882 879 77308d6-77308f1 868->879 880 77308be-77308c1 868->880 879->867 879->868 880->879 883 77308c3-77308d3 880->883 888 7730a90-7730ae5 881->888 889 7730aeb-7730b2f 881->889 928 7730a09-7730a0c 882->928 929 77309c9-7730a07 882->929 883->879 888->889 910 7730d27-7730d2e 889->910 911 7730b35-7730b7a 889->911 892->893 912 77303f7-773043a 893->912 913 77303ed-77303f2 893->913 910->727 911->830 930 7730b80-7730b88 911->930 925 7730446-7730489 912->925 926 773043c-7730441 912->926 915 7730845-7730857 913->915 915->852 915->853 957 7730495-77304d8 925->957 958 773048b-7730490 925->958 926->915 932 7730a1f 928->932 933 7730a0e-7730a1d 928->933 940 7730a2b-7730a40 929->940 930->721 934 7730b8e-7730b95 930->934 932->940 933->940 936 7730ba1-7730ba5 934->936 937 7730b97-7730b9c 934->937 936->857 942 7730bab 936->942 941 7730d0c-7730d21 937->941 940->881 940->882 941->910 941->911 944 7730bb2 942->944 945 7730c20-7730c64 942->945 946 7730bd4-7730c1b 942->946 947 7730c69-7730cad 942->947 948 7730caf-7730cd5 942->948 952 7730bbc-7730bcf 944->952 967 7730d04 945->967 946->967 947->967 968 7730cd7-7730cee 948->968 969 7730cfe 948->969 952->967 977 77304e4-7730527 957->977 978 77304da-77304df 957->978 958->915 967->941 968->721 976 7730cf4-7730cfc 968->976 969->967 976->968 976->969 982 7730533-7730576 977->982 983 7730529-773052e 977->983 978->915 987 7730582-77305c5 982->987 988 7730578-773057d 982->988 983->915 992 77305d1-7730614 987->992 993 77305c7-77305cc 987->993 988->915 997 7730620-7730663 992->997 998 7730616-773061b 992->998 993->915 1002 7730665-773066a 997->1002 1003 773066f-77306b2 997->1003 998->915 1002->915 1007 77306b4-77306b9 1003->1007 1008 77306be-7730701 1003->1008 1007->915 1012 7730703-7730708 1008->1012 1013 773070d-7730750 1008->1013 1012->915 1017 7730752-7730757 1013->1017 1018 773075c-773079f 1013->1018 1017->915 1022 77307a1-77307a6 1018->1022 1023 77307ab-77307ee 1018->1023 1022->915 1027 77307f0-77307f5 1023->1027 1028 77307f7-773083a 1023->1028 1027->915 1032 7730843 1028->1032 1033 773083c-7730841 1028->1033 1032->915 1033->915 1034->783 1035->783 1036->783 1037->793 1038->793
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738043753.0000000007730000.00000040.00000800.00020000.00000000.sdmp, Offset: 07730000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7730000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $^q
                                                                        • API String ID: 0-388095546
                                                                        • Opcode ID: 1b73703679f02d5dcb7941dd10505f28b0da774ff50bf68ed39eb9c43186c57f
                                                                        • Instruction ID: 8c0eab5316f0f6cce58356598a1cc30ac58e8fdf2900542c82db0478920786da
                                                                        • Opcode Fuzzy Hash: 1b73703679f02d5dcb7941dd10505f28b0da774ff50bf68ed39eb9c43186c57f
                                                                        • Instruction Fuzzy Hash: DDB20874A00218DFCB55EF68D998AADBBF2FF88310F5085A9D40AAB355DB349D81CF41
                                                                        Function 078C2400 Relevance: 1.5, APIs: 1, Instructions: 5libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738205262.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_78c0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: c44d3e3974ae102d838773c7750a7e6bdba2e4f295932b5b30091b6ff74c6737
                                                                        • Instruction ID: fed8433e587c4d03b77c897f9a3cd7dc30e0d096e3a1150d28530aa6b55c4dc9
                                                                        • Opcode Fuzzy Hash: c44d3e3974ae102d838773c7750a7e6bdba2e4f295932b5b30091b6ff74c6737
                                                                        • Instruction Fuzzy Hash: 4E90023508560C8B4550379574099957B9C954453AB904052A50D415456A5968504595
                                                                        Function 0040CBF7 Relevance: 21.1, APIs: 14, Instructions: 78COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 156 40cbf7-40cc06 157 40cc08-40cc14 156->157 158 40cc2f 156->158 157->158 159 40cc16-40cc1d 157->159 160 40cc33-40cc3d call 40d534 158->160 159->158 161 40cc1f-40cc2d 159->161 164 40cc47-40cc4e call 41087e 160->164 165 40cc3f-40cc46 call 40cbb4 160->165 161->160 170 40cc50-40cc57 call 40cbb4 164->170 171 40cc58-40cc68 call 4129c9 call 411a15 164->171 165->164 170->171 178 40cc72-40cc8e GetCommandLineA call 412892 call 4127d7 171->178 179 40cc6a-40cc71 call 40e79a 171->179 186 40cc90-40cc97 call 40e79a 178->186 187 40cc98-40cc9f call 41255f 178->187 179->178 186->187 192 40cca1-40cca8 call 40e79a 187->192 193 40cca9-40ccb3 call 40e859 187->193 192->193 198 40ccb5-40ccbb call 40e79a 193->198 199 40ccbc-40cce2 call 4019f0 193->199 198->199 204 40cce4-40cce5 call 40ea0a 199->204 205 40ccea-40cd2e call 40ea36 call 40e21d 199->205 204->205
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID: __amsg_exit$_fast_error_exit$CommandEnvironmentInitializeLineStrings___crt__cinit__ioinit__mtinit__setargv__setenvp
                                                                        • String ID:
                                                                        • API String ID: 2598563909-0
                                                                        • Opcode ID: 2d668fad8e0b173589b4563f5a4f7b2cb6976b6486fb72b9956ee4840b6c9fb0
                                                                        • Instruction ID: 67c2b95978a5c3de314e94e7eee78366e8702871eb07600154e5c77a41a3d030
                                                                        • Opcode Fuzzy Hash: 2d668fad8e0b173589b4563f5a4f7b2cb6976b6486fb72b9956ee4840b6c9fb0
                                                                        • Instruction Fuzzy Hash: 5321E770A05304DAFB207BB3E98676932B46F00309F00453FE508B62D2EB7C89918A5C
                                                                        Function 09545F82 Relevance: 9.1, Strings: 7, Instructions: 309COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 212 9545f82-9545f89 213 9545fde-9545fe1 212->213 214 9545f8b-9545f8d 212->214 215 9546057 213->215 216 9545fe2 213->216 217 9545f8f-9545faa 214->217 218 9545fab-9545fb1 214->218 221 9546013-9546014 215->221 222 9546058-9546068 215->222 219 9545ff1-9545ff7 216->219 220 9545fe3-9545feb 216->220 217->218 324 9545fb7 call 9546280 218->324 325 9545fb7 call 9545f82 218->325 225 95460ba-95460c6 219->225 223 9545fd5-9545fd8 220->223 224 9545fec-9545fee 220->224 221->225 227 9546016-954601b 221->227 239 9546265-9546271 222->239 240 954606e-9546088 222->240 230 9545fd9-9545fdc 223->230 224->219 322 95460cc call 9546280 225->322 323 95460cc call 9545f82 225->323 226 9545fbd-9545fbf 231 9545fc1-9545fc5 226->231 232 9545ffc-9546000 226->232 228 9546005-9546012 227->228 229 954601d-954601e 227->229 228->221 234 9546020-9546026 229->234 235 9546029-954602d 229->235 230->213 231->230 238 9545fc7-9545fd3 231->238 232->228 234->235 241 9546050 235->241 242 954602f-9546038 235->242 237 95460d2-95460d4 244 95460d6-95460da 237->244 245 9546108-9546120 237->245 238->223 259 95462c6-95462c9 239->259 260 9546273-9546275 239->260 240->225 256 954608a-954608e 240->256 250 9546053 241->250 248 954603f-954604c 242->248 249 954603a-954603d 242->249 252 95460e5-95460ee 244->252 253 95460dc-95460e2 244->253 262 95461c6-95461d5 245->262 265 9546126-954612a 245->265 257 954604e 248->257 249->257 250->215 254 95460f0-95460f3 252->254 255 95460fd-9546103 252->255 253->252 254->255 255->262 256->239 261 9546094-95460af 256->261 257->250 263 95462ca-95462d1 259->263 260->263 266 9546277-95462b7 260->266 295 95460b5 261->295 296 95460b1-95460b3 261->296 320 95461db call 9546280 262->320 321 95461db call 9545f82 262->321 267 9546305-9546309 263->267 268 9546135-9546139 265->268 269 954612c-9546132 265->269 283 95462d3-95462d6 266->283 284 95462b9-95462c5 266->284 275 9546314 267->275 276 954630b 267->276 273 954615c 268->273 274 954613b-9546144 268->274 269->268 271 95461e1-95461e3 279 95461e5-95461e9 271->279 280 9546242-9546264 271->280 278 954615f-9546174 273->278 281 9546146-9546149 274->281 282 954614b-9546158 274->282 289 9546315 275->289 276->275 278->239 298 954617a-9546194 278->298 285 95461f4-95461f8 279->285 286 95461eb-95461f1 279->286 288 954615a 281->288 282->288 291 95462dd-9546303 283->291 284->259 292 95461fa-9546203 285->292 293 954621b 285->293 286->285 288->278 289->289 291->267 299 9546205-9546208 292->299 300 954620a-9546217 292->300 302 954621e-9546236 293->302 301 95460b8 295->301 296->301 298->262 309 9546196-954619a 298->309 303 9546219 299->303 300->303 301->225 312 954623c 302->312 313 9546238-954623a 302->313 303->302 309->239 311 95461a0-95461bb 309->311 317 95461c1 311->317 318 95461bd-95461bf 311->318 314 954623f 312->314 313->314 314->280 319 95461c4 317->319 318->319 319->262 320->271 321->271 322->237 323->237 324->226 325->226
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: `Q^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                        • API String ID: 0-348381173
                                                                        • Opcode ID: 2dbe73a86e7d2fd275db71e9216e61c561c155920c2089d1a17b14972b47771e
                                                                        • Instruction ID: 52ae5611d08a08bbbf54974c5035666583073eff30e051b079b582e3291ccca0
                                                                        • Opcode Fuzzy Hash: 2dbe73a86e7d2fd275db71e9216e61c561c155920c2089d1a17b14972b47771e
                                                                        • Instruction Fuzzy Hash: 45C1DF30E05209DFCB55CFA6C5487AEBBF1BF4A308F158569E405EB250D7359C45CBA1
                                                                        Function 0954B000 Relevance: 6.4, Strings: 5, Instructions: 170COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 326 954b000-954b042 331 954b117-954b13c 326->331 332 954b048-954b04f 326->332 348 954b143-954b168 331->348 333 954b096-954b09e 332->333 334 954b051-954b062 332->334 335 954b0a0-954b0b5 333->335 336 954b0c3-954b10d 333->336 370 954b064 call 954b000 334->370 371 954b064 call 954aff1 334->371 335->348 349 954b0bb-954b0c2 335->349 358 954b16f-954b1f5 336->358 359 954b10f-954b116 336->359 342 954b06a-954b06e 344 954b070-954b08a 342->344 345 954b08c-954b095 342->345 344->345 348->358 367 954b1f7 358->367 368 954b1fd-954b208 358->368 367->368 372 954b20a call 78c2658 368->372 373 954b20a call 78c25d8 368->373 374 954b20a call 78c25d3 368->374 369 954b20f-954b212 370->342 371->342 372->369 373->369 374->369
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (bq$(bq$(bq$(bq$saWi^
                                                                        • API String ID: 0-1470460452
                                                                        • Opcode ID: 4de4627f9acb58cbbfac51d1a17ba469874dddc135888c02ea11bf54ceff476a
                                                                        • Instruction ID: 1919a4e089bb99d73777df5b72c44a93eef70e6725aa435d5025cd489e4626d8
                                                                        • Opcode Fuzzy Hash: 4de4627f9acb58cbbfac51d1a17ba469874dddc135888c02ea11bf54ceff476a
                                                                        • Instruction Fuzzy Hash: BC518A31B402059FC7599B7AD8586AEBBF6FFC9311B14852AD41AD7350DF34A8428B90
                                                                        Function 004018F0 Relevance: 6.3, APIs: 5, Instructions: 77stringCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 375 4018f0-4018fa 376 401903-40193e lstrlenA call 4017e0 MultiByteToWideChar 375->376 377 4018fc-401900 375->377 380 401940-401949 GetLastError 376->380 381 401996-40199a 376->381 382 40194b-40198c MultiByteToWideChar call 4017e0 MultiByteToWideChar 380->382 383 40198d-40198f 380->383 382->383 383->381 385 401991 call 401030 383->385 385->381
                                                                        APIs
                                                                        • lstrlenA.KERNEL32(?), ref: 00401906
                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 0040192F
                                                                        • GetLastError.KERNEL32 ref: 00401940
                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401958
                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401980
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                        • String ID:
                                                                        • API String ID: 3322701435-0
                                                                        • Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                        • Instruction ID: 001f8acd6346668203df0e37acbb0982e2c141f20d3592a2a78c171e7710dcce
                                                                        • Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                        • Instruction Fuzzy Hash: 4011C4756003247BD3309B15CC88F677F6CEB86BA9F008169FD85AB291C635AC04C6F8
                                                                        Function 0040AF66 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 388 40af66-40af6e 389 40af7d-40af88 call 40b84d 388->389 392 40af70-40af7b call 40d2e3 389->392 393 40af8a-40af8b 389->393 392->389 396 40af8c-40af98 392->396 397 40afb3-40afca call 40af49 call 40cd39 396->397 398 40af9a-40afb2 call 40aefc call 40d2bd 396->398 398->397
                                                                        APIs
                                                                        • _malloc.LIBCMT ref: 0040AF80
                                                                          • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                          • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                          • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                        • std::bad_alloc::bad_alloc.LIBCMT ref: 0040AFA3
                                                                          • Part of subcall function 0040AEFC: std::exception::exception.LIBCMT ref: 0040AF08
                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0040AFB7
                                                                        • __CxxThrowException@8.LIBCMT ref: 0040AFC5
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                        • String ID:
                                                                        • API String ID: 1411284514-0
                                                                        • Opcode ID: 2a036851afa6ddc1d7df3bddf1a8d8bff45cbcbf2885913663491285a515d732
                                                                        • Instruction ID: 8b9ae61c6da4be1dff3a05d3864a1109474d1d20ea1a05e38be312cad591667e
                                                                        • Opcode Fuzzy Hash: 2a036851afa6ddc1d7df3bddf1a8d8bff45cbcbf2885913663491285a515d732
                                                                        • Instruction Fuzzy Hash: 67F0BE21A0030662CA15BB61EC06D8E3B688F4031CB6000BFE811761D2CFBCEA55859E
                                                                        Function 0040E7EE Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 671 40e7ee-40e7f6 call 40e7c3 673 40e7fb-40e7ff ExitProcess 671->673
                                                                        APIs
                                                                        • ___crtCorExitProcess.LIBCMT ref: 0040E7F6
                                                                          • Part of subcall function 0040E7C3: GetModuleHandleW.KERNEL32(mscoree.dll,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7CD
                                                                          • Part of subcall function 0040E7C3: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0040E7DD
                                                                          • Part of subcall function 0040E7C3: CorExitProcess.MSCOREE(00000001,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7EA
                                                                        • ExitProcess.KERNEL32 ref: 0040E7FF
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                        • String ID:
                                                                        • API String ID: 2427264223-0
                                                                        • Opcode ID: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
                                                                        • Instruction ID: d9ec683f250bcd397ae0bae66fbc2b9097e114182cfe22e5ca4178904d999afd
                                                                        • Opcode Fuzzy Hash: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
                                                                        • Instruction Fuzzy Hash: ADB09B31000108BFDB112F13DC09C493F59DB40750711C435F41805071DF719D5195D5
                                                                        Function 076FE170 Relevance: 2.6, Strings: 2, Instructions: 57COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 674 76fe170-76fe17c 675 76fe17e-76fe180 674->675 676 76fe1a0-76fe1c5 674->676 677 76fe1cc-76fe28c 675->677 678 76fe182-76fe191 675->678 676->677 684 76fe199-76fe19f 678->684
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (bq$(bq
                                                                        • API String ID: 0-4224401849
                                                                        • Opcode ID: 862df917a1183dade9ded7933ac87c9a54537941a5a811b322ae01c76401ff9d
                                                                        • Instruction ID: c9098838e86d57d832b33d201ccac2456972b3ec878347b99d79fff11463a639
                                                                        • Opcode Fuzzy Hash: 862df917a1183dade9ded7933ac87c9a54537941a5a811b322ae01c76401ff9d
                                                                        • Instruction Fuzzy Hash: 42012879B091A11FE3072A7E181412F6FD7EFD765039540BBC60AC7381CC259D0A8796
                                                                        Function 0954EA69 Relevance: 2.5, Strings: 2, Instructions: 48COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 689 954ea69-954ea72 690 954ea74-954ea79 689->690 691 954ea7b-954ea86 689->691 690->691 693 954ea8f-954eac1 691->693 694 954ea88 691->694 698 954eac3 693->698 699 954eaca-954eaee 693->699 694->693 698->699 702 954eaf5-954eaf7 call 954eb70 699->702 703 954eafd-954eb00 702->703
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: #AWi^$3AWi^
                                                                        • API String ID: 0-4012816523
                                                                        • Opcode ID: e649f5e3e314f0b7b0fd06da2205b9d2590f406a4b86ae50d7abf93bcaadef9f
                                                                        • Instruction ID: 12c30d764118326ca50dfdcf1c434f388d794ea1456cee64c97c05726dd2915b
                                                                        • Opcode Fuzzy Hash: e649f5e3e314f0b7b0fd06da2205b9d2590f406a4b86ae50d7abf93bcaadef9f
                                                                        • Instruction Fuzzy Hash: 1101847060060ADBC616AB36D416BAEB797BFC1318F008479D01A8B340DF34A84ACBD0
                                                                        Function 0954EA78 Relevance: 2.5, Strings: 2, Instructions: 41COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 705 954ea78-954ea86 707 954ea8f-954eac1 705->707 708 954ea88 705->708 712 954eac3 707->712 713 954eaca-954eaf7 call 954eb70 707->713 708->707 712->713 717 954eafd-954eb00 713->717
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: #AWi^$3AWi^
                                                                        • API String ID: 0-4012816523
                                                                        • Opcode ID: 8de939fbc01c296330af6be4263232ab8d22ac1f130f731dd80e2f8a5039cb9b
                                                                        • Instruction ID: 53cc207ec61ac12ae4eb20081b77dfa9b1f48ac06180e3a60796697b803aa994
                                                                        • Opcode Fuzzy Hash: 8de939fbc01c296330af6be4263232ab8d22ac1f130f731dd80e2f8a5039cb9b
                                                                        • Instruction Fuzzy Hash: F301A73060060ADFC615AB3AD415B6EB796FFC1714F00847CC01A9B340DF34A84ACBD4
                                                                        Function 0290DCD8 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1156 290dcd8-290dd59 VirtualProtect 1159 290dd62-290dd87 1156->1159 1160 290dd5b-290dd61 1156->1160 1160->1159
                                                                        APIs
                                                                        • VirtualProtect.KERNEL32(?,?,?,?), ref: 0290DD4C
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2734337716.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_2900000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID: ProtectVirtual
                                                                        • String ID:
                                                                        • API String ID: 544645111-0
                                                                        • Opcode ID: 2c376a20914eeae1a8b4b06f50d713310bb6473d6e5a944be343f5e5a9a72656
                                                                        • Instruction ID: 6cbeaa5e39a1394184af0957b0d7b5042b801c8d3d3770a1833f607469faf47f
                                                                        • Opcode Fuzzy Hash: 2c376a20914eeae1a8b4b06f50d713310bb6473d6e5a944be343f5e5a9a72656
                                                                        • Instruction Fuzzy Hash: 5C11F7B1D002499FCB20DFAAC484BDEFBF4EF48324F14842AD459A7250C7759944CFA5
                                                                        Function 00401870 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 0040AF66: _malloc.LIBCMT ref: 0040AF80
                                                                        • SysAllocString.OLEAUT32 ref: 00401898
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID: AllocString_malloc
                                                                        • String ID:
                                                                        • API String ID: 959018026-0
                                                                        • Opcode ID: 2b2277ba2f7599175ad158743716730806d9da3e8ba5769d67c84622d6ab0768
                                                                        • Instruction ID: c2922591c351a4c461934d9b8210169c8be4224f150a02a6988c85a72df9e820
                                                                        • Opcode Fuzzy Hash: 2b2277ba2f7599175ad158743716730806d9da3e8ba5769d67c84622d6ab0768
                                                                        • Instruction Fuzzy Hash: BEF02073501322A7E3316B658841B47B6E8DF80B28F00823FFD44BB391D3B9C85082EA
                                                                        Function 0040D534 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • HeapCreate.KERNEL32(00000000,00001000,00000000), ref: 0040D549
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID: CreateHeap
                                                                        • String ID:
                                                                        • API String ID: 10892065-0
                                                                        • Opcode ID: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                        • Instruction ID: a29dbb507fbbbc11cf477c5ad410ace9233c9b691e3651c0b65acef059567112
                                                                        • Opcode Fuzzy Hash: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                        • Instruction Fuzzy Hash: E8D05E36A54348AADB11AFB47C08B623BDCE388396F404576F80DC6290F678D641C548
                                                                        Function 078C23F0 Relevance: 1.5, APIs: 1, Instructions: 13libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738205262.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_78c0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 95f711600c9a94d08a6be90bef9c0c71981f0c906a198d215348dd021bc98379
                                                                        • Instruction ID: f69ebbe5a170628de0289c7c7143e7d9a5b6bbe31c18dde936475a26721487da
                                                                        • Opcode Fuzzy Hash: 95f711600c9a94d08a6be90bef9c0c71981f0c906a198d215348dd021bc98379
                                                                        • Instruction Fuzzy Hash: A2D08CB404938BCFC3032BA1B4212C07FB8AE221243100093E498CF182EB399866CB61
                                                                        Function 0040EA0A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • _doexit.LIBCMT ref: 0040EA16
                                                                          • Part of subcall function 0040E8DE: __lock.LIBCMT ref: 0040E8EC
                                                                          • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E923
                                                                          • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E938
                                                                          • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E962
                                                                          • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E978
                                                                          • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E985
                                                                          • Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9B4
                                                                          • Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9C4
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID: __decode_pointer$__initterm$__lock_doexit
                                                                        • String ID:
                                                                        • API String ID: 1597249276-0
                                                                        • Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                        • Instruction ID: a0257ab8b89ab24c4dda27abc63ac43d0f25756bab2839dd78a8b277d7454467
                                                                        • Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                        • Instruction Fuzzy Hash: D2B0923298420833EA202643AC03F063B1987C0B64E244031BA0C2E1E1A9A2A9618189
                                                                        Function 0040AD50 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • _malloc.LIBCMT ref: 0040AD5A
                                                                          • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                          • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                          • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID: AllocateHeap_malloc
                                                                        • String ID:
                                                                        • API String ID: 501242067-0
                                                                        • Opcode ID: 3374a06f9b3d2d068d2f82a32e0eba00299d11aef8e131c065cca21440f1d622
                                                                        • Instruction ID: 1d107a11a906ec6b97ad05ef89e0782f1ba8d3b6ff8f86867a68f26e47426dd2
                                                                        • Opcode Fuzzy Hash: 3374a06f9b3d2d068d2f82a32e0eba00299d11aef8e131c065cca21440f1d622
                                                                        • Instruction Fuzzy Hash: 8DB012B7804201ABC504E650E58680BB7DCEAE0200F81C879F04886070D338E504874B
                                                                        Function 09545CC8 Relevance: 1.5, Strings: 1, Instructions: 211COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: rAl
                                                                        • API String ID: 0-89273883
                                                                        • Opcode ID: feaf26e7e271313dcdc9b69dfc745355637cb54c5fa7e6a075c831180765fa26
                                                                        • Instruction ID: 310f85c5ae92c5feefa13f7b559d867e1e15b3322e9997b4185d688b3607a8f2
                                                                        • Opcode Fuzzy Hash: feaf26e7e271313dcdc9b69dfc745355637cb54c5fa7e6a075c831180765fa26
                                                                        • Instruction Fuzzy Hash: 2061666548E7D12FE7039B389C762863F70AE13618B0E41EBD4C0CF0A3E658584EC76A
                                                                        Function 076F11D8 Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Deq
                                                                        • API String ID: 0-948982800
                                                                        • Opcode ID: ebb24f1d154a73367f4e4f89de75648f694dcb3071d623bd9182d00ce6049606
                                                                        • Instruction ID: ffb7f59db72189159728c274fce6f763f7bc4804a507db879f4145ae76c237c9
                                                                        • Opcode Fuzzy Hash: ebb24f1d154a73367f4e4f89de75648f694dcb3071d623bd9182d00ce6049606
                                                                        • Instruction Fuzzy Hash: E871F1B0600204DFC729EF29D544A5EBBF2FF89360F218569D4069B3A1DB35EC45CB91
                                                                        Function 076F8ACF Relevance: 1.4, Strings: 1, Instructions: 182COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Te^q
                                                                        • API String ID: 0-671973202
                                                                        • Opcode ID: ee69d0bdc805f389895e0324ca2e4e69aa118af01959abf1b305602ae9eb23f9
                                                                        • Instruction ID: a8da2ac01893a3ea8f24ac3934dd11f8da35be845687c94becf6895ab427110d
                                                                        • Opcode Fuzzy Hash: ee69d0bdc805f389895e0324ca2e4e69aa118af01959abf1b305602ae9eb23f9
                                                                        • Instruction Fuzzy Hash: 5D51C6F161A753CFDB026B3C98683A93BB1EB46310F1508E7C243DB296D678498AC756
                                                                        Function 07732237 Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738043753.0000000007730000.00000040.00000800.00020000.00000000.sdmp, Offset: 07730000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7730000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: TJcq
                                                                        • API String ID: 0-1911830065
                                                                        • Opcode ID: 74d758ad797160889f6cd46ddc389723e795d0bdbebd3f12b1705f62e4c12104
                                                                        • Instruction ID: ac48186a606f189bbb969231aee1d0286259fa311cfc9f8f38b363cdc59c6dfe
                                                                        • Opcode Fuzzy Hash: 74d758ad797160889f6cd46ddc389723e795d0bdbebd3f12b1705f62e4c12104
                                                                        • Instruction Fuzzy Hash: CC51D3B53081009FD716AB68D418B6E7BE2EFCD360F1540B9D50ACB386CE799C468BD2
                                                                        Function 076F8B48 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Te^q
                                                                        • API String ID: 0-671973202
                                                                        • Opcode ID: 64beccd0f55dbdd95330c19a77791831268b3225bc8f86daa3b797c431f79af6
                                                                        • Instruction ID: 38a04f9d83652fbb4fa0e8d55208b2170b88981762cfaf23f4ba4725d58d166f
                                                                        • Opcode Fuzzy Hash: 64beccd0f55dbdd95330c19a77791831268b3225bc8f86daa3b797c431f79af6
                                                                        • Instruction Fuzzy Hash: 2141D5B0715607DFDB14AF78E85D3AD76A2EB49311F1408E6D207EB394CB784982CB46
                                                                        Function 083A2858 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: DjBl
                                                                        • API String ID: 0-4130954868
                                                                        • Opcode ID: 30ba8de538f1137504f4a218531305d4c4abeba55c56dcbf94df78d52e8b0f0f
                                                                        • Instruction ID: f4d543a33ac2dd8973f1bab28d6fc33d8bde95443a10fc8611ade90008faa132
                                                                        • Opcode Fuzzy Hash: 30ba8de538f1137504f4a218531305d4c4abeba55c56dcbf94df78d52e8b0f0f
                                                                        • Instruction Fuzzy Hash: 19416C31D14A0ACECB01EBB8C4445BEB7B8EFC5341F01866ED88AB7611FB3495958B95
                                                                        Function 09547D38 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (bq
                                                                        • API String ID: 0-149360118
                                                                        • Opcode ID: e9515b5fcbc4a3946204ea9def6c4a04edafb5ce5968eacbabdef1c9d0a67fc9
                                                                        • Instruction ID: 41ae8ebe6e094e3b479e330ec792521e49ded59107387f0a9761d315707de550
                                                                        • Opcode Fuzzy Hash: e9515b5fcbc4a3946204ea9def6c4a04edafb5ce5968eacbabdef1c9d0a67fc9
                                                                        • Instruction Fuzzy Hash: A6212C757093515FD35A9B3ACC5075A7FEAEF86260B1980AAE405CB352DB349C0587A0
                                                                        Function 0954C0B0 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 8bq
                                                                        • API String ID: 0-187764589
                                                                        • Opcode ID: 39a0951dc93631dbe574d3d9e1a39ce370a623b6240f770a5f6a34c1192e0b79
                                                                        • Instruction ID: 75eb62614a9a06f84d02be16ad9d51ab4b03fa2b499cf5cf89d8de4c2073b9ce
                                                                        • Opcode Fuzzy Hash: 39a0951dc93631dbe574d3d9e1a39ce370a623b6240f770a5f6a34c1192e0b79
                                                                        • Instruction Fuzzy Hash: 2A217971B042198BDB05DFA9D944AEEBBB2FBC8314F0441A9D489B7380DB389C45CBE0
                                                                        Function 0954AFF1 Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (bq
                                                                        • API String ID: 0-149360118
                                                                        • Opcode ID: 149e25102f1b4558c826f8d1ca80833de07c2aaffdf3521abed2971cb5ecf769
                                                                        • Instruction ID: ff34c99b2b89ebfae883c4ee0f80fd6f6c06d4c24de8b0d46e37d83a243a0d42
                                                                        • Opcode Fuzzy Hash: 149e25102f1b4558c826f8d1ca80833de07c2aaffdf3521abed2971cb5ecf769
                                                                        • Instruction Fuzzy Hash: FA118C30A052029FC759DB6AD8482AEBBF6FF88310F14857AD42AD3350EB30ED458BD1
                                                                        Function 0290DEA8 Relevance: 1.3, APIs: 1, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2734337716.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_2900000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID: CloseHandle
                                                                        • String ID:
                                                                        • API String ID: 2962429428-0
                                                                        • Opcode ID: df40e9d619ff98a77bd8d83ee19f510d3e79b9518fb1425be6c2878d4684bb31
                                                                        • Instruction ID: 179b00213e7ed8e56da87e840cf9bf14e51fc5c6db9d17175efef5afcc68f194
                                                                        • Opcode Fuzzy Hash: df40e9d619ff98a77bd8d83ee19f510d3e79b9518fb1425be6c2878d4684bb31
                                                                        • Instruction Fuzzy Hash: A81125B19003488FCB20DFAAC4457EEFBF4EB88324F24842AD559A7254CB75A944CFA4
                                                                        Function 083A08E2 Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $^q
                                                                        • API String ID: 0-388095546
                                                                        • Opcode ID: b6a5a2c05dc179b1f2b20e8b092b7429457b0932d1ebe39bb85b188aa3838f13
                                                                        • Instruction ID: 9991e8e16f02fd9c2649417bee07e6e429f167da72917ae400e66b1b88cd9a9f
                                                                        • Opcode Fuzzy Hash: b6a5a2c05dc179b1f2b20e8b092b7429457b0932d1ebe39bb85b188aa3838f13
                                                                        • Instruction Fuzzy Hash: 0F0149347092456FDB1A566D58A067F2BBBABC6220B04006FC408DB296CD705C0A83B6
                                                                        Function 083A08F0 Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $^q
                                                                        • API String ID: 0-388095546
                                                                        • Opcode ID: 3febd2d7625b001b0906ed4b4459564da6ad479bbffd9382dac5cb2f9d05bab6
                                                                        • Instruction ID: 58eb8af30164b5510134aef38f80a2ded87b46e2205bb42724d182779d4964af
                                                                        • Opcode Fuzzy Hash: 3febd2d7625b001b0906ed4b4459564da6ad479bbffd9382dac5cb2f9d05bab6
                                                                        • Instruction Fuzzy Hash: 67F0F6357041156BEB1856AA686067F72EFEBC4621F00442EC40CD7384DD71AC0642A6
                                                                        Function 0954B490 Relevance: 1.3, Strings: 1, Instructions: 10COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: #aWi^
                                                                        • API String ID: 0-459245276
                                                                        • Opcode ID: 49182f613c61c1b64ab5a1ccaf92efe20e1583ec8643b0531775235b24296942
                                                                        • Instruction ID: d96b6949dd950047fd70f40cb3be38bcf4f50ee57e9e263d100f566de986f918
                                                                        • Opcode Fuzzy Hash: 49182f613c61c1b64ab5a1ccaf92efe20e1583ec8643b0531775235b24296942
                                                                        • Instruction Fuzzy Hash: 6BC04C7190421867CB14595A98059477EACDB867A0F054135B84857340D670A90485E5
                                                                        Function 09543E83 Relevance: .3, Instructions: 295COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1533e19d53d88fdd8bad975827bdf8e40634cbb11c349266348c8d0a383d6dd2
                                                                        • Instruction ID: 734fded02d156c1afa15872e2e973865d82df0a9e87520f330845cc02206e97d
                                                                        • Opcode Fuzzy Hash: 1533e19d53d88fdd8bad975827bdf8e40634cbb11c349266348c8d0a383d6dd2
                                                                        • Instruction Fuzzy Hash: 8DC1A974645108DFEB51EF29D5087AE77F2FB88359F518465E002EB3A8DB388C85CB92
                                                                        Function 076F7AE1 Relevance: .2, Instructions: 215COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e95f20cd6e12b5800b27af3af95dc8c757cb57d97c8d72b016b551db3c63b08d
                                                                        • Instruction ID: 93db9e56fa96d38fca73c45b24c79bc6fd44a55b46b7ca5a65acdca1e8dfcd57
                                                                        • Opcode Fuzzy Hash: e95f20cd6e12b5800b27af3af95dc8c757cb57d97c8d72b016b551db3c63b08d
                                                                        • Instruction Fuzzy Hash: 3B81ADB0A14109DFEB24DF64E4587EDBBF1FB0A311F908866E603A7384D7788981CB51
                                                                        Function 076F7AF0 Relevance: .2, Instructions: 210COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9f4388ad6eb5ef33d5776562b9149ed7da28ef0e6a1684625435671361677f05
                                                                        • Instruction ID: 3d2843a2dfad79b7033e19632262941c9aab37a3b10ba0a05a1b1f648406c4db
                                                                        • Opcode Fuzzy Hash: 9f4388ad6eb5ef33d5776562b9149ed7da28ef0e6a1684625435671361677f05
                                                                        • Instruction Fuzzy Hash: F1819CB0A14109DFEB24DF68E4587ADBBF1FB0A311F908866E603A7384D7788981CB51
                                                                        Function 076F7D45 Relevance: .2, Instructions: 192COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b9e9f92de8bb7ecb825027438e0a4300478864953f5d6ce381bab7fa6b8c79e8
                                                                        • Instruction ID: bec44657bd98d8fbbf316a3bd0f6e1d85e481c85fd396c2a284890801217224b
                                                                        • Opcode Fuzzy Hash: b9e9f92de8bb7ecb825027438e0a4300478864953f5d6ce381bab7fa6b8c79e8
                                                                        • Instruction Fuzzy Hash: A7718DB0A14109DFEB24DF64E4587ADBBF1FB0A311F908866E603E7284D7B88985CF51
                                                                        Function 076F7C74 Relevance: .2, Instructions: 192COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ce80b3831f4ecbf0eb2249c512b3d2206677949800688bca7b2b3bf53e14c755
                                                                        • Instruction ID: e894a5649f8bf4a018a19358fcd8c34f2673f156c8d2baa79ccc2b36430b6a53
                                                                        • Opcode Fuzzy Hash: ce80b3831f4ecbf0eb2249c512b3d2206677949800688bca7b2b3bf53e14c755
                                                                        • Instruction Fuzzy Hash: 15718CB0A14109DFEB24DF64E4587ADBBF1FB0A311F908866E603E7284D7B88985CF51
                                                                        Function 0954C830 Relevance: .2, Instructions: 189COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f6b094e7b0c7a263d7c7f6512bc226b482c6d4a0e33e4001dae05e49dc4b9106
                                                                        • Instruction ID: 3a2730c6e36a4389b77c4cb51bef09ec5f2e6ec3843000018d2913239abd3358
                                                                        • Opcode Fuzzy Hash: f6b094e7b0c7a263d7c7f6512bc226b482c6d4a0e33e4001dae05e49dc4b9106
                                                                        • Instruction Fuzzy Hash: 83719B71A06218CFDB40DF6AD444BE9BBF1FB89318F058565E482E7395C7349C85CB92
                                                                        Function 083A1870 Relevance: .2, Instructions: 183COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2e6ff0659511d70053d2d238cb3991678d51446d51a7fce184a6005e1e6e1031
                                                                        • Instruction ID: ada07934b2250b631fe379259fba6b0b49a21d968febccf7d526020352db0d2b
                                                                        • Opcode Fuzzy Hash: 2e6ff0659511d70053d2d238cb3991678d51446d51a7fce184a6005e1e6e1031
                                                                        • Instruction Fuzzy Hash: 6B810D306486469FDB08EB74FB688657B66FBC4340B108775C4460B79ECB39AC46CBD1
                                                                        Function 083A1880 Relevance: .2, Instructions: 177COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: afd575089d9d9bd291825b3e17d460b66b0a3062657d6ab47c2eef73bd35a584
                                                                        • Instruction ID: 25cc887fd9e68ca483a087a28a385afa4ac3d6bc17759f3d25c5672308628541
                                                                        • Opcode Fuzzy Hash: afd575089d9d9bd291825b3e17d460b66b0a3062657d6ab47c2eef73bd35a584
                                                                        • Instruction Fuzzy Hash: 3181EB306486469FDB08EB74FB688657B66FBC4344B108775C5060B79ECB39AC86CBD1
                                                                        Function 09545960 Relevance: .2, Instructions: 156COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 161f0f749b00c89b7789ad64a722c8096f581ce3696ff7f02c7554127bc6d2c4
                                                                        • Instruction ID: 010a8ac9d1bed8546b37dedec57e4ac507e2422663787536dffa51ea705a00e3
                                                                        • Opcode Fuzzy Hash: 161f0f749b00c89b7789ad64a722c8096f581ce3696ff7f02c7554127bc6d2c4
                                                                        • Instruction Fuzzy Hash: AB512531608742CBD720DF20D444BAAFBA1FFD5304F424A99E4D89B1A4DB31E9A9C783
                                                                        Function 076F9945 Relevance: .2, Instructions: 154COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c88b572a9f43ca20638bb53be48f5abe0b00c6f1416c6430d615124a7b2b778f
                                                                        • Instruction ID: 2209e4b382672db4300a6d5d8312ccd203cea13527d76d79afecca6d655222c0
                                                                        • Opcode Fuzzy Hash: c88b572a9f43ca20638bb53be48f5abe0b00c6f1416c6430d615124a7b2b778f
                                                                        • Instruction Fuzzy Hash: A8419C9664EBC26FE30357286C723C57F71AF5362AF4E41C7D5808B5D3E708680A83A2
                                                                        Function 09548BBD Relevance: .1, Instructions: 145COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4f97f3427526175cb250f9ee51b9de0794d6264fc4e23098f3aff844265ef596
                                                                        • Instruction ID: 2cf30d721d27ec3b176a2d4b861b263ba1b570a9c44edfcbec07ba2a683f274e
                                                                        • Opcode Fuzzy Hash: 4f97f3427526175cb250f9ee51b9de0794d6264fc4e23098f3aff844265ef596
                                                                        • Instruction Fuzzy Hash: 5C519D7224E7D19FD3039B38ADA16857F70EF63604F0A42DBD081CF1A3D6686949C7A6
                                                                        Function 09546D50 Relevance: .1, Instructions: 140COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1a73070ff1a0180bbd615b9d516298315bf80ea2a81e4b13715fb14933e2aa66
                                                                        • Instruction ID: 0dc99284c87061ad840fd3d122d9835dfe953c9a9ff053f90301e3cf3cf57cdd
                                                                        • Opcode Fuzzy Hash: 1a73070ff1a0180bbd615b9d516298315bf80ea2a81e4b13715fb14933e2aa66
                                                                        • Instruction Fuzzy Hash: 0C41D2B47086418B8749BF35E49863EBEE6FFC9704B044968E84AC7384DF38DC558B96
                                                                        Function 09546D40 Relevance: .1, Instructions: 132COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 762999ad86b44ca6a12d492d74d7b74945211e38effc668b26806256ce5f0683
                                                                        • Instruction ID: 34f4961d0f090fac459b109ecf56ecfa8a4ac30b95432d509cceab5bfcd389d5
                                                                        • Opcode Fuzzy Hash: 762999ad86b44ca6a12d492d74d7b74945211e38effc668b26806256ce5f0683
                                                                        • Instruction Fuzzy Hash: 7C41B4B47082418F8749AB25E49863E7FE6EFC9604B048568E849C7384DF34CC458796
                                                                        Function 095446C0 Relevance: .1, Instructions: 123COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5889e452fb20eb3544d7e68da19ae13c0094498bc4b662d75929b731dee56b0c
                                                                        • Instruction ID: 424485b0c9951e853822b4620368595188b7e4753f93ccabfb6909849ddf68f2
                                                                        • Opcode Fuzzy Hash: 5889e452fb20eb3544d7e68da19ae13c0094498bc4b662d75929b731dee56b0c
                                                                        • Instruction Fuzzy Hash: 9B412730A40148DFCB55EF69D4447AE77F2FB8A358F14456AD002EB394CBB59C868BA2
                                                                        Function 076F77F8 Relevance: .1, Instructions: 117COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 87638c4b9276e37064722af595bb2d18fd420a251d3d298b516d6a48aacb857f
                                                                        • Instruction ID: 5d6e29815c90de71197640e91d4da4681c9e9f6c11334a7079cbf9eb5d27acf0
                                                                        • Opcode Fuzzy Hash: 87638c4b9276e37064722af595bb2d18fd420a251d3d298b516d6a48aacb857f
                                                                        • Instruction Fuzzy Hash: F031F4B07042056FD316A738E41876E36D2EB89324FD0887DE227CB781DAB89D46C792
                                                                        Function 095446D0 Relevance: .1, Instructions: 116COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1799c4c7ed10f0bdf11ce72fe29efce4bbbcfbd27e7c8382d8414afef6be93b2
                                                                        • Instruction ID: cdb2d53b0cb8a4306572537f22993ce4bf15e37f80c5475172f1d6a6fc428dca
                                                                        • Opcode Fuzzy Hash: 1799c4c7ed10f0bdf11ce72fe29efce4bbbcfbd27e7c8382d8414afef6be93b2
                                                                        • Instruction Fuzzy Hash: B0412730B40148DFCB51EF69D4443AD77F2FB8A358F14456AD002EB394CBB59C868BA2
                                                                        Function 09545648 Relevance: .1, Instructions: 115COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c80c487a07c8d3b0adf0bc51e9b875ff5bc91474381c04d7858fae6fb1e0fed4
                                                                        • Instruction ID: 048ce6ec0ef42d6075ba291852abe938419460c7d50e63e44b33bd7b6f5d2343
                                                                        • Opcode Fuzzy Hash: c80c487a07c8d3b0adf0bc51e9b875ff5bc91474381c04d7858fae6fb1e0fed4
                                                                        • Instruction Fuzzy Hash: 0F413F71204204AFC70AAB75D88479FB7A6FF85304F948A78E40A4F258EB75E8498B90
                                                                        Function 095498F8 Relevance: .1, Instructions: 112COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2fa4abf12674b18d0cb3dc93e5547e8d7285b402ad9a2ed315c0f8c620d44dd6
                                                                        • Instruction ID: 8c0a39d1f54c8f637bfde5f43058c89780ace0fc27bfe57bc6f0712bb78a650f
                                                                        • Opcode Fuzzy Hash: 2fa4abf12674b18d0cb3dc93e5547e8d7285b402ad9a2ed315c0f8c620d44dd6
                                                                        • Instruction Fuzzy Hash: B93106367082045FD716EA79A851AAF779AEFE0358B50843ED606CB348DF71EC4887D1
                                                                        Function 0954BE08 Relevance: .1, Instructions: 105COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ab3124715f41a5f3b463273df2e6ecb1b0022744798f75332f8b7070b9b07b8a
                                                                        • Instruction ID: 4d34b695f969b327b5dd7b99746439034c992fdac2738f171e7efde565627ef3
                                                                        • Opcode Fuzzy Hash: ab3124715f41a5f3b463273df2e6ecb1b0022744798f75332f8b7070b9b07b8a
                                                                        • Instruction Fuzzy Hash: 1B319170B001098FDB459B79D1542AE7AA6EFC4308F1048B8D949EB384EF35CD468BD1
                                                                        Function 0954AECA Relevance: .1, Instructions: 98COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ab44b0bf3565f8aff570f5c261bbfa583ef442d78a21fe757023c4d5d5c56660
                                                                        • Instruction ID: f2f7333c7711c53bfd2387901d6cd8b72dbe02af9945a690f5c1f05d2bb46d1c
                                                                        • Opcode Fuzzy Hash: ab44b0bf3565f8aff570f5c261bbfa583ef442d78a21fe757023c4d5d5c56660
                                                                        • Instruction Fuzzy Hash: DA3110397411018FC755DF29E498ABABBE6EBC8311B15C86AF54AC7391CA30EC15CB60
                                                                        Function 0954581C Relevance: .1, Instructions: 94COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a5c8178dfbf4f546621152a18b3cae3e27f097ddde2c2341f26c1f59a6d70912
                                                                        • Instruction ID: f6b063437a8fe16f12ff96de54a1ab48626a4f4c7715c3e6c46c77a62207d998
                                                                        • Opcode Fuzzy Hash: a5c8178dfbf4f546621152a18b3cae3e27f097ddde2c2341f26c1f59a6d70912
                                                                        • Instruction Fuzzy Hash: BC413DB0D002589FCF54CFAAD585AEEBFF5BF48354F248429E809A7250DB349946CF91
                                                                        Function 076F8130 Relevance: .1, Instructions: 86COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d316cc00a11335c14012b3a69bdc5e955598d13a62739f3b5e7fba124d057ec9
                                                                        • Instruction ID: 01beb399adc95db6dd7ce523a99e1423d67ca7f940217c5e7986ab932134a11b
                                                                        • Opcode Fuzzy Hash: d316cc00a11335c14012b3a69bdc5e955598d13a62739f3b5e7fba124d057ec9
                                                                        • Instruction Fuzzy Hash: 15318EB1A00A06CFDB05DF65D948BEDBBB1AF49310F1485A9D602A73A1CB759941CB90
                                                                        Function 076F7581 Relevance: .1, Instructions: 83COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 78d759f53ab6efc0dc443a7d876cb693982a56be00b9e89e07bb20e6b1025bb4
                                                                        • Instruction ID: 4714cee1a56ff1bd21da74915011b50bd83e01f93185ede7c97ebc421e033221
                                                                        • Opcode Fuzzy Hash: 78d759f53ab6efc0dc443a7d876cb693982a56be00b9e89e07bb20e6b1025bb4
                                                                        • Instruction Fuzzy Hash: FF21A4B03446045FC716AB3C985876E77A6EF89310F904879E217CB744CF78DD458BA2
                                                                        Function 027CEBAC Relevance: .1, Instructions: 83COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2733835508.00000000027CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 027CD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_27cd000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e0b52344123f9446b54ffa3980e1511971f49260a38b945a41254eb6720e771c
                                                                        • Instruction ID: 79b4bf706a7251024a2c5cd273bd8660b959c26fcfee2efcb74065135bd96646
                                                                        • Opcode Fuzzy Hash: e0b52344123f9446b54ffa3980e1511971f49260a38b945a41254eb6720e771c
                                                                        • Instruction Fuzzy Hash: 1231E4B2101240EFDF169F64CAC4F26BF66FB88314F3485ADED0A4A21AC336D455DB61
                                                                        Function 09545828 Relevance: .1, Instructions: 83COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bd2872616cad28cff7c5e47017c478fdd10467fdbe44078975de2ee82fa935e5
                                                                        • Instruction ID: 1d1f556d3a4b94f21ef7ccdfc2ab75ecc3430d39b60863a86dac861f5104c997
                                                                        • Opcode Fuzzy Hash: bd2872616cad28cff7c5e47017c478fdd10467fdbe44078975de2ee82fa935e5
                                                                        • Instruction Fuzzy Hash: 593135B0D002589FCF54CFAAC580ADEBFF5BF48314F248429E948AB250DB349946CFA0
                                                                        Function 095442BA Relevance: .1, Instructions: 83COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 858701b5f85c779d543299a7f2078a7492e56d809618f126ca9481b9b6799333
                                                                        • Instruction ID: f459ee91e945f1aad7c5a4e20b0251e6c39ce906e19f72b2efcd3581ac80fad9
                                                                        • Opcode Fuzzy Hash: 858701b5f85c779d543299a7f2078a7492e56d809618f126ca9481b9b6799333
                                                                        • Instruction Fuzzy Hash: 8531AB747881189FD751FF68E01876E77A2FB88328F5185B5D106D73A8CB348C818BA2
                                                                        Function 027CEAB0 Relevance: .1, Instructions: 80COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2733835508.00000000027CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 027CD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_27cd000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b45b9210e9595725e470a9e2b231b970fe4d85dab68855c43994608167c5829b
                                                                        • Instruction ID: 4c3b09f564d655dddf61efa2775c48891c512076c5bfc9c25c7e92940805b736
                                                                        • Opcode Fuzzy Hash: b45b9210e9595725e470a9e2b231b970fe4d85dab68855c43994608167c5829b
                                                                        • Instruction Fuzzy Hash: 3721B5B2504200EFDF059F64D9C4F26BFA6FB88314F34C6ADE90A5A256C336D456CB61
                                                                        Function 027CD69C Relevance: .1, Instructions: 78COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2733835508.00000000027CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 027CD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_27cd000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4bbf9a2da025c538829300a67ccffae253ad271b7b0014b3aeb03ccc90aeacf5
                                                                        • Instruction ID: a531630de466af73175cf56f1de5a49babd2d1f7865641a7e546c4ecd24c6578
                                                                        • Opcode Fuzzy Hash: 4bbf9a2da025c538829300a67ccffae253ad271b7b0014b3aeb03ccc90aeacf5
                                                                        • Instruction Fuzzy Hash: 932105B5500240DFCB159F24CAC4B26BFA5FB88314F3081BDE9091A255C336D816CBA1
                                                                        Function 027BD164 Relevance: .1, Instructions: 77COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2733769634.00000000027BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 027BD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_27bd000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d5b703bf66a2553ab0d0029e4af752d7b2e9d97a7b1b18d7addbedb10c37a5fb
                                                                        • Instruction ID: 99a180577df4cb8be2187495974e2cbd91115bf13e52491b604e97fe3e7694f1
                                                                        • Opcode Fuzzy Hash: d5b703bf66a2553ab0d0029e4af752d7b2e9d97a7b1b18d7addbedb10c37a5fb
                                                                        • Instruction Fuzzy Hash: 7C2124B2900244DFCB16DF54D9C0BA7BFA6FF88314F24C269E9091A215C33AD416CBA1
                                                                        Function 027BD7C4 Relevance: .1, Instructions: 75COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2733769634.00000000027BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 027BD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_27bd000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 261dc2b14e36d47864fd7c2586cca842e1488e932d0d51c76a2953806bf993c1
                                                                        • Instruction ID: 7569fd2a579d6b819fcb835d5855a708533a565e2dbacbc9c800671396b8462d
                                                                        • Opcode Fuzzy Hash: 261dc2b14e36d47864fd7c2586cca842e1488e932d0d51c76a2953806bf993c1
                                                                        • Instruction Fuzzy Hash: 3F2142B1500200DFDF26DF14D9C1BA6BFA5FF88B24F20C179E8094B216C336D446CAA1
                                                                        Function 07730007 Relevance: .1, Instructions: 73COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738043753.0000000007730000.00000040.00000800.00020000.00000000.sdmp, Offset: 07730000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7730000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 58c92eb199309e1d01f7326fd58f72bcaebfcaa8732ce448092eaa4c4112004f
                                                                        • Instruction ID: 0a6e191ca4bc3d0b487dfe078f5184e7f2d11369c919f3081e2bbe5f7623b190
                                                                        • Opcode Fuzzy Hash: 58c92eb199309e1d01f7326fd58f72bcaebfcaa8732ce448092eaa4c4112004f
                                                                        • Instruction Fuzzy Hash: BD21E0B09092889FE712DB74E4547DE7FB6EF46310F0441AAE085DB392DA790984CFA1
                                                                        Function 076FD188 Relevance: .1, Instructions: 73COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0c2f3b02d95e96a3a6a7f2022bbebb0fcdf8e007c903c6c0a27a4f25520e5677
                                                                        • Instruction ID: 9677895f40493513779f10d3520ccc64319d83bfd4e967e717fa973396227898
                                                                        • Opcode Fuzzy Hash: 0c2f3b02d95e96a3a6a7f2022bbebb0fcdf8e007c903c6c0a27a4f25520e5677
                                                                        • Instruction Fuzzy Hash: B92180783041049BD716BB38E46876E77A6EB89354F90843AD607C7388CB78AC49CB93
                                                                        Function 083A2617 Relevance: .1, Instructions: 72COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6ca5eca5f347cf76325a3813f1adde0299170b870301231730970e38cac58d8e
                                                                        • Instruction ID: 2796dcb232d80fca83e060d6a10b61e5d99409853e6de64a0f6d63127c3d461f
                                                                        • Opcode Fuzzy Hash: 6ca5eca5f347cf76325a3813f1adde0299170b870301231730970e38cac58d8e
                                                                        • Instruction Fuzzy Hash: 9311B131B051049FCB05DBB998406AFBBFAEBCD255B14047AD509D7364EF788D0687A1
                                                                        Function 027CD01C Relevance: .1, Instructions: 72COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2733835508.00000000027CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 027CD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_27cd000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 118923463b8c9b302c3c72ccd6a50ba1489dd2fe432f85d8bb82882a8592f441
                                                                        • Instruction ID: f4d24597b7b8b52510846629035cbf8697838fbb2bd1ec27eaf8b826233305fa
                                                                        • Opcode Fuzzy Hash: 118923463b8c9b302c3c72ccd6a50ba1489dd2fe432f85d8bb82882a8592f441
                                                                        • Instruction Fuzzy Hash: E621F271604204DFDB24DF28D9C4B26BFA5EB88324F30C57DD84A4B256C33AD887CA61
                                                                        Function 083A1C84 Relevance: .1, Instructions: 70COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f1aa22fe02cb532d7d132727777036032a42378f520358fd3ef2ec8294219f6a
                                                                        • Instruction ID: 1029e64edb9c5324441cdfb286e6eae48a52f306cde33d680f0800169286f9fe
                                                                        • Opcode Fuzzy Hash: f1aa22fe02cb532d7d132727777036032a42378f520358fd3ef2ec8294219f6a
                                                                        • Instruction Fuzzy Hash: 093112B0D00248DFDB14DFA9C584BDDBBF5EF88314F248029E405AB264D7B56885CBA1
                                                                        Function 0954DE70 Relevance: .1, Instructions: 70COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 12ddce48f3f2517ab8bb6669b8ab7cbd79a4c615d55ba5af05fd690c6667c21f
                                                                        • Instruction ID: ccc7c10392c361ed956445c684075de6d356438e41420118164c05cb78385d3a
                                                                        • Opcode Fuzzy Hash: 12ddce48f3f2517ab8bb6669b8ab7cbd79a4c615d55ba5af05fd690c6667c21f
                                                                        • Instruction Fuzzy Hash: 3B210F30B052419BC36A9A69909877EBBB3BFC5704F09846DE40ACB3C8DB34AC46C791
                                                                        Function 083A0688 Relevance: .1, Instructions: 69COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 274b99cf15c75bd1b5606a04f1fb019c67f0caecb7f1c2056697cb04f5180391
                                                                        • Instruction ID: 10f1cd88b65a69d1f2e47d8d35e55a31cfc5118c98eb2ff9a9ba31f2e0774270
                                                                        • Opcode Fuzzy Hash: 274b99cf15c75bd1b5606a04f1fb019c67f0caecb7f1c2056697cb04f5180391
                                                                        • Instruction Fuzzy Hash: DF21CD346002439BCF853B79E51C16D3AA9EFC930A751947CA497EBAA3DE3E4C018B80
                                                                        Function 0954A238 Relevance: .1, Instructions: 69COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 529d6c728e6a37595d7a86b67ba59e163fb948f998ddd3f9ab4a57d36eb5d424
                                                                        • Instruction ID: c799c80d059dd26158ae41e51eaea030c14d22ca66e44a1cf5fc4d1f27764fbc
                                                                        • Opcode Fuzzy Hash: 529d6c728e6a37595d7a86b67ba59e163fb948f998ddd3f9ab4a57d36eb5d424
                                                                        • Instruction Fuzzy Hash: E6012673B4C3541FD7969BBEA81139F7BD8EBC1264F0540BBE009C7281F916C90683A1
                                                                        Function 0954AE08 Relevance: .1, Instructions: 68COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c3a39c04776a5bbf00644c35b9c09492ea4c9be63ef0c334e6e4d8f18268e940
                                                                        • Instruction ID: 4219244d3b671abf4201d3c264bfbd4f538e352946e0bc4304040a70dda1e205
                                                                        • Opcode Fuzzy Hash: c3a39c04776a5bbf00644c35b9c09492ea4c9be63ef0c334e6e4d8f18268e940
                                                                        • Instruction Fuzzy Hash: C8110431784206ABD7658A75AC40FEFBBAAEFC4754F10443AF209C7280DA72A8528794
                                                                        Function 083A1C90 Relevance: .1, Instructions: 66COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cd42a1d7009dcd72ecce7f4d8fc232604ace2ea70bf13019ff457ef4702fcfb7
                                                                        • Instruction ID: f5dacf84285e85b2552b900b1ed03bf75a407a44f5ee152ac607d5d496589b22
                                                                        • Opcode Fuzzy Hash: cd42a1d7009dcd72ecce7f4d8fc232604ace2ea70bf13019ff457ef4702fcfb7
                                                                        • Instruction Fuzzy Hash: E131C0B0D00648DFDB14DFAAC984BDDBBF5EF88314F148029E409AB264D7B56885CF65
                                                                        Function 027CEBA7 Relevance: .1, Instructions: 64COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2733835508.00000000027CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 027CD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_27cd000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c16f2277f343aab581b667105a6ada25c53053ac8eda5f81304ddbe42e949ca6
                                                                        • Instruction ID: 60ff0311bd26779f0934a9b840ddaa20a26bc60a6d3bfe05d2a42757315a21aa
                                                                        • Opcode Fuzzy Hash: c16f2277f343aab581b667105a6ada25c53053ac8eda5f81304ddbe42e949ca6
                                                                        • Instruction Fuzzy Hash: 23218076405240EFCF16CF50DAC4B56BF72FB88314F24869DED094A22AC336D466DB51
                                                                        Function 0954DE80 Relevance: .1, Instructions: 64COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 49d84ddbf539b4807d734df91577507cc37d8c2d57838a7a5f450d04be6ce931
                                                                        • Instruction ID: 48296dbf3257625974140606e83b7965e07470f0fc59e1c39a697b0d79ec84bb
                                                                        • Opcode Fuzzy Hash: 49d84ddbf539b4807d734df91577507cc37d8c2d57838a7a5f450d04be6ce931
                                                                        • Instruction Fuzzy Hash: AC11AF30B451019BC76A9A69949877E76F3BBC4704F08882CE40ACB788DF34AC52D741
                                                                        Function 076F31A2 Relevance: .1, Instructions: 63COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cebea322179f9c17f3aadfd04fd0f74e03920c4af964616e4a97befd2f482e3d
                                                                        • Instruction ID: 91450ca7bbd3478d8b10bf24d8dfe21aad7b535d8004cd10ba8b0eb56f63887a
                                                                        • Opcode Fuzzy Hash: cebea322179f9c17f3aadfd04fd0f74e03920c4af964616e4a97befd2f482e3d
                                                                        • Instruction Fuzzy Hash: D6016D6F458EC55AC30366F5BB391C4FF24B90767030882ABC09585B039729A35D8FF9
                                                                        Function 083A0698 Relevance: .1, Instructions: 63COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4cb94c0e5bcf4a5df474a17772c84efd0c6b2696d32ab597a833453b836ea058
                                                                        • Instruction ID: b11127b3bb07d5935f194d023704e292390ee329f55da5071c73dc2cf12bbb20
                                                                        • Opcode Fuzzy Hash: 4cb94c0e5bcf4a5df474a17772c84efd0c6b2696d32ab597a833453b836ea058
                                                                        • Instruction Fuzzy Hash: 68117D356002439BCF887B7AE51D16D36A9FFC930A751943CA457E7A93DE3E4C118B80
                                                                        Function 027CD007 Relevance: .1, Instructions: 61COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2733835508.00000000027CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 027CD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_27cd000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c344c1b1254ecd8520798ba058f54ff34413e61d98f5f26086adc9b90b748fdc
                                                                        • Instruction ID: 95bb7c11f6fa96f562ae09411e0dd7ef0ae7b1481cdda9ebc37fa9976e64a738
                                                                        • Opcode Fuzzy Hash: c344c1b1254ecd8520798ba058f54ff34413e61d98f5f26086adc9b90b748fdc
                                                                        • Instruction Fuzzy Hash: 1A2180755093808FCB12CF24D594715BF71EB46314F28C5EED8498F667C33A984ACB62
                                                                        Function 027CEAAB Relevance: .1, Instructions: 61COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2733835508.00000000027CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 027CD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_27cd000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b936b20b4237a51049862206f7b1d1a836ffc73877fa97d9f684315cbaedab49
                                                                        • Instruction ID: a24197820e85671b92a8a6353e3067ff7794542a637af3c3c9474a5191306079
                                                                        • Opcode Fuzzy Hash: b936b20b4237a51049862206f7b1d1a836ffc73877fa97d9f684315cbaedab49
                                                                        • Instruction Fuzzy Hash: E3217976404240DFCF068F64D9C4B66BFB2FB88314F24C6ADE9090A656C336D426DBA1
                                                                        Function 083A0820 Relevance: .1, Instructions: 59COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 57dddc66177ac1e4e024d42e99ccb25463350fa231240bd511eebb33fe014035
                                                                        • Instruction ID: 39e2dfa35ca7006cfcdddc0c58d3c02395c36d184fa228ae5b7ae6290813c0a1
                                                                        • Opcode Fuzzy Hash: 57dddc66177ac1e4e024d42e99ccb25463350fa231240bd511eebb33fe014035
                                                                        • Instruction Fuzzy Hash: 60118231B10112ABCB29EB79D66053E37EAEBD4AA47084529C849E7344FE39CC03D7C6
                                                                        Function 027CD697 Relevance: .1, Instructions: 59COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2733835508.00000000027CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 027CD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_27cd000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 38b7dd6567d3f5b0b38bf057aaa9547c2a3c85e14e5aba4f725f48c7cb0f69e6
                                                                        • Instruction ID: 7b4f2bef29ea9d6412c945ae5d0ab21495aef63e046fa00de274f73838cbe1c4
                                                                        • Opcode Fuzzy Hash: 38b7dd6567d3f5b0b38bf057aaa9547c2a3c85e14e5aba4f725f48c7cb0f69e6
                                                                        • Instruction Fuzzy Hash: C321AC76404240DFCF16CF10DAC4B16BFB2FB88314F2486ADED080A256C33AD826CB92
                                                                        Function 027BD15F Relevance: .1, Instructions: 58COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2733769634.00000000027BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 027BD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_27bd000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a6e8d65f6564f4097cfa20e9f1b7b2b0c57c6ccab6ded9dd0ba43e7137a9f4f6
                                                                        • Instruction ID: d70b1ead3433f23ddd048a79f1ac67b251ec218ff8ce9f1ce4cf3407be1770b6
                                                                        • Opcode Fuzzy Hash: a6e8d65f6564f4097cfa20e9f1b7b2b0c57c6ccab6ded9dd0ba43e7137a9f4f6
                                                                        • Instruction Fuzzy Hash: C6218C76904280DFCB16CF50D9C4B96BF62FB88314F24C6A9DD480A256C33AD426CB91
                                                                        Function 0954DDD0 Relevance: .1, Instructions: 57COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 10ae9496d93d280b9ccc67291b6e1ae6417281d6d6f8bc69b23e3082077d9812
                                                                        • Instruction ID: 1b20855dec9c4e438f9cc2d01d4cde706fb236f7d1bdf93b0992e9f64ef54636
                                                                        • Opcode Fuzzy Hash: 10ae9496d93d280b9ccc67291b6e1ae6417281d6d6f8bc69b23e3082077d9812
                                                                        • Instruction Fuzzy Hash: 4411C234B052008FC3114B39E4949AAB7FAFBC9715B05846AE45AC73D1CB70EC12CB80
                                                                        Function 076F3188 Relevance: .1, Instructions: 56COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 74637f3d363864278a006cd7a154231057afb114c8f8aca790a33b7e32c3013c
                                                                        • Instruction ID: be23aee5e170debdac5289a8ead3b44a5fe3bbf3965a64470ba2191b66abbcd4
                                                                        • Opcode Fuzzy Hash: 74637f3d363864278a006cd7a154231057afb114c8f8aca790a33b7e32c3013c
                                                                        • Instruction Fuzzy Hash: 28014B7B058E859BC3021AB0B73A0D0FB34BA07620318429BD05589A13D32963998FA6
                                                                        Function 0954A7D0 Relevance: .1, Instructions: 56COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f614b99f529d30dc01d362c9bd0b598800af0ac8d1c631c077bb2969afa29aef
                                                                        • Instruction ID: 43606097d45c94c0a6cb93dc697127380f0611cb08bf010f9640ec50c4fd6e1e
                                                                        • Opcode Fuzzy Hash: f614b99f529d30dc01d362c9bd0b598800af0ac8d1c631c077bb2969afa29aef
                                                                        • Instruction Fuzzy Hash: 2021D3B5D00249DFCB50DFAAC484ADEFBF4FB49324F10842AE869A7250D375A544CFA5
                                                                        Function 027BD7BF Relevance: .1, Instructions: 56COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2733769634.00000000027BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 027BD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_27bd000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: db79b5eb69be54bde6d22b58705b80061de706f1e28455fb2d9027648eeca995
                                                                        • Instruction ID: a91871995bc97fe385343f89c53fc11bb1a0d7aa9ff7397af83f8d849c428a42
                                                                        • Opcode Fuzzy Hash: db79b5eb69be54bde6d22b58705b80061de706f1e28455fb2d9027648eeca995
                                                                        • Instruction Fuzzy Hash: 6D11AF76904280CFCF16CF10D9C4B56BF72FB84724F24C6A9D8494B656C33AD45ACBA1
                                                                        Function 076F8E01 Relevance: .1, Instructions: 54COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0bca84db881e9f92a362e60b311237ccc1f07e61c5386e1d12b7ba9dff7a18af
                                                                        • Instruction ID: 2c91a3799eab983ff54b1d0782eeb3d49728dd3f2bea53e6cb4830f3941b5b2d
                                                                        • Opcode Fuzzy Hash: 0bca84db881e9f92a362e60b311237ccc1f07e61c5386e1d12b7ba9dff7a18af
                                                                        • Instruction Fuzzy Hash: B001F7757082068FD3558E5D9D04B97BBB6EB8A750F1140ABE60ACB351CA3C8D028B51
                                                                        Function 0954B3A1 Relevance: .1, Instructions: 53COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 02fedac43afb58b9b89c5d0ec29a0c9f3f9dc3ed22cd6a760dc125731080c285
                                                                        • Instruction ID: ab1ad7808a4073a329fbbdb0c33550bffb58ffe13953996bc939ad6f08db0040
                                                                        • Opcode Fuzzy Hash: 02fedac43afb58b9b89c5d0ec29a0c9f3f9dc3ed22cd6a760dc125731080c285
                                                                        • Instruction Fuzzy Hash: 6D11263034D1619FD3564A3EA4093BCBBA2FB81318F450C77D50ACB686C6699C468B52
                                                                        Function 09543418 Relevance: .1, Instructions: 52COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0ea8e4e071b7674fe90ecfe188f006562e8607466b6ffb69837588163abbec3a
                                                                        • Instruction ID: 7cdd7bf17ae99f207e606fcf125249e1f130f6b4587066d4804047bda5b24e28
                                                                        • Opcode Fuzzy Hash: 0ea8e4e071b7674fe90ecfe188f006562e8607466b6ffb69837588163abbec3a
                                                                        • Instruction Fuzzy Hash: 11110630A042488FDF529FA9D51C3EC7B71FB48314F418536D026E3290E778494ACB93
                                                                        Function 076F8F20 Relevance: .1, Instructions: 51COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: df8e8af72fcd6bf14cfcb19b33b0677267d875a6fbfa65e5d5ca19394a660fd0
                                                                        • Instruction ID: 8633d682ac0cae75fe34f12e3509c86d52d6e19112571199dfba343ff5314017
                                                                        • Opcode Fuzzy Hash: df8e8af72fcd6bf14cfcb19b33b0677267d875a6fbfa65e5d5ca19394a660fd0
                                                                        • Instruction Fuzzy Hash: 1A012670322116DFD7211A759C053A676A7EFA57E0F6844F6E603C7348CA348C418792
                                                                        Function 0954B2B1 Relevance: .1, Instructions: 51COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d5b909c937747acf01b02397601660c25c423ddd8f0ff4ae878ce327c878317f
                                                                        • Instruction ID: 2b3d2c661daaa0fd3af2c90e6b92e2d18849f30d682f58f9d2dab612bf4b7a65
                                                                        • Opcode Fuzzy Hash: d5b909c937747acf01b02397601660c25c423ddd8f0ff4ae878ce327c878317f
                                                                        • Instruction Fuzzy Hash: F411C434A4C214CFCB929B66F4047AE3BA5F78531AF014C77E00BC7280C7BAC9858B86
                                                                        Function 0954A7D8 Relevance: .1, Instructions: 51COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3d7194e85a92621202358bdea0aa1e325b82a9de91eeae485fb2308524537544
                                                                        • Instruction ID: ea655d76467ae56a72aadc1bc7956f454ab4db2e2978752685e3ffedad669b7d
                                                                        • Opcode Fuzzy Hash: 3d7194e85a92621202358bdea0aa1e325b82a9de91eeae485fb2308524537544
                                                                        • Instruction Fuzzy Hash: D011F0B5D00248DFCB20DF9AC484ADEFBF4FB48324F10842AE868A7210C374A944CFA5
                                                                        Function 09548801 Relevance: .0, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7712dbd97de7467491558a96c18f998f56cca50fe150253fb24f3c47b46dc68e
                                                                        • Instruction ID: 22befe71fc9d8b3960d4f92f1c5aaa5c8c5a046be055e45f59e0832302473ef5
                                                                        • Opcode Fuzzy Hash: 7712dbd97de7467491558a96c18f998f56cca50fe150253fb24f3c47b46dc68e
                                                                        • Instruction Fuzzy Hash: 0101F2713082006F870AAA6E989096FBBEAFFC5610340447EE11EC7340DFB4AC098795
                                                                        Function 0954CC20 Relevance: .0, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e17d21d8309edc4b2aad308edd55ff278d16511a57cfa988ad5c34aae9137152
                                                                        • Instruction ID: d6537f546eb6d3107c4439a90e2331eddd01f61331f3e6368e705ee134106775
                                                                        • Opcode Fuzzy Hash: e17d21d8309edc4b2aad308edd55ff278d16511a57cfa988ad5c34aae9137152
                                                                        • Instruction Fuzzy Hash: EF01F932D0164B9BCB01DBA5D8000DDFB76DFCA310F154766E061B7190DB74268AC791
                                                                        Function 09547E40 Relevance: .0, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 94cc3f3dbc675abf564182181fe50fb6f47de370084b3afeb1833355a6ebec86
                                                                        • Instruction ID: 489d13595a49e30c21ae64d2209fc2bf2b2dfbb401590743cdd068a6966f5869
                                                                        • Opcode Fuzzy Hash: 94cc3f3dbc675abf564182181fe50fb6f47de370084b3afeb1833355a6ebec86
                                                                        • Instruction Fuzzy Hash: 4801C0353041008FD344DB28D448E6EB7EBEFC9224B15857AD50AC77A4CF31EC468BA0
                                                                        Function 076F8F30 Relevance: .0, Instructions: 48COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 86000ec4d0eb8641c908b840f09ae42efe0c3d4ed22a6ed5f7054e96229cebd0
                                                                        • Instruction ID: b82d7bc5e3774d8f42d5db9b4f1b94015e4173f38992bd262a8c1fdbb67a4061
                                                                        • Opcode Fuzzy Hash: 86000ec4d0eb8641c908b840f09ae42efe0c3d4ed22a6ed5f7054e96229cebd0
                                                                        • Instruction Fuzzy Hash: 1701A2703261479FD72516795C1932A7697EBAA2E0F6C84E6E207C7388DA3488428752
                                                                        Function 0954DD48 Relevance: .0, Instructions: 48COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6eac4ddf8179813958f6d1a01386d8c2d8f308aa45b5fbcff7fcd25a89407816
                                                                        • Instruction ID: 7c806130b49bd77c29bb0f3b799b010562a51a4bf8a4697ec9fe35afb9d027ae
                                                                        • Opcode Fuzzy Hash: 6eac4ddf8179813958f6d1a01386d8c2d8f308aa45b5fbcff7fcd25a89407816
                                                                        • Instruction Fuzzy Hash: CD01D434B012004BC7615F3A949867E7BEAEFDA615718802EF849C7381CE38DC068B91
                                                                        Function 09543428 Relevance: .0, Instructions: 48COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 397fcca802a0b89843a5587b5db20c7c0853a77a5b6bfe4c37076ef677951372
                                                                        • Instruction ID: 6a9492ffe41d018c0f8d246a222fc9ebb6349bcf39dac3115ef6211e2c85d00a
                                                                        • Opcode Fuzzy Hash: 397fcca802a0b89843a5587b5db20c7c0853a77a5b6bfe4c37076ef677951372
                                                                        • Instruction Fuzzy Hash: DC01C430A00248DBDF529F9AD50C3DD77B1F748724F418536D126E3290E77848468AD3
                                                                        Function 07730040 Relevance: .0, Instructions: 47COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738043753.0000000007730000.00000040.00000800.00020000.00000000.sdmp, Offset: 07730000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7730000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 703dfcd9f8bb2df07d7447fe9432b4ab724ca259ae0f109da88714f4c1b2ad15
                                                                        • Instruction ID: 71d89d5163cfdbc248778ad5ff5c058e86a7308a7475df97a571487d656ffef2
                                                                        • Opcode Fuzzy Hash: 703dfcd9f8bb2df07d7447fe9432b4ab724ca259ae0f109da88714f4c1b2ad15
                                                                        • Instruction Fuzzy Hash: 6F1170B0E04208AFD715EB69E458BAE7FF6EB89350F108069E045E7384DF754980CFA1
                                                                        Function 09546280 Relevance: .0, Instructions: 47COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 71656390d687aa67ba94a23592f9459945054090066c0ef637b9c7ebabcc24bc
                                                                        • Instruction ID: 708d1866b4ad28454a709308b305e41f489f71df4f34488c2d05cc7aef31be2c
                                                                        • Opcode Fuzzy Hash: 71656390d687aa67ba94a23592f9459945054090066c0ef637b9c7ebabcc24bc
                                                                        • Instruction Fuzzy Hash: 8D114230A0624ACBDB18DFA5C2057EEBBF2AF89314F600429D001B7280CB7A1E44CBA1
                                                                        Function 076F6701 Relevance: .0, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2f4a7878110e8fdd503883a1d9b39939ab896d8bbe932e1dcfca0da357b9bbc3
                                                                        • Instruction ID: 38e68e3c3d81740a4b4c83cc3e7ad1272fc16142fb5f766b04713d073c4cde0e
                                                                        • Opcode Fuzzy Hash: 2f4a7878110e8fdd503883a1d9b39939ab896d8bbe932e1dcfca0da357b9bbc3
                                                                        • Instruction Fuzzy Hash: 8AF04F3150A3889FC703DBA49E5049ABFB5AF4711035541DBD644CF263DA359B058BD2
                                                                        Function 0954834F Relevance: .0, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e46b72c533bebdcec48a9cff7c584119fb08802960b59a76424d55126298c37a
                                                                        • Instruction ID: b123841146bff13472810d3fabe937c91fe2ab059c31dfb811b09f4f40fabc81
                                                                        • Opcode Fuzzy Hash: e46b72c533bebdcec48a9cff7c584119fb08802960b59a76424d55126298c37a
                                                                        • Instruction Fuzzy Hash: C001F9315047859FC3069B39C8509CA7FB9EF83350B0489AFD8859B223EB349886D7A5
                                                                        Function 0954B2C0 Relevance: .0, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c0143295aba0d7ebc79a41ff1741bddf0229e97829685dc838151e5c505e2067
                                                                        • Instruction ID: e1c8066d91e9f16e2a8daeb33ee4b842a1d0230ccae0cb471f2357ad77e7ac64
                                                                        • Opcode Fuzzy Hash: c0143295aba0d7ebc79a41ff1741bddf0229e97829685dc838151e5c505e2067
                                                                        • Instruction Fuzzy Hash: 65018F35B58114CBCB926A6BF40476E3695F78436AF014C36E00BC7280CBBAC9858A8A
                                                                        Function 09549D47 Relevance: .0, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: abb344993904d026ab7efe1418b42842521d0f6da1b621ebfec3cd9996dcd781
                                                                        • Instruction ID: 582ae400657822d69a73ce093c02d6e7ac4c161ad585fee1e952949f725389b9
                                                                        • Opcode Fuzzy Hash: abb344993904d026ab7efe1418b42842521d0f6da1b621ebfec3cd9996dcd781
                                                                        • Instruction Fuzzy Hash: 8C01FB357605109FC74ADB39D85CAAE7BEAAFCA61570985A9F10AC7371DB204C028B50
                                                                        Function 09544590 Relevance: .0, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: dc3bcff3998d634df6a7b5616cb8b3ed85a50d3f5bde3d711053eaf8fa536e49
                                                                        • Instruction ID: 4467bc57c86fe0ba528e5548a56f997f4d01269c2456d1642cc80b84d4538e81
                                                                        • Opcode Fuzzy Hash: dc3bcff3998d634df6a7b5616cb8b3ed85a50d3f5bde3d711053eaf8fa536e49
                                                                        • Instruction Fuzzy Hash: 5E01F732E0064B9BCB00DBB4C9401EDBBB6EFD5310F2506A6E400B7590EB702B89CBB1
                                                                        Function 027BD01D Relevance: .0, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2733769634.00000000027BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 027BD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_27bd000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a23147c6debe059eaecc4f4bc137a34c4eb39264341c5cc755f847e789a25744
                                                                        • Instruction ID: 2d4ebbaa399c1c40a06527d6a86dd80cd81cbccd5f8584538adbd295dc617a5a
                                                                        • Opcode Fuzzy Hash: a23147c6debe059eaecc4f4bc137a34c4eb39264341c5cc755f847e789a25744
                                                                        • Instruction Fuzzy Hash: 4401D6715093409AE7328E2ACD84BA7BFD8EF45324F18C56AED485B286C779D841CAB1
                                                                        Function 0954C78B Relevance: .0, Instructions: 44COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1b44dc336b81cf16e9b329c963516a4fd9fd366d6e7a076ded4c536961f219a1
                                                                        • Instruction ID: df91cc2a754b62371adb055be4d48528c5f8b1233f319a5db8d9480336d2bfbc
                                                                        • Opcode Fuzzy Hash: 1b44dc336b81cf16e9b329c963516a4fd9fd366d6e7a076ded4c536961f219a1
                                                                        • Instruction Fuzzy Hash: 86F0C871D10109ABEB54DB75C4569FFBFA9AB84704F118839D502FB340EF7059078AD2
                                                                        Function 027BD007 Relevance: .0, Instructions: 44COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2733769634.00000000027BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 027BD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_27bd000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f3d1390def02d3986c9db86543a12eccb95916c81874c208c3658e34405de91a
                                                                        • Instruction ID: 6efe16107bb142b816ef4b7a04327ef68f6160d22db7c6d5a155f677ab88aa2e
                                                                        • Opcode Fuzzy Hash: f3d1390def02d3986c9db86543a12eccb95916c81874c208c3658e34405de91a
                                                                        • Instruction Fuzzy Hash: 8B015E7140E3C09ED7138B258894BA2BFB4EF43224F1DC0CBD8888F1A7C2699849C772
                                                                        Function 0954EB70 Relevance: .0, Instructions: 43COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ee08603d3228735c5ff5a305e236acbac2f24ac234c6f87dd938305d66b84a66
                                                                        • Instruction ID: c1a7b2068ca40b5fbc69512fff8300847b378a8241b1409f3f1af61af97de034
                                                                        • Opcode Fuzzy Hash: ee08603d3228735c5ff5a305e236acbac2f24ac234c6f87dd938305d66b84a66
                                                                        • Instruction Fuzzy Hash: 7DF028323043016FC3215A1AE880EDABBAAFFC5314B04407AE109CB349DB69EC058BD0
                                                                        Function 09548810 Relevance: .0, Instructions: 42COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 912c2026521bfc50c2da343165ed91011dad997f079af8da3855775d16d07740
                                                                        • Instruction ID: dd8b29aa2d51819f14e8249eaa8921ae6adf1567ca145fb5a41022266d15790b
                                                                        • Opcode Fuzzy Hash: 912c2026521bfc50c2da343165ed91011dad997f079af8da3855775d16d07740
                                                                        • Instruction Fuzzy Hash: 13F0F0757042041B8B49AAAE989496FB7EBFFC8220750443EE21ED7384DFB0AC0A4795
                                                                        Function 0954DD58 Relevance: .0, Instructions: 42COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d0f7f1969116e6ece4c2bf80deaf103fec3b4439b29ac26112b7f4aa9afdaa14
                                                                        • Instruction ID: 322029d21cca35559fe8b186e70c8af1a8276cdd30ff5b1a37eeed38766365a2
                                                                        • Opcode Fuzzy Hash: d0f7f1969116e6ece4c2bf80deaf103fec3b4439b29ac26112b7f4aa9afdaa14
                                                                        • Instruction Fuzzy Hash: EAF0A435B002104B87655B3694986BE7BEAEFC9616758C02EF845C7384CF75D8069B91
                                                                        Function 0954CC30 Relevance: .0, Instructions: 42COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b82bbf2ebcf1636ffe632b2a802c5ad6becb966673ff976e8b9136c8a86408ff
                                                                        • Instruction ID: 02b6263df2d383fca5ef0dae45f92d23758527d6eca255ed95c9ddeaa068aca9
                                                                        • Opcode Fuzzy Hash: b82bbf2ebcf1636ffe632b2a802c5ad6becb966673ff976e8b9136c8a86408ff
                                                                        • Instruction Fuzzy Hash: 2F01A232E0060EA7CB00DBA9D8000DEF7BBEFD9310F254626E51177254EB70258AC791
                                                                        Function 0954AC81 Relevance: .0, Instructions: 42COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9c80c722e86613de5ee1e96d14d2d37970ec6d8425f57790f6e83312ccc4d691
                                                                        • Instruction ID: 7404a23dd91fb5f525642f491950754654f673a02558a0e442b435bef6e58e08
                                                                        • Opcode Fuzzy Hash: 9c80c722e86613de5ee1e96d14d2d37970ec6d8425f57790f6e83312ccc4d691
                                                                        • Instruction Fuzzy Hash: 64F04C313881049FC382A769E458A57BFDEEB89328F0144B6E106CB241CA255C05C762
                                                                        Function 0954CCB1 Relevance: .0, Instructions: 42COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1e8d6b0948457ca2b636b55fb2fa4d7a7af6d1b0c3e852efe378d93b61ef9d5f
                                                                        • Instruction ID: e9198ba3a0cd16ae0d8902e1d3e1a201aab903a762904ad3b55ab1dc34380af1
                                                                        • Opcode Fuzzy Hash: 1e8d6b0948457ca2b636b55fb2fa4d7a7af6d1b0c3e852efe378d93b61ef9d5f
                                                                        • Instruction Fuzzy Hash: 8FF02232940509DBDB189BA0C8169EFBFB5ABC4304F01893AC092EB340DE70590686C2
                                                                        Function 07733760 Relevance: .0, Instructions: 41COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738043753.0000000007730000.00000040.00000800.00020000.00000000.sdmp, Offset: 07730000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7730000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a83845bd78167600b80e338232ff4f2e05dbe2e9ac8e9abfee9c572f834b3e17
                                                                        • Instruction ID: 16655609f0e94b6bce49355e25db56e09b647afa8859c31f57903317235e7bde
                                                                        • Opcode Fuzzy Hash: a83845bd78167600b80e338232ff4f2e05dbe2e9ac8e9abfee9c572f834b3e17
                                                                        • Instruction Fuzzy Hash: 56F0C8B69041109FC7219F75E88559DF7E5EF47293B09C1BAE809D7101D63489028B90
                                                                        Function 076F9043 Relevance: .0, Instructions: 41COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 46547a09c6ddfc9a328bc95b2278d96a06443185318a8c48fdf431223b310499
                                                                        • Instruction ID: 319838c427f3dec15202065851319e17477c65a6ab149da96e223be754f38110
                                                                        • Opcode Fuzzy Hash: 46547a09c6ddfc9a328bc95b2278d96a06443185318a8c48fdf431223b310499
                                                                        • Instruction Fuzzy Hash: 2B01F97570C3409FC72B8765D5445793B67DB8632470480AAE643C7352CA3AAC06CB61
                                                                        Function 076F14A0 Relevance: .0, Instructions: 40COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bdeb06a2647603b47c9c37dacb9f1a43d97a84a1f42a2aa12a432c22df688d9d
                                                                        • Instruction ID: 98eea08a15cdf482d06233eed6ed1c6d5e1ec09123c000fbe2ee8d12e759914c
                                                                        • Opcode Fuzzy Hash: bdeb06a2647603b47c9c37dacb9f1a43d97a84a1f42a2aa12a432c22df688d9d
                                                                        • Instruction Fuzzy Hash: E0F0E2217043185FC309266A1C68BE7AF9EEFC6760F14846FE049CB3A6CD258C8947E1
                                                                        Function 095445A0 Relevance: .0, Instructions: 40COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4cabd1b54f786e80b48f7b731e0c6d2bc4c5dc0f6a30ba871df0728b6b412b2c
                                                                        • Instruction ID: a4de9a1ca22fdd3fed041436b89506b12a6643d9276caf7cba917d53e47f589d
                                                                        • Opcode Fuzzy Hash: 4cabd1b54f786e80b48f7b731e0c6d2bc4c5dc0f6a30ba871df0728b6b412b2c
                                                                        • Instruction Fuzzy Hash: B601D132E0060F97CB00DBA8C9000DEB7B6EFC9310F6506A1D50077194EBB03B89CAA2
                                                                        Function 076F5FE1 Relevance: .0, Instructions: 39COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e7670b7c74dab1b924ad2c38f5b9ff6735d3f2469f46bfb37a1fb7cbbbae9d83
                                                                        • Instruction ID: 2455e4de5461227a2d3d316022738b4388d39336d49f1efb17d01633f9a016e4
                                                                        • Opcode Fuzzy Hash: e7670b7c74dab1b924ad2c38f5b9ff6735d3f2469f46bfb37a1fb7cbbbae9d83
                                                                        • Instruction Fuzzy Hash: 03F027323097D46FC30327E9A820696BF6ACEC766178401EBD349CF643C921A80487A6
                                                                        Function 09544617 Relevance: .0, Instructions: 38COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2f9d3f1adee138ac772ad3f952083e693b6deca8487764274f3cf7c9ee28de0d
                                                                        • Instruction ID: 989382223afd674d12f0ec6100e4290a4e712462afaee0a0138fe2f8f1daef46
                                                                        • Opcode Fuzzy Hash: 2f9d3f1adee138ac772ad3f952083e693b6deca8487764274f3cf7c9ee28de0d
                                                                        • Instruction Fuzzy Hash: E9F0C8329002099BDB199F61D455AEFBFBA9F44300F11842AD002BB2A0DE71590687D2
                                                                        Function 09549D58 Relevance: .0, Instructions: 37COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: dd1bbe4b62b8e46502f1e7b42d55e903943459b3a2f365b2e820e2a69f769824
                                                                        • Instruction ID: 551673115decbd99a9d5ae5c9c62b15685f74cf53c098592a5f2c1799c696c55
                                                                        • Opcode Fuzzy Hash: dd1bbe4b62b8e46502f1e7b42d55e903943459b3a2f365b2e820e2a69f769824
                                                                        • Instruction Fuzzy Hash: 9EF0F9357504209FC709DB2DD85CE6D77EAAFCDA11B0980A9F50AC7371DE609C018B90
                                                                        Function 0954353F Relevance: .0, Instructions: 37COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b76dbf850a3a484ac16542ff04895eddad44a1a1d8938561eccc17608c91c9fc
                                                                        • Instruction ID: b4c6d80ef0983b8635ebce176d0176f4faf0b66959ea275a98a09678d7a79db3
                                                                        • Opcode Fuzzy Hash: b76dbf850a3a484ac16542ff04895eddad44a1a1d8938561eccc17608c91c9fc
                                                                        • Instruction Fuzzy Hash: 0BF0C271E10209DBCB58EB74C5696EFBBF6AF84300F00892AD402B7250DF7015178A82
                                                                        Function 027BD25B Relevance: .0, Instructions: 37COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2733769634.00000000027BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 027BD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_27bd000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 77f57e95f4a0fa3ed7d924097543c4c35f9dfac43fcdb64fc39e5f0f96f4a714
                                                                        • Instruction ID: 7360c3b42d233c594aa2dd044600530c14c9ab7f39403509b04aed69d1ec5d08
                                                                        • Opcode Fuzzy Hash: 77f57e95f4a0fa3ed7d924097543c4c35f9dfac43fcdb64fc39e5f0f96f4a714
                                                                        • Instruction Fuzzy Hash: 00F04976600600AF97218F0AC884C67FBEDEFC4730319C16AE84A4B615C331EC42CEA0
                                                                        Function 083A2730 Relevance: .0, Instructions: 36COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 948b2cceb34d3dc195ee7067d45c55a14000508b1a438101f420704f78d9e749
                                                                        • Instruction ID: f1f3aae35b7f9deb0dd86faa272ad3481b3d951ecae13612fcdf9cbb0615f22c
                                                                        • Opcode Fuzzy Hash: 948b2cceb34d3dc195ee7067d45c55a14000508b1a438101f420704f78d9e749
                                                                        • Instruction Fuzzy Hash: 63F0A0367442005B4615A66AF49887BFBEBEBC5275314857EE90EC3348DD22EC4787A1
                                                                        Function 083A2788 Relevance: .0, Instructions: 36COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6ccf1a852356890b9be8f435b706c0d4a6d20ed81ec2f6c8c1bda6e9d5ac4057
                                                                        • Instruction ID: a790808832314bbddda3047d1f0f5af3b6aec404e7b51f4b00bf40e108bcd036
                                                                        • Opcode Fuzzy Hash: 6ccf1a852356890b9be8f435b706c0d4a6d20ed81ec2f6c8c1bda6e9d5ac4057
                                                                        • Instruction Fuzzy Hash: B6F02BB77046900F4B1617AEBC5846EBB9DFAC913230840BFF60EC3781DE154D1287A2
                                                                        Function 09548C98 Relevance: .0, Instructions: 36COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8d4daf5271320d41cfeed4a7779592d0ebaf04f76803265abdc531aeebcd9608
                                                                        • Instruction ID: 26a524ae16593846c4e117491a6dff24784cf86cea53f3cdf874325a895fe87f
                                                                        • Opcode Fuzzy Hash: 8d4daf5271320d41cfeed4a7779592d0ebaf04f76803265abdc531aeebcd9608
                                                                        • Instruction Fuzzy Hash: C301D1303406598FC706DB28D4C5AEEBBA1FB59704F004799E4064B325DBB1A84ACBC1
                                                                        Function 0954AC90 Relevance: .0, Instructions: 35COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6a8fd56f7004f2a074aab51cb5b1c425bfb7b36a7f69f5d8c1f5032da576c854
                                                                        • Instruction ID: 55617c9fa643de517daca6fd2c7d815e1faa8b1f28f6b3d431c4f26b438ba542
                                                                        • Opcode Fuzzy Hash: 6a8fd56f7004f2a074aab51cb5b1c425bfb7b36a7f69f5d8c1f5032da576c854
                                                                        • Instruction Fuzzy Hash: 62F0E271384008AFC6C1A75AE858B27B7CEEB8C368F400435E20ACB205CA259C41C7A2
                                                                        Function 07733770 Relevance: .0, Instructions: 34COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738043753.0000000007730000.00000040.00000800.00020000.00000000.sdmp, Offset: 07730000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7730000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a676ebc9ee605569bf6a9b0e188fed11fd0b39bbcf5a747306d773fac5cc4af1
                                                                        • Instruction ID: 279447cf9dba1aa952b1fb2f5a0e143602b8bfb3a4d56023345e5934b5a6e860
                                                                        • Opcode Fuzzy Hash: a676ebc9ee605569bf6a9b0e188fed11fd0b39bbcf5a747306d773fac5cc4af1
                                                                        • Instruction Fuzzy Hash: C8F0E9F2E041249BDB209F7AD84595EF7A9EB86693F05C179E40ED7101D6348A018A94
                                                                        Function 076F9050 Relevance: .0, Instructions: 34COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 296b781b9394fc3f81921ad1bb3fcd3466fdad375281f7607f7e9c7802209cdc
                                                                        • Instruction ID: b5e8598b3eb8d41064c6bc3e698a30fb476562fba2969d1c45d4afb8cb335303
                                                                        • Opcode Fuzzy Hash: 296b781b9394fc3f81921ad1bb3fcd3466fdad375281f7607f7e9c7802209cdc
                                                                        • Instruction Fuzzy Hash: A5F0E97570830097C7265A6AA40857E7B9BDB86724B04803AF90687351C97AAD05CB62
                                                                        Function 027BD24C Relevance: .0, Instructions: 34COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2733769634.00000000027BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 027BD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_27bd000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c326d1bd91abff9e05eb741f7509b29a67848382ab93e42549d9aa15c69f410a
                                                                        • Instruction ID: 79485df5ecbbf6738220ee2b73e497b56a6af0e2f7943b576977eb9a5cd90bfd
                                                                        • Opcode Fuzzy Hash: c326d1bd91abff9e05eb741f7509b29a67848382ab93e42549d9aa15c69f410a
                                                                        • Instruction Fuzzy Hash: 3CF03C70104680AFC725CF06C985C63BBF9EF85620719C59DE8495B252C731EC41CB60
                                                                        Function 083A3BF4 Relevance: .0, Instructions: 33COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 99018559d567b96b89dd2c652cfb9082d689bcc9d9bfbf8d8e4591d5743059d2
                                                                        • Instruction ID: 8c912c7299a63a3486f9a8eacf453328068bd34b279c02f89fc952d994147d53
                                                                        • Opcode Fuzzy Hash: 99018559d567b96b89dd2c652cfb9082d689bcc9d9bfbf8d8e4591d5743059d2
                                                                        • Instruction Fuzzy Hash: 2FF0B4A190E3C89FC713CBB48C104A97F71DE9724134601DBC080CF273E5298A09D752
                                                                        Function 083A8788 Relevance: .0, Instructions: 33COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: de2152db7c29a89b73a9c25cf459b7edebfda5edc5bdd0f83849cab282aa5f52
                                                                        • Instruction ID: 37ed2e4dfa2a47705a4445e40d159e4fc6542f2fb04e8031fda116c700421d4b
                                                                        • Opcode Fuzzy Hash: de2152db7c29a89b73a9c25cf459b7edebfda5edc5bdd0f83849cab282aa5f52
                                                                        • Instruction Fuzzy Hash: 4EF0E234608654AFD711DBACD494EAEBFF4DF4A230F0082AED449C7255CA34AC41CBC1
                                                                        Function 0954BDB2 Relevance: .0, Instructions: 33COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2cdc96c2bbd7985749157f2262920ef8d85e9173677d3b20ba8fdebacd0c3820
                                                                        • Instruction ID: ee06651ad0d6b1975d626799a1b7549d08e7235e061fd322d94ad0516b86e1a5
                                                                        • Opcode Fuzzy Hash: 2cdc96c2bbd7985749157f2262920ef8d85e9173677d3b20ba8fdebacd0c3820
                                                                        • Instruction Fuzzy Hash: 47F08C75D493989FD782DBB958156C9BFB4EF06220B0600EBD489D7143E2288A09C7E2
                                                                        Function 0954C798 Relevance: .0, Instructions: 33COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 885905266c5e43257fe6f4c507e28ba1fdaa9327060c7ecb8987c07ed9dee866
                                                                        • Instruction ID: 0187a37ef6aac66764719f23c25eb380233d5b33181a0fb0d95ca32706ac0d13
                                                                        • Opcode Fuzzy Hash: 885905266c5e43257fe6f4c507e28ba1fdaa9327060c7ecb8987c07ed9dee866
                                                                        • Instruction Fuzzy Hash: B7F0E232E101099BDF04EB65C4559EFBFBAAF84300F01882AC002B7344DFB0690786D2
                                                                        Function 076F607F Relevance: .0, Instructions: 32COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c35490c9ca38e4deb3246fbb320f7b6e241c5bb6cbbd2b15558d7a33d526fc15
                                                                        • Instruction ID: b48d1807baf5453d49fc470b520f0c94cb8c2d4651d20464dced223cb5468f4e
                                                                        • Opcode Fuzzy Hash: c35490c9ca38e4deb3246fbb320f7b6e241c5bb6cbbd2b15558d7a33d526fc15
                                                                        • Instruction Fuzzy Hash: 8CF0923200F7C49FC7135BB4BD612D57F349E4322974502DBD48A8BA63CA399556CB62
                                                                        Function 09549E00 Relevance: .0, Instructions: 32COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: de641640eaabed45b792bc29c984c95f2202f494d96556386a14bb67e6f2cd99
                                                                        • Instruction ID: c3f62528eb3fd0472f95f3e3d5a0d258f8658bbed687a07422d5fca825d1f7cd
                                                                        • Opcode Fuzzy Hash: de641640eaabed45b792bc29c984c95f2202f494d96556386a14bb67e6f2cd99
                                                                        • Instruction Fuzzy Hash: 67E092B37040A8678B197F3E60114AFBB9A8ED5265318447FD946CB701DF288C4B83EE
                                                                        Function 076F14B0 Relevance: .0, Instructions: 31COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 376d25c5632de91aaf23efdbb8e8c731515c40697ffdf733ed37422ef640cd4b
                                                                        • Instruction ID: 9bea29df9528b5887ede3f849db1ca46c8ec8aa249c4365dd3744bd9b803f25f
                                                                        • Opcode Fuzzy Hash: 376d25c5632de91aaf23efdbb8e8c731515c40697ffdf733ed37422ef640cd4b
                                                                        • Instruction Fuzzy Hash: 10E0122170021C6BD319267E58A8B6B998FEFC5B50F14846EA10DDB395CC62DC8507E4
                                                                        Function 09543DC6 Relevance: .0, Instructions: 30COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a5a2af70d236de7ccf83a0fb8b6c2cae50bb0640e381b37786493caa32ad7013
                                                                        • Instruction ID: 7fb5b771f2e109d87d1cb901937299d024c993b335734c59ec2948a4ac20a75e
                                                                        • Opcode Fuzzy Hash: a5a2af70d236de7ccf83a0fb8b6c2cae50bb0640e381b37786493caa32ad7013
                                                                        • Instruction Fuzzy Hash: 95F01734A01248CFEB90EF69E98479977F1FB08398F108866E416E73A5D738D881CF21
                                                                        Function 0773A690 Relevance: .0, Instructions: 29COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738043753.0000000007730000.00000040.00000800.00020000.00000000.sdmp, Offset: 07730000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7730000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a729ae5d8981b92055882035381ff60c3e1603a298b4a1d823132ff7607a4f4d
                                                                        • Instruction ID: c1f921741628c36dcbe75ae955e07bf53d4b234b3251f9aaff2cbc25642dc6db
                                                                        • Opcode Fuzzy Hash: a729ae5d8981b92055882035381ff60c3e1603a298b4a1d823132ff7607a4f4d
                                                                        • Instruction Fuzzy Hash: C4F05EF1D05AA2CBEB24A690C48877A32A06B563E5F2508F5CC4A67B82D7784D81C683
                                                                        Function 076F7510 Relevance: .0, Instructions: 29COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 927cd5fc21da363ce312af36d2459c7d87f8422f7459b1889aa1237675d0bdb7
                                                                        • Instruction ID: c9434a91fc6a944740cc0a788aa21110f0c126988c919964a7321728dbabcfd8
                                                                        • Opcode Fuzzy Hash: 927cd5fc21da363ce312af36d2459c7d87f8422f7459b1889aa1237675d0bdb7
                                                                        • Instruction Fuzzy Hash: 68F0E5743091589FC7117734B8296693FA6DB46324F9044AAE10BD3381DF9E1812CB96
                                                                        Function 076F3F5F Relevance: .0, Instructions: 29COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 86d98578fa339bfdb1fdef300534d6be5ed858b88aafd93fd8903a9fb0e98363
                                                                        • Instruction ID: d396d8e8cb046a43badf8c1feb71331a85cbb7e99ddd873f3e8eeb024d60019a
                                                                        • Opcode Fuzzy Hash: 86d98578fa339bfdb1fdef300534d6be5ed858b88aafd93fd8903a9fb0e98363
                                                                        • Instruction Fuzzy Hash: 19E0482220C6946FC30252B9A8185EA7F9DDFC662071505EFF288C7252CA546C4447A1
                                                                        Function 083A2720 Relevance: .0, Instructions: 29COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 63963fc18b82b3cccc9f334ce1a2a19f6f299435143feb9fe6a03b18c37396ed
                                                                        • Instruction ID: f6a38047021453956718313ee60781f0ed434d0548373a636d088e4a3fba1aa3
                                                                        • Opcode Fuzzy Hash: 63963fc18b82b3cccc9f334ce1a2a19f6f299435143feb9fe6a03b18c37396ed
                                                                        • Instruction Fuzzy Hash: EFE0DF312093C16F8313565AE894817BFAAAEC713170545BAE98DCB36AD9209C4687B2
                                                                        Function 09547DE8 Relevance: .0, Instructions: 29COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 74d7ce1b395751778b2419ce99e39f1aa7c0c5366d2c4dc857e8da306bf26ac8
                                                                        • Instruction ID: 46f2749b90e65b33d96499a48cd6c91a67d7410d1897bc1f19fd0410fbed8a4d
                                                                        • Opcode Fuzzy Hash: 74d7ce1b395751778b2419ce99e39f1aa7c0c5366d2c4dc857e8da306bf26ac8
                                                                        • Instruction Fuzzy Hash: 24E02B207085A04FC606A77984305AD3FE7EF8525135881FEC4099B392CE555C0547DA
                                                                        Function 0954FB64 Relevance: .0, Instructions: 28COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ef8b4d97fab10980e705afd98f90eb81699c73d42d2195b71ff31eb130930a70
                                                                        • Instruction ID: d696364b14047fd3640970e2ac074bd670d131420f5dc46bd09bdd498364a890
                                                                        • Opcode Fuzzy Hash: ef8b4d97fab10980e705afd98f90eb81699c73d42d2195b71ff31eb130930a70
                                                                        • Instruction Fuzzy Hash: 33F0823550E7D19FD7579B3E48762257F60EB43249B8A44DFC4C2CF0A3C1599009C722
                                                                        Function 076F5348 Relevance: .0, Instructions: 27COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9692f9f5a94b2490ab68815021f4de188786219856e23a19d90a0c12fe8110d9
                                                                        • Instruction ID: 2e9519891d3690bb1f7d981387304b0169074f386623433b66de5380730dd06f
                                                                        • Opcode Fuzzy Hash: 9692f9f5a94b2490ab68815021f4de188786219856e23a19d90a0c12fe8110d9
                                                                        • Instruction Fuzzy Hash: 53F05EB1A00155CFEB24DFA4C945B5ABBF1BF09341F010054DA0677690DB64AE02CB42
                                                                        Function 076F8224 Relevance: .0, Instructions: 26COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2483608307d221130e8de9e07827cc22e81822c55dba43b1968b3e819092d0da
                                                                        • Instruction ID: ece4d9c5fb8d69ab8ff685b97f11d7914b3d41e1a6876b7324ee42b30dc09f7b
                                                                        • Opcode Fuzzy Hash: 2483608307d221130e8de9e07827cc22e81822c55dba43b1968b3e819092d0da
                                                                        • Instruction Fuzzy Hash: A8F0E7B494260BDFDB14DF90D95DBAEBBB2BF04311F200459D502B3290CB781A44CB80
                                                                        Function 083A8798 Relevance: .0, Instructions: 26COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 30ffd42415a28f226ba3599ad9c2253975c7a2696dda8f5b6d24d2d801f6ef3f
                                                                        • Instruction ID: 87c25881ba1b62fed47ff51870a5ef3762151b74782746ab723f1db2d8a676d3
                                                                        • Opcode Fuzzy Hash: 30ffd42415a28f226ba3599ad9c2253975c7a2696dda8f5b6d24d2d801f6ef3f
                                                                        • Instruction Fuzzy Hash: FBE06D31604614AFD700EA9CE444AAEBBF8EB88661F00816AE409C3244DA31AC418BC4
                                                                        Function 076F7520 Relevance: .0, Instructions: 25COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: dcba2665737b363316fe3a5c3e21bc66abd2ac6069bc3b8850a7832abbad7d05
                                                                        • Instruction ID: e8eeeab4236d607da280616f327f503cdc1626204bff215884701fb1c3f170c3
                                                                        • Opcode Fuzzy Hash: dcba2665737b363316fe3a5c3e21bc66abd2ac6069bc3b8850a7832abbad7d05
                                                                        • Instruction Fuzzy Hash: 07E04F74355028DFC7217774B42936D3697EB89361F905826D60BC3780DF6968428A96
                                                                        Function 076F98F0 Relevance: .0, Instructions: 25COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b96c6ed15c23199a16a2bd3bb8e39c9f8bb27f6296c8beb0e6b6e5520f17ac72
                                                                        • Instruction ID: c08d91f3bb2033bf21635316f5ecca7f1a7875d5af0fc6f92ec7918730cf6d80
                                                                        • Opcode Fuzzy Hash: b96c6ed15c23199a16a2bd3bb8e39c9f8bb27f6296c8beb0e6b6e5520f17ac72
                                                                        • Instruction Fuzzy Hash: 6DE09A217083900BCB07567860152AE7BA78FC223571900EFD542CF292CEAD0C4283A9
                                                                        Function 083A9900 Relevance: .0, Instructions: 25COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4b046524e782b1d6b770fd401b7a05ca6ac1e912bdaf585019d350fe4a412a3a
                                                                        • Instruction ID: 53a173657609fb546d9e702178e18851d7e2823fd1f947ab8040455cbdac3a2e
                                                                        • Opcode Fuzzy Hash: 4b046524e782b1d6b770fd401b7a05ca6ac1e912bdaf585019d350fe4a412a3a
                                                                        • Instruction Fuzzy Hash: 1CE0DF7136420CEFCB10AA2AE4083B37B88E794312F41483ECC32FE941D23AC891C603
                                                                        Function 083A25E0 Relevance: .0, Instructions: 25COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 44e2f363cb10272857fba59258c9d24e97e287d1cf70ee1c9098be8f44361a19
                                                                        • Instruction ID: 75e4281c1e17478fbf514a191394f748cfc297b6da0f4127becfd5161fcde9cb
                                                                        • Opcode Fuzzy Hash: 44e2f363cb10272857fba59258c9d24e97e287d1cf70ee1c9098be8f44361a19
                                                                        • Instruction Fuzzy Hash: DDE08C343892944FCB46EBACD8688497FE9AF4F22430504FAF409CF362E9A5DC0587A1
                                                                        Function 09548380 Relevance: .0, Instructions: 25COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6730d59f1d966322afbc2e15adcb0e74e3ecca3d318484c389a74755d4c00194
                                                                        • Instruction ID: 9440cc6ee0506e78964cc2a0a475ceaed2d8d8cddd173245433ff14470c3e32e
                                                                        • Opcode Fuzzy Hash: 6730d59f1d966322afbc2e15adcb0e74e3ecca3d318484c389a74755d4c00194
                                                                        • Instruction Fuzzy Hash: F3E06D32600B089BC315AA79C41099AB3A9EFC6354F10CA7ED44A5B321EF31A882D799
                                                                        Function 083A4348 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5e552615ae84d4e9b02a52b312dc883619a2d7584d437084d8765237df0857e7
                                                                        • Instruction ID: f2ca72a8f9eafb2a991eceab2696a371e8e8a49a0cc5b0f637fae962243e7511
                                                                        • Opcode Fuzzy Hash: 5e552615ae84d4e9b02a52b312dc883619a2d7584d437084d8765237df0857e7
                                                                        • Instruction Fuzzy Hash: D2E04F7180A38CDFCB02DBB4D50459ABFFA9F4721075104EAC145DF262EA319A04DBA3
                                                                        Function 07731D56 Relevance: .0, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738043753.0000000007730000.00000040.00000800.00020000.00000000.sdmp, Offset: 07730000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7730000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d82b16b79c8df3b26df0b610b606a00321bca84eecc564a30fd7c3e28ebe5fc5
                                                                        • Instruction ID: d7a452e01d8dea8730f71bad3c39d1e7b2de7c894f6f2b255cb61cad220503ba
                                                                        • Opcode Fuzzy Hash: d82b16b79c8df3b26df0b610b606a00321bca84eecc564a30fd7c3e28ebe5fc5
                                                                        • Instruction Fuzzy Hash: E2F039B5A10208CFC704CF44D984A9CFBB2FF86340F5084A6D2049B212C73099518B51
                                                                        Function 076F7AB9 Relevance: .0, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c997efc02c3835e84c9c6a45539a19e312f9cca0d547c10b96fd8279f84b1dd3
                                                                        • Instruction ID: 55558b273de065a82c90d2c4e85788fa2beeeddcf7889bab5fe6584d30e3e023
                                                                        • Opcode Fuzzy Hash: c997efc02c3835e84c9c6a45539a19e312f9cca0d547c10b96fd8279f84b1dd3
                                                                        • Instruction Fuzzy Hash: DCD05B312092445FC345CE58DD508D1BF659F9522431492AFE545CB353DD31FF02C661
                                                                        Function 083A26E0 Relevance: .0, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 308d2e1efbebc2db1970905ba7d18fd93e200081d0d12a070494599e31d5af4b
                                                                        • Instruction ID: 88406062c644e9ae984a17a0e396d5541f34eb8db1a87c9ff4ecf6d269182ae6
                                                                        • Opcode Fuzzy Hash: 308d2e1efbebc2db1970905ba7d18fd93e200081d0d12a070494599e31d5af4b
                                                                        • Instruction Fuzzy Hash: 50E04F35241108CFCB14DE08D484A6777AAEFD4312F14C0A9E6098B732DB72E895DB51
                                                                        Function 09549A3F Relevance: .0, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a3d1aa64fd1c2972024fb0ec741f6c3ca6cac3fc95633e87edaaad78129cd729
                                                                        • Instruction ID: 567ef470591de84badecb0a11b1a0d75ec7be3117c80eaed9446c756d84223de
                                                                        • Opcode Fuzzy Hash: a3d1aa64fd1c2972024fb0ec741f6c3ca6cac3fc95633e87edaaad78129cd729
                                                                        • Instruction Fuzzy Hash: 87E06D30549349EFC702DB64A954598BFB5DE4224475041E9D448EB212D6315E459B51
                                                                        Function 07732718 Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738043753.0000000007730000.00000040.00000800.00020000.00000000.sdmp, Offset: 07730000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7730000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6ac97f474ae44947bb4ffe2e49a28af3baa7e45e3c88846c1034b4faa133b68c
                                                                        • Instruction ID: e1de9dd6d9992f7e44bd8c32879781325a59030b5ee53bec33b08de292dfabc9
                                                                        • Opcode Fuzzy Hash: 6ac97f474ae44947bb4ffe2e49a28af3baa7e45e3c88846c1034b4faa133b68c
                                                                        • Instruction Fuzzy Hash: 4AE08C3288A24CEFCB01EFF0C80544D7BB6EF4720076588EAC544CB262EA319A019B82
                                                                        Function 0773A4CB Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738043753.0000000007730000.00000040.00000800.00020000.00000000.sdmp, Offset: 07730000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7730000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 97fa83d97a2484198f1db7c6ed1d3f4036449fb88719bb5bd057bceadad0783a
                                                                        • Instruction ID: 314c7327420700126f6029c86652feb80e4394a3131ce37c8bedc7cf3527a922
                                                                        • Opcode Fuzzy Hash: 97fa83d97a2484198f1db7c6ed1d3f4036449fb88719bb5bd057bceadad0783a
                                                                        • Instruction Fuzzy Hash: C0F034B4E04724CFEB24DF24C894B59B7B1BB49290F1544E4E84AA3782CB348E80CF82
                                                                        Function 076F82D0 Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5d2b7a39eb085a840e27695889a7734e9d6cb5fa2c25c7cf5b0de403ea4f0f37
                                                                        • Instruction ID: f68f342c8480ba7dd515d71bfa0df494131e6a070afe96d6ec6e15c1e43facc7
                                                                        • Opcode Fuzzy Hash: 5d2b7a39eb085a840e27695889a7734e9d6cb5fa2c25c7cf5b0de403ea4f0f37
                                                                        • Instruction Fuzzy Hash: DEE08C7690920AEFCB02DFB0DD09889BBB8DF0621570001EAE90AD7211FB35CE00C752
                                                                        Function 076F1198 Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2a1d9e78e1334847b4d1ea5864d35eab7e907e99978ee05ddee3bc7e2930041b
                                                                        • Instruction ID: b73c0fa58284249134360822e6bf33f4084a5ad7d492b5da9f034631bd90f609
                                                                        • Opcode Fuzzy Hash: 2a1d9e78e1334847b4d1ea5864d35eab7e907e99978ee05ddee3bc7e2930041b
                                                                        • Instruction Fuzzy Hash: 71E0122120A1A54FC713A668A9545E97F269F8727470943D7D1869B3D7CE140A05C7D2
                                                                        Function 076F9008 Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1e0197e2ad46aacac610c5e01ac0600dc3b99ffde260af161858cfe4c632f475
                                                                        • Instruction ID: 9c22aafcd32025966781a54910c3afaf6fde875f5cc0a13c8b06541112b466fd
                                                                        • Opcode Fuzzy Hash: 1e0197e2ad46aacac610c5e01ac0600dc3b99ffde260af161858cfe4c632f475
                                                                        • Instruction Fuzzy Hash: A7E0C232109B508FDB036AA8980A1A9BBB5DF8B600B0144D7F105CB391DF280806C7C1
                                                                        Function 076F9900 Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0892355b52a9f9ba72e47e11f66d8f925da482f3429c85419d42e0ac9c984bd5
                                                                        • Instruction ID: e2bb4deff74f687db1dd251682c49229375fff49907fd5d3ccb9b0abb20ced0d
                                                                        • Opcode Fuzzy Hash: 0892355b52a9f9ba72e47e11f66d8f925da482f3429c85419d42e0ac9c984bd5
                                                                        • Instruction Fuzzy Hash: 22D0A73170451423850A217E74129BF768FCFC5779714006AEA058B381CEED6D0203F9
                                                                        Function 0954AD71 Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c209c8c06d7cffdb48191432e9f9a6b35f4b41d2d19ddac7eb1257c3e7fd2ca3
                                                                        • Instruction ID: ae9bd1e7311cd0e32203536e0ae740582e609f3585a74174cf5e2f6ed4518b74
                                                                        • Opcode Fuzzy Hash: c209c8c06d7cffdb48191432e9f9a6b35f4b41d2d19ddac7eb1257c3e7fd2ca3
                                                                        • Instruction Fuzzy Hash: 70E07D352493206FC3014B54A410997BFA9DBCA721F0440A6E10ACB190CB205806C391
                                                                        Function 076F82E0 Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 211f2cb3cccb21e0d235d6074225d26e76cc98458c23d185637aafafb571cc88
                                                                        • Instruction ID: 797b8f9b2017ec1862d3da341a48f35ed8d4f366fc86f3f49bec9940d95755ea
                                                                        • Opcode Fuzzy Hash: 211f2cb3cccb21e0d235d6074225d26e76cc98458c23d185637aafafb571cc88
                                                                        • Instruction Fuzzy Hash: 5FD01772A0520EEBCB10DFB0DD058AAB7ACDB05105B1006E99D0ED3200EA32DA119691
                                                                        Function 076F3F70 Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 190be6c7955ec59ac6ab26ab4c368048d116d5cbeee5634d73daefa9235e4001
                                                                        • Instruction ID: 1c297e047c904911f6f90695aae1d9d63495b891f488eaf2a79e61f031a503b3
                                                                        • Opcode Fuzzy Hash: 190be6c7955ec59ac6ab26ab4c368048d116d5cbeee5634d73daefa9235e4001
                                                                        • Instruction Fuzzy Hash: 3FD09262704424AB9204A1DEA808AABB6DEDBC9A61B6042AAF60DC3740CA55AC4547A5
                                                                        Function 076F09C9 Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7caa6aec1bab8146a3e27060cdaaa1d817e8cf3ce073c11c91e3eb77bad581db
                                                                        • Instruction ID: 7042b3393e71fe4ca38398f919b6ddc81769d78fb2a229aa368e3a985ebe3f33
                                                                        • Opcode Fuzzy Hash: 7caa6aec1bab8146a3e27060cdaaa1d817e8cf3ce073c11c91e3eb77bad581db
                                                                        • Instruction Fuzzy Hash: 29E0862190618C9FCB02DBB04A400DE7F679F4620034005D3D141DB162E9354B048791
                                                                        Function 0954EB08 Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6db96f4754708a084a5918ec000895f566c4c9938096d204c9858abdc624e369
                                                                        • Instruction ID: 0e5ea9b743421d516e90c8ea238cf7d46e19cf1e7edfc42a4a5ebe2cbfe09006
                                                                        • Opcode Fuzzy Hash: 6db96f4754708a084a5918ec000895f566c4c9938096d204c9858abdc624e369
                                                                        • Instruction Fuzzy Hash: 39E04FB0A0928DAFCB01DF78EA1059DBBF9DF59204B4045FDD408D7241EA357F159B85
                                                                        Function 0954FB28 Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ed997061526563247689470c5782b37871e50517c30ad4776200b9b06fc49780
                                                                        • Instruction ID: aee31d11cd7079cfa2833a6ea23c6311f602d1a0596fe85373d726a7a9f8e7b1
                                                                        • Opcode Fuzzy Hash: ed997061526563247689470c5782b37871e50517c30ad4776200b9b06fc49780
                                                                        • Instruction Fuzzy Hash: 02E0863414EBC54FD7579B3E4439116BF60AB83219F4944DEC4D2CF553C51A8449C723
                                                                        Function 095473A0 Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1012ac7582d8d23ae2f2c966b84f063f272a71e35cfb0f5de3ab6e4f8b691e76
                                                                        • Instruction ID: f2ecbd283801d27bf61249099aeaeb769d100bd47f28c3cb3add1e719615202c
                                                                        • Opcode Fuzzy Hash: 1012ac7582d8d23ae2f2c966b84f063f272a71e35cfb0f5de3ab6e4f8b691e76
                                                                        • Instruction Fuzzy Hash: 6FE0D870A0928DEFC702DF79DA5056C7F75DF42200B0040D9C008D3391DB702E049F81
                                                                        Function 07739860 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738043753.0000000007730000.00000040.00000800.00020000.00000000.sdmp, Offset: 07730000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7730000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d19ad2c4c05e78237ffa8885acf98e331a32b36791ccb785b83632d432c5af67
                                                                        • Instruction ID: a3875df4d52a07083690f6939a15c0a7dfdbe0a6d89eabbe25ebbb7567a42fb8
                                                                        • Opcode Fuzzy Hash: d19ad2c4c05e78237ffa8885acf98e331a32b36791ccb785b83632d432c5af67
                                                                        • Instruction Fuzzy Hash: 03F0C9B4D04725CFDB25DF24C894A99B7B1BF1A381F4049E9E84AA3741DB349E82CF91
                                                                        Function 083A3BB8 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4a280889a62fd4da4dcf1429dc55fbe4751974409a16d1bb49335cd94f4b1f3c
                                                                        • Instruction ID: ec840ecb0b38d9f1d25faea7210e5f45d146255a122e3b113d4f9f4d721d8e05
                                                                        • Opcode Fuzzy Hash: 4a280889a62fd4da4dcf1429dc55fbe4751974409a16d1bb49335cd94f4b1f3c
                                                                        • Instruction Fuzzy Hash: 3AE08CB1D0924CEFCB11DBB0C8104ADBBB6AF8620074101EAC014DB261E9358A149B42
                                                                        Function 083A1C50 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f9cdb366dd0a0a2d31ea803ee9e94ccbe272b92002f948f9b4563ac1af71f8ab
                                                                        • Instruction ID: 29b80fadc94d81e32b85946b3b2f105eb11da6c6f181ea68ece121410c125663
                                                                        • Opcode Fuzzy Hash: f9cdb366dd0a0a2d31ea803ee9e94ccbe272b92002f948f9b4563ac1af71f8ab
                                                                        • Instruction Fuzzy Hash: FFE0C270A0A348EFCB06EBB0C8144597FB8DE4221071501EFD844CB352EA325E00CBA1
                                                                        Function 076F4D32 Relevance: .0, Instructions: 18COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 99ac65a8ae96a49343d540053f2a3027bd69616058ccdb1c498ecd2d244b7c51
                                                                        • Instruction ID: f81b6b08bf86f59d2b1db4ad668d94a6bc2a670bebcac83ef88df160b714ffc4
                                                                        • Opcode Fuzzy Hash: 99ac65a8ae96a49343d540053f2a3027bd69616058ccdb1c498ecd2d244b7c51
                                                                        • Instruction Fuzzy Hash: 04E01AB5A00114CFDB14DF94C941F5DBBF1BF09301F110054EA0667691D620AD028F41
                                                                        Function 076F98C5 Relevance: .0, Instructions: 18COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c513dd17eb7fb4e1f991903af2cd1a88547437bebb971f235ea22b765fd00d20
                                                                        • Instruction ID: 23dac7787d3368c3c82fa16df303efaded4d08fa38d66ad545c613cb9858ee70
                                                                        • Opcode Fuzzy Hash: c513dd17eb7fb4e1f991903af2cd1a88547437bebb971f235ea22b765fd00d20
                                                                        • Instruction Fuzzy Hash: B8E0BD9610EBC08FD707973868653993F726F03214F8A44DFC0868B0A3C609490AC72A
                                                                        Function 0954AD49 Relevance: .0, Instructions: 18COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 371b2279844c7e30ecc7fe8ddd413eddc412f74bc87422656148f83e221e3c5b
                                                                        • Instruction ID: 3c59255b5e1f6ec4943bba613a274330610abdde0cb2aa439fe454769a892593
                                                                        • Opcode Fuzzy Hash: 371b2279844c7e30ecc7fe8ddd413eddc412f74bc87422656148f83e221e3c5b
                                                                        • Instruction Fuzzy Hash: 5FD05B702042446FC305CA74DCA18D5FFF59F95214314C0ADE409CB362E6329D02CB50
                                                                        Function 076F7ED0 Relevance: .0, Instructions: 17COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2a153ddf33bbf3aa65482eb0a876db0a1a6ef9998c203d13d3b37e352e20f47e
                                                                        • Instruction ID: 87e9fd7f12bee6c6cc2815bb1ecdb7526b8c6e4cd5272a5a30f03c28390c2025
                                                                        • Opcode Fuzzy Hash: 2a153ddf33bbf3aa65482eb0a876db0a1a6ef9998c203d13d3b37e352e20f47e
                                                                        • Instruction Fuzzy Hash: 71C08C7308E7988FC302ABD07A190F0BF38EC0203034403C3E20CC9923CA2AA7808692
                                                                        Function 076F4DFB Relevance: .0, Instructions: 17COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: aa8b40d030e8f077ad1aaeedf0c38ad8b1177804fd9f559112f533a5cbfcb0e1
                                                                        • Instruction ID: a72362ffb3f42d7899e37d59044c076ba6a53e68889f1a06a022fbc9dd82e572
                                                                        • Opcode Fuzzy Hash: aa8b40d030e8f077ad1aaeedf0c38ad8b1177804fd9f559112f533a5cbfcb0e1
                                                                        • Instruction Fuzzy Hash: 92E08CB1E041A9CBEB20DFE4C881BAEBBB2BB01301F411064CA476B649CB745D06C682
                                                                        Function 0954BDD0 Relevance: .0, Instructions: 17COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8b56782ddf225e01b415baebdc34af236532e1685849c4d17bf84473b334d24f
                                                                        • Instruction ID: 58aa689a4382480d5a3eaa20115f9fc6cf7ddc216f0c11dfdfe6dd47e791f79d
                                                                        • Opcode Fuzzy Hash: 8b56782ddf225e01b415baebdc34af236532e1685849c4d17bf84473b334d24f
                                                                        • Instruction Fuzzy Hash: 63D0E2B1D002289F8B80EBAEA8052DEBBF8AB08214F0044A6D50DE3204E2308A108BD2
                                                                        Function 076F520A Relevance: .0, Instructions: 16COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d80e231d9aa51e85677c552f24270ff858ebaa6c0d7f58d22d60f44755a79818
                                                                        • Instruction ID: f81f69d6b1b9e476394bb193c1a61a4f955a76dbacf3f1f00f0d8175a498e803
                                                                        • Opcode Fuzzy Hash: d80e231d9aa51e85677c552f24270ff858ebaa6c0d7f58d22d60f44755a79818
                                                                        • Instruction Fuzzy Hash: 5ED05EB1909052CAE720AFA8888236E7BF9AF05362F0512D5CF9766546DE289D168682
                                                                        Function 076F6020 Relevance: .0, Instructions: 16COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f2a1c91b3b74043e93a38d3f45821859562199dbcffaa196435b13010b0141ec
                                                                        • Instruction ID: 4ecd292ac2e1a9be0c80e05243ab4a1e7149e05686a080df5362b423751d9be4
                                                                        • Opcode Fuzzy Hash: f2a1c91b3b74043e93a38d3f45821859562199dbcffaa196435b13010b0141ec
                                                                        • Instruction Fuzzy Hash: 01D0123200A7C84FC70356A079502E27F685D4752974401D6D5884AA638529A6548762
                                                                        Function 076F5F80 Relevance: .0, Instructions: 16COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2eff153e600d08e029d2d862869cea43f27ddc345b87ecfb55b6e2410e79ecd6
                                                                        • Instruction ID: f81b98c4fc0da3bd9cffb9df3a4827952b8f786cdc74dc3c7edbbe189ca70b0c
                                                                        • Opcode Fuzzy Hash: 2eff153e600d08e029d2d862869cea43f27ddc345b87ecfb55b6e2410e79ecd6
                                                                        • Instruction Fuzzy Hash: D9D0C93100A3C49FC303DF39AA198D1BFA4AE0771474A01CFE2448B233DA64EA14D792
                                                                        Function 076F1DEB Relevance: .0, Instructions: 16COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 164753b552f926b2ac32d94cf48bab1214e88d66bcc5886bf736ffd095c5f97a
                                                                        • Instruction ID: 141e9be3446031122aff671b068a49999373133bdc74602be1ed891d64ccad3b
                                                                        • Opcode Fuzzy Hash: 164753b552f926b2ac32d94cf48bab1214e88d66bcc5886bf736ffd095c5f97a
                                                                        • Instruction Fuzzy Hash: 18E046F4E0012ACFEB149B24D804BADB2A0BB06351F4100BACA57A2240D3700D01CE82
                                                                        Function 083A25F0 Relevance: .0, Instructions: 16COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e5d98a9224d00a3994b78d7203b9dc2f0ef282f226207caf0b56b5cf9536dfa9
                                                                        • Instruction ID: 62bd9726f890c5dcc7bbf9b478cb4a5d34be29659ac6e782604aa4a7856ce5b8
                                                                        • Opcode Fuzzy Hash: e5d98a9224d00a3994b78d7203b9dc2f0ef282f226207caf0b56b5cf9536dfa9
                                                                        • Instruction Fuzzy Hash: 25D0A9347800248FCB04A7ACE4188593BDAEF8E22030108AAF00ACB361DE61EC018780
                                                                        Function 0954EB18 Relevance: .0, Instructions: 16COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ac0be792826cc36c85f0ebef8a9daa6cbf93eb0bff2229e214a1535cf8fd596a
                                                                        • Instruction ID: 58c4a76bdea084b3ef15647022b809c693ed1c2e94257ee6ab37b90299b743d4
                                                                        • Opcode Fuzzy Hash: ac0be792826cc36c85f0ebef8a9daa6cbf93eb0bff2229e214a1535cf8fd596a
                                                                        • Instruction Fuzzy Hash: CFD017B0A0510DEF8B01DFA8EA0099DBBFAEB45208B5041BCD408E3240EA316E44AB85
                                                                        Function 09549A50 Relevance: .0, Instructions: 16COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 03a443516e67b96649dcb62910eff808d8c6c08f3712599eeb3dd47316a7a226
                                                                        • Instruction ID: fe915f584824d8de645c6a82cd481f747faa99e6e6b78915f9c7df7385040be1
                                                                        • Opcode Fuzzy Hash: 03a443516e67b96649dcb62910eff808d8c6c08f3712599eeb3dd47316a7a226
                                                                        • Instruction Fuzzy Hash: E7D01270A0420DEF8B40DFA8EA4455DBBB9DF45304B5041E8D408E3600DA316F409B85
                                                                        Function 0954AD80 Relevance: .0, Instructions: 16COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5431a72907b9e0d4c264ad5cfcf3baba2c2551806122f90a83e600005f02aa34
                                                                        • Instruction ID: df5801e719156e8c7fc2e22eb38a17a36a7be79842e2b93a18e28654967591f6
                                                                        • Opcode Fuzzy Hash: 5431a72907b9e0d4c264ad5cfcf3baba2c2551806122f90a83e600005f02aa34
                                                                        • Instruction Fuzzy Hash: 8FD01236B42714A7C214565AB418EAB7BAEDBCD732F04852AF60EC3790CF616C1387D5
                                                                        Function 095473B0 Relevance: .0, Instructions: 16COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5b5b1e985db75c7858faac165e27feaaa14d9608d5a00f33dae958747f6e72fc
                                                                        • Instruction ID: 0d667c0eeccf9d9c90ff02c62a88012e0b268767c6933906cdfac40a3aa41d8d
                                                                        • Opcode Fuzzy Hash: 5b5b1e985db75c7858faac165e27feaaa14d9608d5a00f33dae958747f6e72fc
                                                                        • Instruction Fuzzy Hash: 61D01770A0520CEF8B01EFA9EA4199DBBBAEF44214B1041A8D408E3380EB716E409B81
                                                                        Function 07732760 Relevance: .0, Instructions: 15COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738043753.0000000007730000.00000040.00000800.00020000.00000000.sdmp, Offset: 07730000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7730000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3273ac27b2a65aa9483064649feefc4660400692188d2a46c9ac0e4232985449
                                                                        • Instruction ID: c34314a22fe9ba0a21897d88d58bd3278ea68c3a8cb050ff814843c9cd1f532a
                                                                        • Opcode Fuzzy Hash: 3273ac27b2a65aa9483064649feefc4660400692188d2a46c9ac0e4232985449
                                                                        • Instruction Fuzzy Hash: F0D0C9325490148FDB06CFA9D892998B7B1AF86304729C1ADD80CDB317CB33A827CF84
                                                                        Function 07732728 Relevance: .0, Instructions: 15COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738043753.0000000007730000.00000040.00000800.00020000.00000000.sdmp, Offset: 07730000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7730000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0bb84c2f6becbc3e733d140b540841c3c4721c5df85016596a80b5d1083fbf45
                                                                        • Instruction ID: a840feccc36f0ac0d19ab59b74541978f2ac9af1caf049add45efb1cf0c389a8
                                                                        • Opcode Fuzzy Hash: 0bb84c2f6becbc3e733d140b540841c3c4721c5df85016596a80b5d1083fbf45
                                                                        • Instruction Fuzzy Hash: ECD0C972D4120CEFCB00EFF4990449EBBFAEF46250BA045E6D604D7261FE329A149B92
                                                                        Function 077324F0 Relevance: .0, Instructions: 15COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738043753.0000000007730000.00000040.00000800.00020000.00000000.sdmp, Offset: 07730000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7730000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9a93acbc4e878603ad272d4daf35053e5fd628db90c7e3de59f37572735f3353
                                                                        • Instruction ID: 733549a4eb95e39d26e38ac49720c5013eff5d852fd00c5b7db3fc637b26aa8d
                                                                        • Opcode Fuzzy Hash: 9a93acbc4e878603ad272d4daf35053e5fd628db90c7e3de59f37572735f3353
                                                                        • Instruction Fuzzy Hash: 2CD0C9355081048FD351CFA9ECD2A98B7B1EF96218328C2EDE459CB7A3CB37A417CA54
                                                                        Function 077318C8 Relevance: .0, Instructions: 15COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738043753.0000000007730000.00000040.00000800.00020000.00000000.sdmp, Offset: 07730000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7730000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b7a15e9e23af22f0c4f1cc3ff483f9683ae1fad8d61b0f526e49a210eecdb13a
                                                                        • Instruction ID: db4a649b67be7a1638837dbf6c250359a3488445642f3ad031bd04b64fb133fe
                                                                        • Opcode Fuzzy Hash: b7a15e9e23af22f0c4f1cc3ff483f9683ae1fad8d61b0f526e49a210eecdb13a
                                                                        • Instruction Fuzzy Hash: 9DD05E3180120CEFCB00EFB0950845E7BFAEF4520074004E6990483210FE328A409B81
                                                                        Function 076F9018 Relevance: .0, Instructions: 15COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5cf12666c2a2fb9dbc4ef78980c9df45657ca1a6bd94b89d2b955ad97328ff14
                                                                        • Instruction ID: 1f58667e7ae9af13e1db99da28bc09d26451d1b508f5c7e7941770a767775936
                                                                        • Opcode Fuzzy Hash: 5cf12666c2a2fb9dbc4ef78980c9df45657ca1a6bd94b89d2b955ad97328ff14
                                                                        • Instruction Fuzzy Hash: B5D01271215B24ABDA04668DA40D9ADB7ADDB8EA51F004056F50AC3391DFA51D0147D9
                                                                        Function 076F09D8 Relevance: .0, Instructions: 15COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6c51fb5aab46c7ce1c39b03b3371eb877040b32ac539301f31a7ba9f2fe11753
                                                                        • Instruction ID: 1bc33ca32631ed64526b46073933bbd3b39f76c9c14f2d2d119a37016d3ba1e5
                                                                        • Opcode Fuzzy Hash: 6c51fb5aab46c7ce1c39b03b3371eb877040b32ac539301f31a7ba9f2fe11753
                                                                        • Instruction Fuzzy Hash: 8BD0C971D4220CEFCB00EFF4994449EBBEAEB46200B9045E6D604DB261FE329E159B92
                                                                        Function 083A3BC8 Relevance: .0, Instructions: 15COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e1940dc2e6da300507abf2e72f03ab06b20f543ae61348daf6e0c5e476319603
                                                                        • Instruction ID: 86669abfd1efc052b6db4f6bc774bbe3eeb6f3ab17004bafbcdd57964b1e037f
                                                                        • Opcode Fuzzy Hash: e1940dc2e6da300507abf2e72f03ab06b20f543ae61348daf6e0c5e476319603
                                                                        • Instruction Fuzzy Hash: 82D0C971D4520CEFCB01EFF4D90549EBBEAEB86210B9045E6D604D7260FE369A149B92
                                                                        Function 083A40D1 Relevance: .0, Instructions: 15COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 98589d26a496b8b8b693cde93ed1a533d5eb23a7e26a0f157d915df4b8238f73
                                                                        • Instruction ID: bb474e835d8cf0caa038f7d35474bcfbc37dfcc20836439e47f026da1c6636b2
                                                                        • Opcode Fuzzy Hash: 98589d26a496b8b8b693cde93ed1a533d5eb23a7e26a0f157d915df4b8238f73
                                                                        • Instruction Fuzzy Hash: 7BD0C93168A2848FC7038A78E4A14D8BF719BA711431D81DAD448DF313CA22580BDB55
                                                                        Function 083A4358 Relevance: .0, Instructions: 15COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 85aa5939b7784c8a5b3090c93838ecde1a5c49fbe43c1f9c2180dcad7f73dfb2
                                                                        • Instruction ID: 208cc9c611a17f78f0863bb8e2452820495ebe574fa68c19336cf0c637209636
                                                                        • Opcode Fuzzy Hash: 85aa5939b7784c8a5b3090c93838ecde1a5c49fbe43c1f9c2180dcad7f73dfb2
                                                                        • Instruction Fuzzy Hash: E7D0C971D4120CEFCB00EFF4D90549EBBEAEF86200B9045E6D604DB260FE329A149B92
                                                                        Function 083A07F8 Relevance: .0, Instructions: 15COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b2a0213a5739f9da94ced475ba175166106b78dba7118b2ec7f02fba7f514fb3
                                                                        • Instruction ID: 14c48b68b76b5cf83f7b9fd606ea106d15be683bb9e13c555e734b90c20dfd49
                                                                        • Opcode Fuzzy Hash: b2a0213a5739f9da94ced475ba175166106b78dba7118b2ec7f02fba7f514fb3
                                                                        • Instruction Fuzzy Hash: 95D0A93000E3C64FC7032B28E80A8067F38ED43224B060AF6D0848E473C1BEAC89C7A2
                                                                        Function 0954C192 Relevance: .0, Instructions: 15COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 91987b8434e70640d885e30c6e4f8c43ebba815476f0789991774bce9742890a
                                                                        • Instruction ID: f86cabff423a5611f213d74c28fd51117c7301c7db1750dcea229c836972b2bd
                                                                        • Opcode Fuzzy Hash: 91987b8434e70640d885e30c6e4f8c43ebba815476f0789991774bce9742890a
                                                                        • Instruction Fuzzy Hash: 84D0E2757000088BCB04DF98E244AEA77B1EBD8329F2000E5D109AB250D630AD058BD1
                                                                        Function 09543268 Relevance: .0, Instructions: 15COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: af43e2d36d12b05e7435eab1d6fff869af342a18f25d76e411d2be8257a0541a
                                                                        • Instruction ID: f6847921a581b11488c66a0e1340b2610047c056eeeaaefe42889c9b6120d658
                                                                        • Opcode Fuzzy Hash: af43e2d36d12b05e7435eab1d6fff869af342a18f25d76e411d2be8257a0541a
                                                                        • Instruction Fuzzy Hash: 54D0C9763002049FE344EA98D855A65B3EADB98A24B14C429E809C7341EA72FE178A54
                                                                        Function 076F5FC1 Relevance: .0, Instructions: 14COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b9e02763494d2bb3395f0d303db35bb6eb1356a4f0bff7713b6ff78b10d88137
                                                                        • Instruction ID: a696b6564071ebe0093450ae4e12642abe27040dfcb3058cfcd9f2b1b8fb732d
                                                                        • Opcode Fuzzy Hash: b9e02763494d2bb3395f0d303db35bb6eb1356a4f0bff7713b6ff78b10d88137
                                                                        • Instruction Fuzzy Hash: 3CD0C9740687C48FC3024BA9E864A427FB8AE4B96478540DAE599CFA23C220F810CB22
                                                                        Function 076F8EA8 Relevance: .0, Instructions: 14COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: be3ee00821502482a819b1e4620febfacb9f0eca0593129b2e5c7fc8af85b873
                                                                        • Instruction ID: 4442288284d8090ad14b6b9859e8be7a1804512942cb414eb704661333ccd00d
                                                                        • Opcode Fuzzy Hash: be3ee00821502482a819b1e4620febfacb9f0eca0593129b2e5c7fc8af85b873
                                                                        • Instruction Fuzzy Hash: 7CD0C93A045184EFCB42DF60E84AC847F65EF152607418082FA488BA33DB32DA61DB51
                                                                        Function 07737688 Relevance: .0, Instructions: 13COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738043753.0000000007730000.00000040.00000800.00020000.00000000.sdmp, Offset: 07730000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7730000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 636b34809cbacd323597a2aee149bf6daa06633838f0a54ae12bcd1059e90916
                                                                        • Instruction ID: 07d3271f70855dbccb5aa53beeb9cec18daaddba6e47055c6b7a72e99ffe978c
                                                                        • Opcode Fuzzy Hash: 636b34809cbacd323597a2aee149bf6daa06633838f0a54ae12bcd1059e90916
                                                                        • Instruction Fuzzy Hash: E6E07E78A01728CFDBA4DF14C884A99B7B1FB4A310F2085E5D80AA3754DB35AE81CF02
                                                                        Function 0773495F Relevance: .0, Instructions: 13COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738043753.0000000007730000.00000040.00000800.00020000.00000000.sdmp, Offset: 07730000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7730000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9015faaa8eed186a62bddeccfc730e3bd0e464d6860900c705f039dbd1be579f
                                                                        • Instruction ID: a4714f0ee277695e47ecd27c3d9dbffeb24cbb5b84d85b9a34af779721e817aa
                                                                        • Opcode Fuzzy Hash: 9015faaa8eed186a62bddeccfc730e3bd0e464d6860900c705f039dbd1be579f
                                                                        • Instruction Fuzzy Hash: 30D02EB0E00220CBDB00AB90C48076A33B0AB463D0F1004F1C80AA3B82CB384D80CB83
                                                                        Function 076F01F0 Relevance: .0, Instructions: 13COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: aefc585908bdea4ca4b7af68017fe865e1573ffef49075b542dcf4ded2caf10b
                                                                        • Instruction ID: 87aa28ed5b1172b369b36d553969bbfa1692431dae04ca4d4438ca2a2067bc1e
                                                                        • Opcode Fuzzy Hash: aefc585908bdea4ca4b7af68017fe865e1573ffef49075b542dcf4ded2caf10b
                                                                        • Instruction Fuzzy Hash: 21D0C9315197848FC3428B68E84A4047BB1AF46660311C0EAE8898BA32C620BC148B86
                                                                        Function 076F8DE1 Relevance: .0, Instructions: 13COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ca6621f27e2d9f5489f99fc491531d1e29a7a38b36960eb1e0201bfd3d8dc3f9
                                                                        • Instruction ID: 47472c1c251d7fad1ef11690dc6f8389cd635d425810927ba4f22a0cd778b8e6
                                                                        • Opcode Fuzzy Hash: ca6621f27e2d9f5489f99fc491531d1e29a7a38b36960eb1e0201bfd3d8dc3f9
                                                                        • Instruction Fuzzy Hash: C9C08C2200EBD88FC703ABE078180E2BF38AD0B02130842D7F088E9467C91855008362
                                                                        Function 076F11A8 Relevance: .0, Instructions: 12COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 55442a2dbedc90e67bae3e3a623c9c5bac16473829d7c27ee4a6ce8d13a50e95
                                                                        • Instruction ID: 2cb8092328fb4fe1ff52315c629580a1c1280511701377309b333956dd1a6cd2
                                                                        • Opcode Fuzzy Hash: 55442a2dbedc90e67bae3e3a623c9c5bac16473829d7c27ee4a6ce8d13a50e95
                                                                        • Instruction Fuzzy Hash: 99C08C213040285381063288A0185EE725ECB8A6A4B0000AAA20A83744CE600C0102D6
                                                                        Function 076F5FA0 Relevance: .0, Instructions: 12COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cca3e31bf8f9a7509b0231be351861fee2e069464ff5054139834c851d2af7c8
                                                                        • Instruction ID: ba87cce43d9f7acccbc5e0a6a8603b7e516c466e93506665c2b9bfb7a039ada8
                                                                        • Opcode Fuzzy Hash: cca3e31bf8f9a7509b0231be351861fee2e069464ff5054139834c851d2af7c8
                                                                        • Instruction Fuzzy Hash: C7D0122040FBC04EC71353F99469B8ABF788D8315078845CFC4CAC3C13C6246014CB12
                                                                        Function 076F1BE4 Relevance: .0, Instructions: 12COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3fec9385abe052787555654afcea74370db7661da2e7c15c4d303abb36e31b32
                                                                        • Instruction ID: 2da7d0f2311fe3d4c960b969ec7ae3e657679c55354d2b8b687c0d9f474cb0f4
                                                                        • Opcode Fuzzy Hash: 3fec9385abe052787555654afcea74370db7661da2e7c15c4d303abb36e31b32
                                                                        • Instruction Fuzzy Hash: 0CD05EF4E00125CFEB049F14D844B5CB7B0FB0A341F4100B9DA57A3240D3705C018E82
                                                                        Function 076F19D2 Relevance: .0, Instructions: 12COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: afd4098f522b0b8a03fe923c24eab9295d3da3b46c2727c0fe3f09d403d9ca98
                                                                        • Instruction ID: f573037be0313f4d99158344cb1829135329fd4708c9e094db977d8cdfc4a7b0
                                                                        • Opcode Fuzzy Hash: afd4098f522b0b8a03fe923c24eab9295d3da3b46c2727c0fe3f09d403d9ca98
                                                                        • Instruction Fuzzy Hash: 0CD0C9F5A00612CFEB046F28D458B19B3A5FB097A1F5914B8DA5BA3280DB64E8028E91
                                                                        Function 09545F50 Relevance: .0, Instructions: 12COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 72f99a576476b4df86a03c8838b310af93bdfae0519b67d5d6b5d24961846882
                                                                        • Instruction ID: fef563785c192a5f7fd576c12a52cba6cfcfc8e4bb69fe5804a2ea5851f981cc
                                                                        • Opcode Fuzzy Hash: 72f99a576476b4df86a03c8838b310af93bdfae0519b67d5d6b5d24961846882
                                                                        • Instruction Fuzzy Hash: BCD012315403198FCB02BF74E1094197B66FA847083400975E10A8B315DF7999869B8A
                                                                        Function 077327A0 Relevance: .0, Instructions: 11COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738043753.0000000007730000.00000040.00000800.00020000.00000000.sdmp, Offset: 07730000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7730000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9168e75b330b216f4593c2b78a3df8815bd38b8043c5216247d508a43bb84a77
                                                                        • Instruction ID: caf2c3c751d3bb2b09e1b1d4ec5dab4948ce8bea23819817b2dada416fd43899
                                                                        • Opcode Fuzzy Hash: 9168e75b330b216f4593c2b78a3df8815bd38b8043c5216247d508a43bb84a77
                                                                        • Instruction Fuzzy Hash: 12C08C3700A6C19FC7028B30D88B4443FA0EE37100328D0D2C009C2113C731D416D701
                                                                        Function 076F7AC8 Relevance: .0, Instructions: 11COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                                                                        • Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
                                                                        • Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                                                                        • Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694
                                                                        Function 09544E18 Relevance: .0, Instructions: 11COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                                                                        • Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
                                                                        • Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                                                                        • Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694
                                                                        Function 09543278 Relevance: .0, Instructions: 11COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                                                                        • Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
                                                                        • Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                                                                        • Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694
                                                                        Function 076F8EB8 Relevance: .0, Instructions: 9COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9360f6c3753071abd6b5a8e86689413885372535260cb3c19a445abdef9116e5
                                                                        • Instruction ID: 740b9759760942d22b17a3cca9430a66c5404184698edbd653c299f37843b55b
                                                                        • Opcode Fuzzy Hash: 9360f6c3753071abd6b5a8e86689413885372535260cb3c19a445abdef9116e5
                                                                        • Instruction Fuzzy Hash: ECC04C39140108EFCB419F55D844C45BBA9FF19770741C051F9494B632C732E960DB50
                                                                        Function 07732770 Relevance: .0, Instructions: 8COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738043753.0000000007730000.00000040.00000800.00020000.00000000.sdmp, Offset: 07730000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7730000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                                                                        • Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
                                                                        • Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                                                                        • Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4
                                                                        Function 07732500 Relevance: .0, Instructions: 8COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738043753.0000000007730000.00000040.00000800.00020000.00000000.sdmp, Offset: 07730000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7730000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                                                                        • Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
                                                                        • Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                                                                        • Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4
                                                                        Function 076F6710 Relevance: .0, Instructions: 8COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                                                                        • Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
                                                                        • Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                                                                        • Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4
                                                                        Function 083A40E0 Relevance: .0, Instructions: 8COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                                                                        • Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
                                                                        • Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                                                                        • Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4
                                                                        Function 077338E3 Relevance: .0, Instructions: 7COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738043753.0000000007730000.00000040.00000800.00020000.00000000.sdmp, Offset: 07730000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7730000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7f9beb5a62e6a8791a043a425c877f6650ccb3566e3789e27c701d021ef2efd1
                                                                        • Instruction ID: 57e8cec8d19fd1a3a412ecae9b935c5f4d5f48ff8b8c30fb6ccf777ea90f4aec
                                                                        • Opcode Fuzzy Hash: 7f9beb5a62e6a8791a043a425c877f6650ccb3566e3789e27c701d021ef2efd1
                                                                        • Instruction Fuzzy Hash: A6C0487060060ACFEB20ABA0E8589AE7B31FB403C5B104564F41296119DA3098869A10
                                                                        Function 076FF3E0 Relevance: .0, Instructions: 7COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5a064f353b828c96f2a0042a66e8371bb403a7c1ac6df51c34b3ab02701b05d8
                                                                        • Instruction ID: 880551c520655fba7e28427b77425441639194602d49d4c16c71485b44daddc3
                                                                        • Opcode Fuzzy Hash: 5a064f353b828c96f2a0042a66e8371bb403a7c1ac6df51c34b3ab02701b05d8
                                                                        • Instruction Fuzzy Hash: CAB0123004820E4FCA007B74F50A5447F1CD6452067404131E00D0A1255A7C7D9546D4
                                                                        Function 076F0200 Relevance: .0, Instructions: 7COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8ab4bbdd17a120ddc1ef3c4cf224515beb75f8373d4b4482147fda78e6e90976
                                                                        • Instruction ID: 20159973dc6c4478fa717a34ac84a2881d4813b9dc5cbab7339b5de6a68ee492
                                                                        • Opcode Fuzzy Hash: 8ab4bbdd17a120ddc1ef3c4cf224515beb75f8373d4b4482147fda78e6e90976
                                                                        • Instruction Fuzzy Hash: 0DB01231250208CFC300DB6CE444C0033FCAF4DA1431000D0F10C8B331C721FC008A40
                                                                        Function 076F828B Relevance: .0, Instructions: 7COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cc0055066e4002886363794e3e4445ff016631935264cf9903e955f87b8dc2ac
                                                                        • Instruction ID: e3035e1df7ffdbc822d593d919369507016f68dfc9301ef73b291b06a96b9eaf
                                                                        • Opcode Fuzzy Hash: cc0055066e4002886363794e3e4445ff016631935264cf9903e955f87b8dc2ac
                                                                        • Instruction Fuzzy Hash: 27B0123BB400199ACB00D6C8F4504ECFB30EBD4332F004033C300620008B31157AC760
                                                                        Function 076F5F90 Relevance: .0, Instructions: 7COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9595624a4e0f29354b960da1d05594d8c04970dc059046f5c46c3cadfcc90daf
                                                                        • Instruction ID: 19ae7ab630e199ca59750321b9417556a7d636762dfce4460639e4203ee02302
                                                                        • Opcode Fuzzy Hash: 9595624a4e0f29354b960da1d05594d8c04970dc059046f5c46c3cadfcc90daf
                                                                        • Instruction Fuzzy Hash: ABB01230140208CFC300DF5DE549C013FECEF08A0434100D0F1088B732C721FC008A51
                                                                        Function 083A0808 Relevance: .0, Instructions: 7COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 14328d7c2d9639161a0e69c18ef67fe2927ad243cd0af52a5d114f4989ae00b6
                                                                        • Instruction ID: f13282f23299b799b1381240fb2fda908c85515e3a149bfa0eb37bd1305bb0a8
                                                                        • Opcode Fuzzy Hash: 14328d7c2d9639161a0e69c18ef67fe2927ad243cd0af52a5d114f4989ae00b6
                                                                        • Instruction Fuzzy Hash: B3B0123004820E4FC7006795F90A90DBB2DEAC0324B401A70E00C05D3A9ABE7C984BC4
                                                                        Function 076F6030 Relevance: .0, Instructions: 6COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 60210e8799c255f7d43bf37c47324fdaff56781ef56a4cc419e3a9eecf958bd8
                                                                        • Instruction ID: 7643370001d80c11de7f3fb77b06afddfa6852cf4ec36ac4b989203876315c5e
                                                                        • Opcode Fuzzy Hash: 60210e8799c255f7d43bf37c47324fdaff56781ef56a4cc419e3a9eecf958bd8
                                                                        • Instruction Fuzzy Hash: 5CA02230002B0C8A820832F0A000020338C8880F0C38000B8820C0AAA00833F0A088AA
                                                                        Function 077327B0 Relevance: .0, Instructions: 5COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738043753.0000000007730000.00000040.00000800.00020000.00000000.sdmp, Offset: 07730000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7730000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 58c544ec67851ffc13a129ea617dcbabaa02098adcfb73d1937f6a3feed2679e
                                                                        • Instruction ID: 312b4bf2e74ffe5da9b99be1981ee29bb5a7a72e0cf796fff2a15f32784fbd5b
                                                                        • Opcode Fuzzy Hash: 58c544ec67851ffc13a129ea617dcbabaa02098adcfb73d1937f6a3feed2679e
                                                                        • Instruction Fuzzy Hash: EF902230000E0C8F020033803008800B30CC0200003800080A00C800020AA0E8000080
                                                                        Function 076F3200 Relevance: .0, Instructions: 5COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4d3e9fa41bf0cb354d33b2b7c25b336f47dc24cb964aa80b77fd0249baa1716f
                                                                        • Instruction ID: c4c566cf3a2f7010f28ff92bf8d31f068a6803cf87dad39cba490a9985a0a661
                                                                        • Opcode Fuzzy Hash: 4d3e9fa41bf0cb354d33b2b7c25b336f47dc24cb964aa80b77fd0249baa1716f
                                                                        • Instruction Fuzzy Hash: D9900275044A0C8F898037957409955B75CD5445157804191E50D416065AAAA4545599
                                                                        Function 076F5FB0 Relevance: .0, Instructions: 5COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c468aed94e341a448f4799ff7aaf8437de3c8e90b7e406f3c4cf208088dc28a8
                                                                        • Instruction ID: 9101f13ba6666744dbb01beba019f89d98bd1a2b1b9d85833e24adffe98c6d3d
                                                                        • Opcode Fuzzy Hash: c468aed94e341a448f4799ff7aaf8437de3c8e90b7e406f3c4cf208088dc28a8
                                                                        • Instruction Fuzzy Hash: 1A900231249A0C8F458037D67409956B79CD544515780409AA50D425165B6565144595
                                                                        Function 076F8DF0 Relevance: .0, Instructions: 5COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3f1d2d44183101396224e9c8d446cf344bedab218ac1ae379f34a4ba863f1bba
                                                                        • Instruction ID: 087fab1f2d290119d6f9125fadddd75c2b793e9531c6adf1043f17d5f9412834
                                                                        • Opcode Fuzzy Hash: 3f1d2d44183101396224e9c8d446cf344bedab218ac1ae379f34a4ba863f1bba
                                                                        • Instruction Fuzzy Hash: CF900231445A0CDF4A403796740D996775CD5445277840091B50D415055E5964504595

                                                                        Non-executed Functions

                                                                        Function 083A87DF Relevance: 14.8, Strings: 11, Instructions: 1051COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738959801.00000000083A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_83a0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (_^q$(_^q$,bq$4c^q$4c^q$Hbq$Nv]q$$^q$$^q$c^q$c^q
                                                                        • API String ID: 0-3459267885
                                                                        • Opcode ID: 0fafad1df577f0d0fdd6eaf96a53436ac2a10f8186715bb57055f39e76169456
                                                                        • Instruction ID: 3ff27c4c0418f9ac6075c072f7864f362bb0a7e4318479153960c18e09a7ea21
                                                                        • Opcode Fuzzy Hash: 0fafad1df577f0d0fdd6eaf96a53436ac2a10f8186715bb57055f39e76169456
                                                                        • Instruction Fuzzy Hash: ED728A20F401288FCB5AAB7D445477D6AD3BFCDB41B6048ADD01AEB394EE35DC864B92
                                                                        Function 078CDDC7 Relevance: 11.3, Strings: 8, Instructions: 1348COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738205262.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_78c0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$$^q
                                                                        • API String ID: 0-251387970
                                                                        • Opcode ID: bccefed0e441e1f2cdb83976fa816ed751d2918899966d74f40e70c55cf7e0a5
                                                                        • Instruction ID: 27174e67468eb855d3cec660a12bfe62233f837fb0f697af4eb494bfc67a88f5
                                                                        • Opcode Fuzzy Hash: bccefed0e441e1f2cdb83976fa816ed751d2918899966d74f40e70c55cf7e0a5
                                                                        • Instruction Fuzzy Hash: 59E20770D402289FCB66EF64C950BDDBBB6FF88300F5055E9D108AB268DB355E899F81
                                                                        Function 078CDDD8 Relevance: 11.3, Strings: 8, Instructions: 1342COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738205262.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_78c0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$$^q
                                                                        • API String ID: 0-251387970
                                                                        • Opcode ID: 25924d194f9a970434f99ab6ee63c0e99ff75026a9aadb30ae79568bc885d223
                                                                        • Instruction ID: 1b0a8094f8861b0e40eeec3fc517641677056c1f7112b8343065b93a4c4d177e
                                                                        • Opcode Fuzzy Hash: 25924d194f9a970434f99ab6ee63c0e99ff75026a9aadb30ae79568bc885d223
                                                                        • Instruction Fuzzy Hash: 38E20770D402289FCB66EF64C950BDDBBB6FF88300F5055E9D108AB268DB355E899F81
                                                                        Function 0040CE09 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • IsDebuggerPresent.KERNEL32 ref: 004136F4
                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00413709
                                                                        • UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 00413714
                                                                        • GetCurrentProcess.KERNEL32(C0000409), ref: 00413730
                                                                        • TerminateProcess.KERNEL32(00000000), ref: 00413737
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                        • String ID:
                                                                        • API String ID: 2579439406-0
                                                                        • Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                        • Instruction ID: 93bf0ba95bc2a0faef8203f21c221f33afe887fd41373e09ae0fa508b254143b
                                                                        • Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                        • Instruction Fuzzy Hash: A521C3B4601204EFD720DF65E94A6457FB4FB08356F80407AE50887772E7B86682CF4D
                                                                        Function 00408C60 Relevance: 4.1, Strings: 3, Instructions: 377COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: @$@$PA
                                                                        • API String ID: 0-3039612711
                                                                        • Opcode ID: 524773d1bc2011db47f0014430bcd25baf081f96639b8f8b2c6f9a821cea509b
                                                                        • Instruction ID: 284407f43597d2b1529aa5dbb826e4f49811f0ea4eaa41d9cabafce47d44ff82
                                                                        • Opcode Fuzzy Hash: 524773d1bc2011db47f0014430bcd25baf081f96639b8f8b2c6f9a821cea509b
                                                                        • Instruction Fuzzy Hash: 64E159316083418FC724DF28C58066BB7E1AFD9314F14493EE8C5A7391EB79D949CB8A
                                                                        Function 077318FB Relevance: 4.0, Strings: 3, Instructions: 259COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2738043753.0000000007730000.00000040.00000800.00020000.00000000.sdmp, Offset: 07730000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7730000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: TJcq$Te^q$xbaq
                                                                        • API String ID: 0-3225726259
                                                                        • Opcode ID: 5f04991063722dc9d36d989d9e1c4b9d45da7b922c158b844917b28ea1628d7f
                                                                        • Instruction ID: b8474d868bf8f69f42c036d2f6b8371f7df8847b79d391169b42673b64f97654
                                                                        • Opcode Fuzzy Hash: 5f04991063722dc9d36d989d9e1c4b9d45da7b922c158b844917b28ea1628d7f
                                                                        • Instruction Fuzzy Hash: E7A16DB0B106199FDB14DF68C984BADBBF2BF89340F5485A8D419EB355DB30AD46CB80
                                                                        Function 029050F8 Relevance: 2.7, Strings: 2, Instructions: 198COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2734337716.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_2900000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4'^q$4'^q
                                                                        • API String ID: 0-2697143702
                                                                        • Opcode ID: 54401be7b3fd5aa7ed71f52f8b177e696948e2753bb06a6aec6076ed77d62cae
                                                                        • Instruction ID: 7f32fa3fd8435ceed75e4dadc85c769b86d07de7836f44fefce9a5a5be558e3e
                                                                        • Opcode Fuzzy Hash: 54401be7b3fd5aa7ed71f52f8b177e696948e2753bb06a6aec6076ed77d62cae
                                                                        • Instruction Fuzzy Hash: 24817B70945204AFD709EF7AE99069EBFB3FFC4310F64C579D0049B268EB3959058B51
                                                                        Function 02905108 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2734337716.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_2900000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4'^q$4'^q
                                                                        • API String ID: 0-2697143702
                                                                        • Opcode ID: f325e60655b32a2ae07588c7caeaa0a6042a3f705ca16285f1095e68b7a362c9
                                                                        • Instruction ID: 0233a38ea94b00bd121f6776f63c2997d5bd8dffcb92e09835b60d21a7f82485
                                                                        • Opcode Fuzzy Hash: f325e60655b32a2ae07588c7caeaa0a6042a3f705ca16285f1095e68b7a362c9
                                                                        • Instruction Fuzzy Hash: B6715770E45204AFD709EF6AE99069ABFE3FFC8310F64C539D0049B268EB3959498F41
                                                                        Function 0040ADB0 Relevance: 2.5, APIs: 2, Instructions: 23memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetProcessHeap.KERNEL32 ref: 0040ADD0
                                                                        • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040ADE1
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID: Heap$FreeProcess
                                                                        • String ID:
                                                                        • API String ID: 3859560861-0
                                                                        • Opcode ID: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                        • Instruction ID: 72dd180cd7110ee49b406fd12918c6a771032a3efea8c67e715e4993f3fed615
                                                                        • Opcode Fuzzy Hash: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                        • Instruction Fuzzy Hash: 54E09A312003009FC320AB61DC08FA337AAEF88311F04C829E55A936A0DB78EC42CB58
                                                                        Function 004123F1 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SetUnhandledExceptionFilter.KERNEL32(Function_000123AF), ref: 004123F6
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID: ExceptionFilterUnhandled
                                                                        • String ID:
                                                                        • API String ID: 3192549508-0
                                                                        • Opcode ID: 4924e8eeaf860e2c76ee0bfea96ab0c911441afc8f12962253436aa9ca0899ee
                                                                        • Instruction ID: 17be93bd3878235df00445469c4c747c8dbd7a907b9f456768254b9c32cbcc1b
                                                                        • Opcode Fuzzy Hash: 4924e8eeaf860e2c76ee0bfea96ab0c911441afc8f12962253436aa9ca0899ee
                                                                        • Instruction Fuzzy Hash: CA900270661144D7865017705D0968669949B4C6427618471653DD4098DBAA40505569
                                                                        Function 00407C3F Relevance: .8, Instructions: 783COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8976f0a61fc1960936828f21bd26f3318fd330ab7a4f50ce487ee3b945538f04
                                                                        • Instruction ID: d5e3495c9826dce769b252ea72d1bcaf7b5d46a24141b332915225fd3cdae7ad
                                                                        • Opcode Fuzzy Hash: 8976f0a61fc1960936828f21bd26f3318fd330ab7a4f50ce487ee3b945538f04
                                                                        • Instruction Fuzzy Hash: 9852A471A047129FC708CF29C99066AB7E1FF88304F044A3EE896E7B81D739E955CB95
                                                                        Function 004073A0 Relevance: .6, Instructions: 633COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 20055dc05f39624d89f9d13173d00032c9ddb5f23ed3028259e70998ae7a08b4
                                                                        • Instruction ID: 17d22deff8d32e931318445bbea846c6b698fa6fcc44f6923348d96d7e24b863
                                                                        • Opcode Fuzzy Hash: 20055dc05f39624d89f9d13173d00032c9ddb5f23ed3028259e70998ae7a08b4
                                                                        • Instruction Fuzzy Hash: 0A329E70A087029FD318CF29C98472AB7E1BF84304F148A3EE89567781D779E955CBDA
                                                                        Function 00406CA0 Relevance: .4, Instructions: 401COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 020392db844ceed98276714fd2150c2ad4a639f6bad3fb02a1d0621011a6745a
                                                                        • Instruction ID: cc67e10771130af0a5279b37c8f7fa75a2653c997645fd1ae8a0b8309c7f2627
                                                                        • Opcode Fuzzy Hash: 020392db844ceed98276714fd2150c2ad4a639f6bad3fb02a1d0621011a6745a
                                                                        • Instruction Fuzzy Hash: 48E1D6306083514FC708CF28C99456ABBE2EFC5304F198A7EE8D68B386D779D94ACB55
                                                                        Function 076F6D20 Relevance: .3, Instructions: 303COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c86b07c87659bd636bc2eae978eeef8d4146ed80222c7535d24bcd601d39fbc4
                                                                        • Instruction ID: 4e78391779f44a921d052ee0cd8044d390c50a11dccc7b756fb5ccb2539acf61
                                                                        • Opcode Fuzzy Hash: c86b07c87659bd636bc2eae978eeef8d4146ed80222c7535d24bcd601d39fbc4
                                                                        • Instruction Fuzzy Hash: EAB16CB1E1022A9FCB11CBA9D9806ADFBF1FF48310F64866AD556E7205D734E942CB90
                                                                        Function 00402B90 Relevance: .2, Instructions: 212COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 519d71d31dfe2b71d65c539f7253ce4d0ce1a0c509a5eaaf561cac07154b4855
                                                                        • Instruction ID: 74c1b90a01db230de662c72faab58802bb742d928f34651097fec506a9751401
                                                                        • Opcode Fuzzy Hash: 519d71d31dfe2b71d65c539f7253ce4d0ce1a0c509a5eaaf561cac07154b4855
                                                                        • Instruction Fuzzy Hash: 15717072A9155347E39CCF5CECD17763713DBC5351F49C23ACA025B6EAC938A922C688
                                                                        Function 076F6D10 Relevance: .2, Instructions: 189COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2737998109.00000000076F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_76f0000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7f6da425be711cfa930c32fcfb12f2c032907380e397785f84c41960ae7614f2
                                                                        • Instruction ID: ed86356094596b7cd9a35690d7a1408bac5f405174c1511ffb4e1fad923c85f4
                                                                        • Opcode Fuzzy Hash: 7f6da425be711cfa930c32fcfb12f2c032907380e397785f84c41960ae7614f2
                                                                        • Instruction Fuzzy Hash: 6A717CB1E0122A9FCB11CFA8C9806EDFBF2FF48310F18866AD555E7205D334A946CB90
                                                                        Function 004028B0 Relevance: .2, Instructions: 184COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 56d4400f77c04dc4446d24fbb084ed78fa0beaad766ef6ff58d44a670f1be69a
                                                                        • Instruction ID: e93c334361593eb17f37b37ed9e80cdb2c00b1b1e1af3e0e9a736190e966ddef
                                                                        • Opcode Fuzzy Hash: 56d4400f77c04dc4446d24fbb084ed78fa0beaad766ef6ff58d44a670f1be69a
                                                                        • Instruction Fuzzy Hash: 4A615E3266055747E391DF6DEEC47663762EBC9351F18C630CA008B6A6CB39B92297CC
                                                                        Function 00401650 Relevance: .1, Instructions: 111COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f84f8abda09efbfc4fc50908dec446613bf2f52d635c093d4d9c5e236f650133
                                                                        • Instruction ID: 39afabd8a370e1aacf823bb5b0eb141e0e266d105c364ee31248ba7b153c19f0
                                                                        • Opcode Fuzzy Hash: f84f8abda09efbfc4fc50908dec446613bf2f52d635c093d4d9c5e236f650133
                                                                        • Instruction Fuzzy Hash: 2851F94400D7E18EC716873A44E0AA7BFD10FAB115F4E9ACDA5E90B2E3C159C288DB77
                                                                        Function 00402F20 Relevance: .1, Instructions: 103COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5804b07f674ae3d268ec1438c7da71b35f3107e62f64f1f633515dfb68ee091a
                                                                        • Instruction ID: cff114a85fcb8f5deb46d81d22c4208fa3965af46b01a687ebeadebabb5a60ab
                                                                        • Opcode Fuzzy Hash: 5804b07f674ae3d268ec1438c7da71b35f3107e62f64f1f633515dfb68ee091a
                                                                        • Instruction Fuzzy Hash: 9A31D8302052028BE738CE19C954BEBB3B5AFC0349F44883ED986A73C4DABDD945D795
                                                                        Function 00402F89 Relevance: .1, Instructions: 77COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9961543af999a1320c5b9d9b8c59a9b64f893fc8dbb42675723320a25693eab2
                                                                        • Instruction ID: 40597224e526abc728bb10992f322fa75c91b34d76fbbe6bc80328d1c420bfc2
                                                                        • Opcode Fuzzy Hash: 9961543af999a1320c5b9d9b8c59a9b64f893fc8dbb42675723320a25693eab2
                                                                        • Instruction Fuzzy Hash: F321923170520247EB68C929C9547ABB3A5ABC0389F48853EC986A73C8DAB9E941D785
                                                                        Function 00417081 Relevance: 31.8, APIs: 21, Instructions: 340COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004170B3
                                                                        • GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,028118C0), ref: 004170C5
                                                                        • MultiByteToWideChar.KERNEL32(7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00417151
                                                                        • _malloc.LIBCMT ref: 0041718A
                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171BD
                                                                        • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171D9
                                                                        • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,?,?), ref: 00417213
                                                                        • _malloc.LIBCMT ref: 0041724C
                                                                        • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 00417277
                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 0041729A
                                                                        • __freea.LIBCMT ref: 004172A4
                                                                        • __freea.LIBCMT ref: 004172AD
                                                                        • ___ansicp.LIBCMT ref: 004172DE
                                                                        • ___convertcp.LIBCMT ref: 00417309
                                                                        • LCMapStringA.KERNEL32(?,?,00000000,?,00000000,00000000,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?), ref: 0041732A
                                                                        • _malloc.LIBCMT ref: 00417362
                                                                        • _memset.LIBCMT ref: 00417384
                                                                        • LCMapStringA.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?), ref: 0041739C
                                                                        • ___convertcp.LIBCMT ref: 004173BA
                                                                        • __freea.LIBCMT ref: 004173CF
                                                                        • LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004173E9
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID: String$ByteCharMultiWide__freea_malloc$___convertcp$ErrorLast___ansicp_memset
                                                                        • String ID:
                                                                        • API String ID: 3809854901-0
                                                                        • Opcode ID: 699406c386ffa869d5cdd020c3adf727bae4a7aedc43fc2fcbe963bd6ef1e29e
                                                                        • Instruction ID: cdfffc9a1d2b3026f9ae82d5cc8d175594050d3ba9b5f3d3ede674b9b5b9b85c
                                                                        • Opcode Fuzzy Hash: 699406c386ffa869d5cdd020c3adf727bae4a7aedc43fc2fcbe963bd6ef1e29e
                                                                        • Instruction Fuzzy Hash: 29B1B072908119EFCF119FA0CC808EF7BB5EF48354B14856BF915A2260D7398DD2DB98
                                                                        Function 09548D21 Relevance: 14.0, Strings: 11, Instructions: 296COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (bq$HgBl$HgBl$HgBl$HgBl$#{Wi^$3{Wi^$C{Wi^$S{Wi^$fBl$fBl
                                                                        • API String ID: 0-3061780014
                                                                        • Opcode ID: bdffab89610ce7da4bf1e676fa1a1a457b253b3f3020fde20f4447a7caffa4fa
                                                                        • Instruction ID: 2a9ea8cdb0c162dd42492baa38838acda20f06fff8e228de3af5ee54c6032f7c
                                                                        • Opcode Fuzzy Hash: bdffab89610ce7da4bf1e676fa1a1a457b253b3f3020fde20f4447a7caffa4fa
                                                                        • Instruction Fuzzy Hash: D4B1EE707042015FC34A9B3994157AEBBA3EFC6318F18896DC14A9F341DB76EC4A8BD5
                                                                        Function 09548DB8 Relevance: 12.7, Strings: 10, Instructions: 244COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: HgBl$HgBl$HgBl$HgBl$#{Wi^$3{Wi^$C{Wi^$S{Wi^$fBl$fBl
                                                                        • API String ID: 0-1268208184
                                                                        • Opcode ID: cb68283446f26df2944e9a1b90ffe3f42ba9e804f6ca6af99b111014f0fe7a3f
                                                                        • Instruction ID: fca014f6e52ecc32d5885fd282655ddf4b2cc30de29671caf690aed73e034e78
                                                                        • Opcode Fuzzy Hash: cb68283446f26df2944e9a1b90ffe3f42ba9e804f6ca6af99b111014f0fe7a3f
                                                                        • Instruction Fuzzy Hash: 5C91BF706042015FC746AB3895156AEBBA3EFC6308F18896DC14D9F341DF76EC4A8BD9
                                                                        Function 004057B0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 205COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • _malloc.LIBCMT ref: 004057DE
                                                                          • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                          • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                          • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                        • _malloc.LIBCMT ref: 00405842
                                                                        • _malloc.LIBCMT ref: 00405906
                                                                        • _malloc.LIBCMT ref: 00405930
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID: _malloc$AllocateHeap
                                                                        • String ID: 1.2.3
                                                                        • API String ID: 680241177-2310465506
                                                                        • Opcode ID: 1371ffb49ce3b8dee1113081a69af0fad64233f45308895947edc3c59a7df708
                                                                        • Instruction ID: 6f54ea0e5a0cddcbb7a6eab5c61130b8c10e9e343dc86a4c4a61a5a67c51a18e
                                                                        • Opcode Fuzzy Hash: 1371ffb49ce3b8dee1113081a69af0fad64233f45308895947edc3c59a7df708
                                                                        • Instruction Fuzzy Hash: 8B61F7B1944B408FD720AF2A888066BBBE0FB45314F548D3FE5D5A3781D739D8498F5A
                                                                        Function 0040BCC2 Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                        • String ID:
                                                                        • API String ID: 3886058894-0
                                                                        • Opcode ID: 61b9ef8a6f765c58139a33a573ef994292dae8fcc9e916c915b81b6d9ebba236
                                                                        • Instruction ID: 0234425abcb0213f77efd30778ac7634d7a408156a07f93f58cd91f86a00e979
                                                                        • Opcode Fuzzy Hash: 61b9ef8a6f765c58139a33a573ef994292dae8fcc9e916c915b81b6d9ebba236
                                                                        • Instruction Fuzzy Hash: 1E519031A00605ABCB209F69C844A9FBB75EF41324F24863BF825B22D1D7799E51CBDD
                                                                        Function 0040C73D Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • __lock_file.LIBCMT ref: 0040C6C8
                                                                        • __fileno.LIBCMT ref: 0040C6D6
                                                                        • __fileno.LIBCMT ref: 0040C6E2
                                                                        • __fileno.LIBCMT ref: 0040C6EE
                                                                        • __fileno.LIBCMT ref: 0040C6FE
                                                                          • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                          • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID: __fileno$__decode_pointer__getptd_noexit__lock_file
                                                                        • String ID: 'B
                                                                        • API String ID: 2805327698-2787509829
                                                                        • Opcode ID: 0562b983a982954f07d72bd2f01eb344b0d1ff129a9d588568d63b7b4b77f5f9
                                                                        • Instruction ID: db056c5abb1484b678344f3d998e50672bc49cccd6cfe868de5707b4f3f6250f
                                                                        • Opcode Fuzzy Hash: 0562b983a982954f07d72bd2f01eb344b0d1ff129a9d588568d63b7b4b77f5f9
                                                                        • Instruction Fuzzy Hash: 1A01253231451096C261ABBE5CC246E76A0DE81734726877FF024BB1D2DB3C99429E9D
                                                                        Function 0954BF77 Relevance: 8.8, Strings: 7, Instructions: 88COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q
                                                                        • API String ID: 0-3435395042
                                                                        • Opcode ID: f2c88f1da0963043a3509099ce3f465537c1edfa01ba26cb483a5a4db0f270eb
                                                                        • Instruction ID: a1c7a4f325793cffcbbaf1b34d23409560a7bcbd3b98160b2c9516d95dba75b4
                                                                        • Opcode Fuzzy Hash: f2c88f1da0963043a3509099ce3f465537c1edfa01ba26cb483a5a4db0f270eb
                                                                        • Instruction Fuzzy Hash: A331FE30E0410A9FCF09EFA9E9945EDBBB2FFC4704B5045E9C049AB264DF356D4A8B91
                                                                        Function 0954BF88 Relevance: 8.8, Strings: 7, Instructions: 70COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2740121994.0000000009540000.00000040.00000800.00020000.00000000.sdmp, Offset: 09540000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_9540000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q
                                                                        • API String ID: 0-3435395042
                                                                        • Opcode ID: 7682c13c0850c4f911893d1f24820ff7276518b84df911819b9c740ca5bd0c0b
                                                                        • Instruction ID: 1504239ba7d1197bc93e27be84c7ba81ae737ac9e3350ed70019d6cb44f9eff2
                                                                        • Opcode Fuzzy Hash: 7682c13c0850c4f911893d1f24820ff7276518b84df911819b9c740ca5bd0c0b
                                                                        • Instruction Fuzzy Hash: 2621D130E4510A9FCF0DEFA5D9945EEBBB2FFC4704B5045A8C0496B264DF346D4A8B91
                                                                        Function 00414738 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • __getptd.LIBCMT ref: 00414744
                                                                          • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                          • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                        • __getptd.LIBCMT ref: 0041475B
                                                                        • __amsg_exit.LIBCMT ref: 00414769
                                                                        • __lock.LIBCMT ref: 00414779
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                        • String ID: @.B
                                                                        • API String ID: 3521780317-470711618
                                                                        • Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                        • Instruction ID: 91aff3cf2d6bbea4e2ea5d49e8e08bf0f41c3eb50374f8394f27d7b6c467aa53
                                                                        • Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                        • Instruction Fuzzy Hash: 60F09631A407009BE720BB66850678D73A06F81719F91456FE4646B2D1CB7C6981CA5D
                                                                        Function 00413FCC Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • __getptd.LIBCMT ref: 00413FD8
                                                                          • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                          • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                        • __amsg_exit.LIBCMT ref: 00413FF8
                                                                        • __lock.LIBCMT ref: 00414008
                                                                        • InterlockedDecrement.KERNEL32(?), ref: 00414025
                                                                        • InterlockedIncrement.KERNEL32(02811660), ref: 00414050
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                        • String ID:
                                                                        • API String ID: 4271482742-0
                                                                        • Opcode ID: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                        • Instruction ID: 77fb08d543caf33888dccec20a3998fa005b1348dfeb798e4aa279577202aa48
                                                                        • Opcode Fuzzy Hash: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                        • Instruction Fuzzy Hash: 9301A531A01621ABD724AF67990579E7B60AF48764F50442BE814B72D0C77C6DC2CBDD
                                                                        Function 0040FA58 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID: __calloc_crt
                                                                        • String ID: P$B$`$B
                                                                        • API String ID: 3494438863-235554963
                                                                        • Opcode ID: fdf4f6b62053dea64867d0c1085960dee66dbdb5e7cbac4bce55836661d1e8cf
                                                                        • Instruction ID: 4bdca0f49684ef71ac3198dcc3f656e5d5ce7fed137673697bf40858e87bd1f9
                                                                        • Opcode Fuzzy Hash: fdf4f6b62053dea64867d0c1085960dee66dbdb5e7cbac4bce55836661d1e8cf
                                                                        • Instruction Fuzzy Hash: 6011A3327446115BE7348B1DBD50F662391EB84728BA4423BE619EA7E0E77CD8864A4C
                                                                        Function 00413610 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetModuleHandleA.KERNEL32(KERNEL32,0040CDF5), ref: 00413615
                                                                        • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00413625
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID: AddressHandleModuleProc
                                                                        • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                        • API String ID: 1646373207-3105848591
                                                                        • Opcode ID: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                        • Instruction ID: 3bb3582238f4ecb0ba7b9e8fe578e45fdcf0af3c55e5dfe2a5e3893bc0ad87fb
                                                                        • Opcode Fuzzy Hash: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                        • Instruction Fuzzy Hash: 96F06230600A09E2DB105FA1ED1E2EFBB74BB80746F5101A19196B0194DF38D0B6825A
                                                                        Function 004146FA Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ___addlocaleref.LIBCMT ref: 0041470C
                                                                          • Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(00000001), ref: 004145E4
                                                                          • Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(?), ref: 004145F1
                                                                          • Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(?), ref: 004145FE
                                                                          • Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(?), ref: 0041460B
                                                                          • Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(?), ref: 00414618
                                                                          • Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(?), ref: 00414634
                                                                          • Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(?), ref: 00414644
                                                                          • Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(?), ref: 0041465A
                                                                        • ___removelocaleref.LIBCMT ref: 00414717
                                                                          • Part of subcall function 00414661: InterlockedDecrement.KERNEL32(?), ref: 0041467B
                                                                          • Part of subcall function 00414661: InterlockedDecrement.KERNEL32(?), ref: 00414688
                                                                          • Part of subcall function 00414661: InterlockedDecrement.KERNEL32(?), ref: 00414695
                                                                          • Part of subcall function 00414661: InterlockedDecrement.KERNEL32(?), ref: 004146A2
                                                                          • Part of subcall function 00414661: InterlockedDecrement.KERNEL32(?), ref: 004146AF
                                                                          • Part of subcall function 00414661: InterlockedDecrement.KERNEL32(?), ref: 004146CB
                                                                          • Part of subcall function 00414661: InterlockedDecrement.KERNEL32(00000000), ref: 004146DB
                                                                          • Part of subcall function 00414661: InterlockedDecrement.KERNEL32(?), ref: 004146F1
                                                                        • ___freetlocinfo.LIBCMT ref: 0041472B
                                                                          • Part of subcall function 00414489: ___free_lconv_mon.LIBCMT ref: 004144CF
                                                                          • Part of subcall function 00414489: ___free_lconv_num.LIBCMT ref: 004144F0
                                                                          • Part of subcall function 00414489: ___free_lc_time.LIBCMT ref: 00414575
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID: Interlocked$DecrementIncrement$___addlocaleref___free_lc_time___free_lconv_mon___free_lconv_num___freetlocinfo___removelocaleref
                                                                        • String ID: @.B
                                                                        • API String ID: 467427115-470711618
                                                                        • Opcode ID: 3857329619949c293296419ec2be8f51648e9d3bf58d3a63f1cc8ec60b1035b6
                                                                        • Instruction ID: 8e9b8205a585dc9325c25650a27042e0212317e7447dcce9b0fe23aa5a8dd77f
                                                                        • Opcode Fuzzy Hash: 3857329619949c293296419ec2be8f51648e9d3bf58d3a63f1cc8ec60b1035b6
                                                                        • Instruction Fuzzy Hash: BDE0863250192255CE35261D76806EF93A98FD3725B3A017FF864AF7D8EB2C4CC0809D
                                                                        Function 0040C748 Relevance: 6.1, APIs: 4, Instructions: 148COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • __fileno.LIBCMT ref: 0040C77C
                                                                        • __locking.LIBCMT ref: 0040C791
                                                                          • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                          • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID: __decode_pointer__fileno__getptd_noexit__locking
                                                                        • String ID:
                                                                        • API String ID: 2395185920-0
                                                                        • Opcode ID: 0afeae9b27a86c2abe0b3397de8921379debd9150d07dd18b85413c6fc1de43d
                                                                        • Instruction ID: 30055f4621fb528cea72007990449f1feb1a7f288d573051c200dc5e1a244c20
                                                                        • Opcode Fuzzy Hash: 0afeae9b27a86c2abe0b3397de8921379debd9150d07dd18b85413c6fc1de43d
                                                                        • Instruction Fuzzy Hash: CC51CF72E00209EBDB10AF69C9C0B59BBA1AF01355F14C27AD915B73D1D378AE41DB8D
                                                                        Function 00405D00 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID: _fseek_malloc_memset
                                                                        • String ID:
                                                                        • API String ID: 208892515-0
                                                                        • Opcode ID: e2021bf9677ac04d29097cd60d098293ca774abcf3d3e4afca42f73e68fb5c2d
                                                                        • Instruction ID: b5a371ba5f9a3ad1fa090fb1a89082137fe8d6c03bc5c52cd66242ccf2a60741
                                                                        • Opcode Fuzzy Hash: e2021bf9677ac04d29097cd60d098293ca774abcf3d3e4afca42f73e68fb5c2d
                                                                        • Instruction Fuzzy Hash: 3541A572600F018AD630972EE804B2772E5DF90364F140A3FE9E6E27D5E738E9458F89
                                                                        Function 0041529F Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004152D3
                                                                        • __isleadbyte_l.LIBCMT ref: 00415307
                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,00000083,?,?,00000000,?,?,?), ref: 00415338
                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,00000083,00000001,?,00000000,?,?,?), ref: 004153A6
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                        • String ID:
                                                                        • API String ID: 3058430110-0
                                                                        • Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                        • Instruction ID: 094900ada7e667e90e346a2540d450e67f5821ec0926a3c2ae07879bc245b0d1
                                                                        • Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                        • Instruction Fuzzy Hash: 1831A032A00649EFDB20DFA4C8809EE7BB5EF41350B1885AAE8659B291D374DD80DF59
                                                                        Function 004134DB Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2732907579.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2732885309.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732933421.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732954654.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732973406.0000000000426000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2732993326.0000000000A31000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2733157500.0000000000A32000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_NL Hybrid.jbxd
                                                                        Similarity
                                                                        • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                        • String ID:
                                                                        • API String ID: 3016257755-0
                                                                        • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                        • Instruction ID: bfd0e68975b3765f24e543ba70b005e9871d43ed2f52156b65e62ceec70126f9
                                                                        • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                        • Instruction Fuzzy Hash: DA117E7200014EBBCF125E85CC418EE3F27BF18755B58841AFE2858130D73BCAB2AB89