Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
JuIZye2xKX.exe

Overview

General Information

Sample name:JuIZye2xKX.exe
renamed because original name is a hash value
Original sample name:34fe14a66b789140c2d42bb2d1231092ab9bb7b5a6285610840d980a5bcd3d31.exe
Analysis ID:1588897
MD5:bac3a84a01a938c623024c8d5b45ecc0
SHA1:50c8cf4a479cb0afdd911ba0fd506b442d1706bc
SHA256:34fe14a66b789140c2d42bb2d1231092ab9bb7b5a6285610840d980a5bcd3d31
Tags:AgentTeslaexeuser-adrian__luca
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
AI detected suspicious sample
Injects a PE file into a foreign processes
Installs a global keyboard hook
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • JuIZye2xKX.exe (PID: 6460 cmdline: "C:\Users\user\Desktop\JuIZye2xKX.exe" MD5: BAC3A84A01A938C623024C8D5B45ECC0)
    • JuIZye2xKX.exe (PID: 4560 cmdline: "C:\Users\user\Desktop\JuIZye2xKX.exe" MD5: BAC3A84A01A938C623024C8D5B45ECC0)
    • JuIZye2xKX.exe (PID: 5812 cmdline: "C:\Users\user\Desktop\JuIZye2xKX.exe" MD5: BAC3A84A01A938C623024C8D5B45ECC0)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.alltoursegypt.com", "Username": "admin@alltoursegypt.com", "Password": "OPldome23#12klein"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.4585576605.000000000339C000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000004.00000002.4583658326.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000004.00000002.4583658326.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000004.00000002.4585576605.0000000003371000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000004.00000002.4585576605.0000000003371000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 9 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.JuIZye2xKX.exe.446caa8.2.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              0.2.JuIZye2xKX.exe.446caa8.2.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                0.2.JuIZye2xKX.exe.446caa8.2.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                • 0x330db:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                • 0x3314d:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                • 0x331d7:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                • 0x33269:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                • 0x332d3:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                • 0x33345:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                • 0x333db:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                • 0x3346b:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                0.2.JuIZye2xKX.exe.3914448.1.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  0.2.JuIZye2xKX.exe.3914448.1.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    Click to see the 18 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Suspicious Outbound SMTP Connections
                    Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 192.254.186.165, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\JuIZye2xKX.exe, Initiated: true, ProcessId: 5812, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49716

                    Suricata Signatures

                    No Suricata rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: JuIZye2xKX.exeAvira: detected
                    Found malware configuration
                    Source: 0.2.JuIZye2xKX.exe.3914448.1.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.alltoursegypt.com", "Username": "admin@alltoursegypt.com", "Password": "OPldome23#12klein"}
                    Multi AV Scanner detection for submitted file
                    Source: JuIZye2xKX.exeReversingLabs: Detection: 71%
                    Source: JuIZye2xKX.exeVirustotal: Detection: 74%Perma Link
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for sample
                    Source: JuIZye2xKX.exeJoe Sandbox ML: detected
                    Source: JuIZye2xKX.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.6:49713 version: TLS 1.2
                    Source: JuIZye2xKX.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: HucC.pdb source: JuIZye2xKX.exe
                    Source: Binary string: HucC.pdbSHA256 source: JuIZye2xKX.exe

                    Networking

                    barindex
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 0.2.JuIZye2xKX.exe.43ec088.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.JuIZye2xKX.exe.436b668.3.raw.unpack, type: UNPACKEDPE
                    Source: global trafficTCP traffic: 192.168.2.6:50319 -> 1.1.1.1:53
                    Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
                    Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
                    Source: Joe Sandbox ViewIP Address: 192.254.186.165 192.254.186.165
                    Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: api.ipify.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                    Source: global trafficDNS traffic detected: DNS query: mail.alltoursegypt.com
                    Source: JuIZye2xKX.exe, 00000004.00000002.4585576605.0000000003427000.00000004.00000800.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4585576605.000000000339C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://alltoursegypt.com
                    Source: JuIZye2xKX.exe, 00000004.00000002.4585576605.0000000003427000.00000004.00000800.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4585576605.000000000339C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.alltoursegypt.com
                    Source: JuIZye2xKX.exe, 00000004.00000002.4585576605.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4584452312.0000000001643000.00000004.00000020.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4589109989.0000000006B24000.00000004.00000020.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4585576605.0000000003427000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r10.i.lencr.org/01
                    Source: JuIZye2xKX.exe, 00000004.00000002.4585576605.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4584452312.0000000001643000.00000004.00000020.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4589109989.0000000006B24000.00000004.00000020.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4585576605.0000000003427000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r10.o.lencr.org0#
                    Source: JuIZye2xKX.exe, 00000000.00000002.2164922964.00000000028E1000.00000004.00000800.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4585576605.0000000003321000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: JuIZye2xKX.exe, 00000004.00000002.4585576605.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4584452312.0000000001643000.00000004.00000020.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4589109989.0000000006AE4000.00000004.00000020.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4585576605.0000000003427000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                    Source: JuIZye2xKX.exe, 00000004.00000002.4585576605.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4584452312.0000000001643000.00000004.00000020.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4589109989.0000000006AE4000.00000004.00000020.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4585576605.0000000003427000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                    Source: JuIZye2xKX.exe, 00000000.00000002.2165355921.00000000038E1000.00000004.00000800.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000000.00000002.2165355921.0000000004154000.00000004.00000800.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4583658326.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: JuIZye2xKX.exe, 00000000.00000002.2165355921.00000000038E1000.00000004.00000800.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000000.00000002.2165355921.0000000004154000.00000004.00000800.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4585576605.0000000003321000.00000004.00000800.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4583658326.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                    Source: JuIZye2xKX.exe, 00000004.00000002.4585576605.0000000003321000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                    Source: JuIZye2xKX.exe, 00000004.00000002.4585576605.0000000003321000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                    Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.6:49713 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Installs a global keyboard hook
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\JuIZye2xKX.exeJump to behavior

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 0.2.JuIZye2xKX.exe.446caa8.2.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.JuIZye2xKX.exe.3914448.1.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 4.2.JuIZye2xKX.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.JuIZye2xKX.exe.3914448.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.JuIZye2xKX.exe.43ec088.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.JuIZye2xKX.exe.446caa8.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.JuIZye2xKX.exe.436b668.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess Stats: CPU usage > 49%
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_00F43E280_2_00F43E28
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_00F4E1040_2_00F4E104
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_00F46F900_2_00F46F90
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071A65C00_2_071A65C0
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071AF4180_2_071AF418
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071AE3E80_2_071AE3E8
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071ADDF00_2_071ADDF0
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071A7CAA0_2_071A7CAA
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071A8B280_2_071A8B28
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071A77080_2_071A7708
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071AE7D00_2_071AE7D0
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071AE7E00_2_071AE7E0
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071A65210_2_071A6521
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071A654D0_2_071A654D
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071AF4080_2_071AF408
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071AE3D80_2_071AE3D8
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071AB2790_2_071AB279
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071A72710_2_071A7271
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071AE0980_2_071AE098
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071AB0990_2_071AB099
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071AB0A80_2_071AB0A8
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071AE0A80_2_071AE0A8
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071AAE180_2_071AAE18
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071AAE080_2_071AAE08
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071ADDE20_2_071ADDE2
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071AAC100_2_071AAC10
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071AAC010_2_071AAC01
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071AEB900_2_071AEB90
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071A8A100_2_071A8A10
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071A9A080_2_071A9A08
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071A5A600_2_071A5A60
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071A8ACA0_2_071A8ACA
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071A99F90_2_071A99F9
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_074C00400_2_074C0040
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_074CDAC80_2_074CDAC8
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_074C05E00_2_074C05E0
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_074C05F00_2_074C05F0
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_074C35B00_2_074C35B0
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_074C74A80_2_074C74A8
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_074C91200_2_074C9120
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_074C00060_2_074C0006
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_074C7D070_2_074C7D07
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_074C99F80_2_074C99F8
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_074C78E00_2_074C78E0
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_07A174480_2_07A17448
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_07A174580_2_07A17458
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_07A17A080_2_07A17A08
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 4_2_01944A984_2_01944A98
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 4_2_01943E804_2_01943E80
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 4_2_019441C84_2_019441C8
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 4_2_0194F9C84_2_0194F9C8
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 4_2_0194A9784_2_0194A978
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 4_2_06CF46D84_2_06CF46D8
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 4_2_06CF36904_2_06CF3690
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 4_2_06CF5E684_2_06CF5E68
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 4_2_06CFA2604_2_06CFA260
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 4_2_06CF93134_2_06CF9313
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 4_2_06CFE1F94_2_06CFE1F9
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 4_2_06CF11484_2_06CF1148
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 4_2_06CF57884_2_06CF5788
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 4_2_06CFC4A04_2_06CFC4A0
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 4_2_06CF3DCF4_2_06CF3DCF
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 4_2_06CF03284_2_06CF0328
                    Source: JuIZye2xKX.exe, 00000000.00000002.2164922964.0000000002B3D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename106790a0-b81d-4bde-9832-48ebd9bb7fec.exe4 vs JuIZye2xKX.exe
                    Source: JuIZye2xKX.exe, 00000000.00000002.2168517745.0000000007140000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs JuIZye2xKX.exe
                    Source: JuIZye2xKX.exe, 00000000.00000002.2165355921.00000000038E1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename106790a0-b81d-4bde-9832-48ebd9bb7fec.exe4 vs JuIZye2xKX.exe
                    Source: JuIZye2xKX.exe, 00000000.00000002.2165355921.00000000038E1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs JuIZye2xKX.exe
                    Source: JuIZye2xKX.exe, 00000000.00000002.2168989696.0000000008D60000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs JuIZye2xKX.exe
                    Source: JuIZye2xKX.exe, 00000000.00000000.2130498618.00000000004E2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameHucC.exe: vs JuIZye2xKX.exe
                    Source: JuIZye2xKX.exe, 00000000.00000002.2163692135.00000000009CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs JuIZye2xKX.exe
                    Source: JuIZye2xKX.exe, 00000000.00000002.2165355921.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs JuIZye2xKX.exe
                    Source: JuIZye2xKX.exe, 00000000.00000002.2165355921.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename106790a0-b81d-4bde-9832-48ebd9bb7fec.exe4 vs JuIZye2xKX.exe
                    Source: JuIZye2xKX.exe, 00000004.00000002.4583868355.00000000012F9000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs JuIZye2xKX.exe
                    Source: JuIZye2xKX.exe, 00000004.00000002.4583658326.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilename106790a0-b81d-4bde-9832-48ebd9bb7fec.exe4 vs JuIZye2xKX.exe
                    Source: JuIZye2xKX.exeBinary or memory string: OriginalFilenameHucC.exe: vs JuIZye2xKX.exe
                    Source: JuIZye2xKX.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 0.2.JuIZye2xKX.exe.446caa8.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.JuIZye2xKX.exe.3914448.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 4.2.JuIZye2xKX.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.JuIZye2xKX.exe.3914448.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.JuIZye2xKX.exe.43ec088.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.JuIZye2xKX.exe.446caa8.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.JuIZye2xKX.exe.436b668.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: JuIZye2xKX.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/1@2/2
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\JuIZye2xKX.exe.logJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeMutant created: NULL
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net data provider for sqlserver
                    Source: JuIZye2xKX.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: JuIZye2xKX.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: JuIZye2xKX.exeReversingLabs: Detection: 71%
                    Source: JuIZye2xKX.exeVirustotal: Detection: 74%
                    Source: unknownProcess created: C:\Users\user\Desktop\JuIZye2xKX.exe "C:\Users\user\Desktop\JuIZye2xKX.exe"
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess created: C:\Users\user\Desktop\JuIZye2xKX.exe "C:\Users\user\Desktop\JuIZye2xKX.exe"
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess created: C:\Users\user\Desktop\JuIZye2xKX.exe "C:\Users\user\Desktop\JuIZye2xKX.exe"
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess created: C:\Users\user\Desktop\JuIZye2xKX.exe "C:\Users\user\Desktop\JuIZye2xKX.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess created: C:\Users\user\Desktop\JuIZye2xKX.exe "C:\Users\user\Desktop\JuIZye2xKX.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: JuIZye2xKX.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: JuIZye2xKX.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: JuIZye2xKX.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: Binary string: HucC.pdb source: JuIZye2xKX.exe
                    Source: Binary string: HucC.pdbSHA256 source: JuIZye2xKX.exe
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071AD5EA push esi; ret 0_2_071AD5ED
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071AED66 push ecx; retf 0_2_071AED67
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_071ADDE0 push eax; retf 0_2_071ADDE1
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_07A14F7B pushad ; iretd 0_2_07A14F81
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_07A1BA98 push esp; iretd 0_2_07A1BAA5
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_07A148E0 pushad ; retf 0_2_07A148E1
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 0_2_07A14848 push eax; retf 0_2_07A14849
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 4_2_01940C53 push ebx; retf 4_2_01940C52
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 4_2_01940C45 push ebx; retf 4_2_01940C52
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeCode function: 4_2_06CFABF9 push ecx; iretd 4_2_06CFAC00
                    Source: JuIZye2xKX.exeStatic PE information: section name: .text entropy: 7.634479443830731
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: JuIZye2xKX.exe PID: 6460, type: MEMORYSTR
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeMemory allocated: F40000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeMemory allocated: 28E0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeMemory allocated: 48E0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeMemory allocated: 9260000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeMemory allocated: A260000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeMemory allocated: A490000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeMemory allocated: B490000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeMemory allocated: B8E0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeMemory allocated: C8E0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeMemory allocated: D8E0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeMemory allocated: 1550000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeMemory allocated: 3320000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeMemory allocated: 18A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 240000Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 239875Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 239765Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 239656Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 239547Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 239437Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 239325Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 239219Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 239094Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 238968Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 238859Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 238750Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 238605Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 238495Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 238375Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 238214Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 238094Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 237984Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 237875Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 237766Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 237656Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 237547Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 237438Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 237313Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 237188Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 237078Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 236969Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 236855Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeWindow / User API: threadDelayed 1973Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeWindow / User API: threadDelayed 3503Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeWindow / User API: threadDelayed 7646Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeWindow / User API: threadDelayed 2142Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 6140Thread sleep time: -22136092888451448s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 6140Thread sleep time: -240000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 6140Thread sleep time: -239875s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 6140Thread sleep time: -239765s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 6140Thread sleep time: -239656s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 6140Thread sleep time: -239547s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 6140Thread sleep time: -239437s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 6140Thread sleep time: -239325s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 6140Thread sleep time: -239219s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 6140Thread sleep time: -239094s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 6140Thread sleep time: -238968s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 6140Thread sleep time: -238859s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 6140Thread sleep time: -238750s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 6140Thread sleep time: -238605s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 6140Thread sleep time: -238495s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 6140Thread sleep time: -238375s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 6140Thread sleep time: -238214s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 6140Thread sleep time: -238094s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 6140Thread sleep time: -237984s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 6140Thread sleep time: -237875s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 6140Thread sleep time: -237766s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 6140Thread sleep time: -237656s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 6140Thread sleep time: -237547s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 6140Thread sleep time: -237438s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 6140Thread sleep time: -237313s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 6140Thread sleep time: -237188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 6140Thread sleep time: -237078s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 6140Thread sleep time: -236969s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 6140Thread sleep time: -236855s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 3392Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep count: 38 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -35048813740048126s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 4856Thread sleep count: 7646 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -99891s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 4856Thread sleep count: 2142 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -99781s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -99672s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -99563s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -99438s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -99313s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -99188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -99078s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -98969s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -98844s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -98735s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -98610s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -98485s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -98360s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -98235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -98122s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -98000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -97852s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -97693s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -97563s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -97453s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -97344s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -97219s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -97095s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -96969s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -96860s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -96735s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -96610s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -96485s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -96360s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -96235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -96110s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -99953s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -99843s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -99722s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -99593s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -99484s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -99371s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -99250s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -99140s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -98869s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -98734s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -98622s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -98500s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -98388s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -98265s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -98156s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -98046s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -97937s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -97827s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exe TID: 2536Thread sleep time: -97718s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 240000Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 239875Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 239765Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 239656Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 239547Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 239437Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 239325Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 239219Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 239094Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 238968Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 238859Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 238750Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 238605Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 238495Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 238375Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 238214Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 238094Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 237984Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 237875Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 237766Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 237656Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 237547Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 237438Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 237313Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 237188Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 237078Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 236969Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 236855Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 99891Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 99781Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 99672Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 99563Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 99438Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 99313Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 99188Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 99078Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 98969Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 98844Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 98735Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 98610Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 98485Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 98360Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 98235Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 98122Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 98000Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 97852Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 97693Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 97563Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 97453Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 97344Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 97219Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 97095Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 96969Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 96860Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 96735Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 96610Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 96485Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 96360Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 96235Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 96110Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 99953Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 99843Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 99722Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 99593Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 99484Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 99371Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 99250Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 99140Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 98869Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 98734Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 98622Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 98500Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 98388Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 98265Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 98156Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 98046Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 97937Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 97827Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeThread delayed: delay time: 97718Jump to behavior
                    Source: JuIZye2xKX.exe, 00000004.00000002.4584452312.0000000001643000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeMemory written: C:\Users\user\Desktop\JuIZye2xKX.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess created: C:\Users\user\Desktop\JuIZye2xKX.exe "C:\Users\user\Desktop\JuIZye2xKX.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeProcess created: C:\Users\user\Desktop\JuIZye2xKX.exe "C:\Users\user\Desktop\JuIZye2xKX.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeQueries volume information: C:\Users\user\Desktop\JuIZye2xKX.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeQueries volume information: C:\Users\user\Desktop\JuIZye2xKX.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 0.2.JuIZye2xKX.exe.446caa8.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.JuIZye2xKX.exe.3914448.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.JuIZye2xKX.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.JuIZye2xKX.exe.3914448.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.JuIZye2xKX.exe.43ec088.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.JuIZye2xKX.exe.446caa8.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.JuIZye2xKX.exe.436b668.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000004.00000002.4585576605.000000000339C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.4583658326.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.4585576605.0000000003371000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2165355921.00000000038E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2165355921.0000000004154000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: JuIZye2xKX.exe PID: 6460, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: JuIZye2xKX.exe PID: 5812, type: MEMORYSTR
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\Desktop\JuIZye2xKX.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: Yara matchFile source: 0.2.JuIZye2xKX.exe.446caa8.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.JuIZye2xKX.exe.3914448.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.JuIZye2xKX.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.JuIZye2xKX.exe.3914448.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.JuIZye2xKX.exe.43ec088.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.JuIZye2xKX.exe.446caa8.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.JuIZye2xKX.exe.436b668.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000004.00000002.4583658326.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.4585576605.0000000003371000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2165355921.00000000038E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2165355921.0000000004154000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: JuIZye2xKX.exe PID: 6460, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: JuIZye2xKX.exe PID: 5812, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 0.2.JuIZye2xKX.exe.446caa8.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.JuIZye2xKX.exe.3914448.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.JuIZye2xKX.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.JuIZye2xKX.exe.3914448.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.JuIZye2xKX.exe.43ec088.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.JuIZye2xKX.exe.446caa8.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.JuIZye2xKX.exe.436b668.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000004.00000002.4585576605.000000000339C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.4583658326.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.4585576605.0000000003371000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2165355921.00000000038E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2165355921.0000000004154000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: JuIZye2xKX.exe PID: 6460, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: JuIZye2xKX.exe PID: 5812, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		111
                    Process Injection                    		1
                    Masquerading                    		2
                    OS Credential Dumping                    		1
                    Query Registry                    		Remote Services1
                    Email Collection                    		11
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		11
                    Input Capture                    		111
                    Security Software Discovery                    		Remote Desktop Protocol11
                    Input Capture                    		1
                    Ingress Tool Transfer                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)141
                    Virtualization/Sandbox Evasion                    		1
                    Credentials in Registry                    		1
                    Process Discovery                    		SMB/Windows Admin Shares1
                    Archive Collected Data                    		2
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
                    Process Injection                    		NTDS141
                    Virtualization/Sandbox Evasion                    		Distributed Component Object Model2
                    Data from Local System                    		13
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
                    Obfuscated Files or Information                    		LSA Secrets1
                    Application Window Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                    Software Packing                    		Cached Domain Credentials1
                    System Network Configuration Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    DLL Side-Loading                    		DCSync1
                    File and Directory Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem24
                    System Information Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    JuIZye2xKX.exe71%ReversingLabsByteCode-MSIL.Trojan.InfostealerTesla
                    JuIZye2xKX.exe75%VirustotalBrowse
                    JuIZye2xKX.exe100%AviraHEUR/AGEN.1362915
                    JuIZye2xKX.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://alltoursegypt.com0%Avira URL Cloudsafe
                    http://mail.alltoursegypt.com0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    api.ipify.org
                    		172.67.74.152
                    		truefalse
                      		high
                      alltoursegypt.com
                      		192.254.186.165
                      		truetrue
                        		unknown
                        mail.alltoursegypt.com
                        		unknown
                        		unknowntrue
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://api.ipify.org/false
                            		high

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://mail.alltoursegypt.comJuIZye2xKX.exe, 00000004.00000002.4585576605.0000000003427000.00000004.00000800.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4585576605.000000000339C000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://api.ipify.orgJuIZye2xKX.exe, 00000000.00000002.2165355921.00000000038E1000.00000004.00000800.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000000.00000002.2165355921.0000000004154000.00000004.00000800.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4585576605.0000000003321000.00000004.00000800.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4583658326.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                              		high
                              http://r10.o.lencr.org0#JuIZye2xKX.exe, 00000004.00000002.4585576605.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4584452312.0000000001643000.00000004.00000020.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4589109989.0000000006B24000.00000004.00000020.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4585576605.0000000003427000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://r10.i.lencr.org/01JuIZye2xKX.exe, 00000004.00000002.4585576605.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4584452312.0000000001643000.00000004.00000020.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4589109989.0000000006B24000.00000004.00000020.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4585576605.0000000003427000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://account.dyn.com/JuIZye2xKX.exe, 00000000.00000002.2165355921.00000000038E1000.00000004.00000800.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000000.00000002.2165355921.0000000004154000.00000004.00000800.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4583658326.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                    		high
                                    https://api.ipify.org/tJuIZye2xKX.exe, 00000004.00000002.4585576605.0000000003321000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameJuIZye2xKX.exe, 00000000.00000002.2164922964.00000000028E1000.00000004.00000800.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4585576605.0000000003321000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://x1.c.lencr.org/0JuIZye2xKX.exe, 00000004.00000002.4585576605.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4584452312.0000000001643000.00000004.00000020.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4589109989.0000000006AE4000.00000004.00000020.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4585576605.0000000003427000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://x1.i.lencr.org/0JuIZye2xKX.exe, 00000004.00000002.4585576605.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4584452312.0000000001643000.00000004.00000020.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4589109989.0000000006AE4000.00000004.00000020.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4585576605.0000000003427000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://alltoursegypt.comJuIZye2xKX.exe, 00000004.00000002.4585576605.0000000003427000.00000004.00000800.00020000.00000000.sdmp, JuIZye2xKX.exe, 00000004.00000002.4585576605.000000000339C000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown

                                            World Map of Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public IPs

                                            IPDomainCountryFlagASNASN NameMalicious
                                            172.67.74.152
                                            		api.ipify.orgUnited States
                                            		13335CLOUDFLARENETUSfalse
                                            192.254.186.165
                                            		alltoursegypt.comUnited States
                                            		46606UNIFIEDLAYER-AS-1UStrue

                                            General Information

                                            Joe Sandbox version:42.0.0 Malachite
                                            Analysis ID:1588897
                                            Start date and time:2025-01-11 06:52:42 +01:00
                                            Joe Sandbox product:CloudBasic
                                            Overall analysis duration:0h 7m 20s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Cookbook file name:default.jbs
                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                            Number of analysed new started processes analysed:7
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:0
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Sample name:JuIZye2xKX.exe
                                            renamed because original name is a hash value
                                            Original Sample Name:34fe14a66b789140c2d42bb2d1231092ab9bb7b5a6285610840d980a5bcd3d31.exe
                                            Detection:MAL
                                            Classification:mal100.troj.spyw.evad.winEXE@5/1@2/2
                                            EGA Information:
                                            • Successful, ratio: 100%
                                            HCA Information:
                                            • Successful, ratio: 100%
                                            • Number of executed functions: 242
                                            • Number of non-executed functions: 28
                                            Cookbook Comments:
                                            • Found application associated with file extension: .exe
                                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                                            Warnings

                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                            • Excluded IPs from analysis (whitelisted): 184.28.90.27, 13.107.246.45, 20.12.23.50
                                            • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                            • Report size getting too big, too many NtReadVirtualMemory calls found.

                                            Simulations

                                            Behavior and APIs

                                            TimeTypeDescription
                                            00:53:34API Interceptor11640241x Sleep call for process: JuIZye2xKX.exe modified

                                            Joe Sandbox View / Context

                                            IPs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            172.67.74.152jgbC220X2U.exeGet hashmaliciousUnknownBrowse
                                            • api.ipify.org/?format=text
                                            malware.exeGet hashmaliciousTargeted Ransomware, TrojanRansomBrowse
                                            • api.ipify.org/
                                            Simple1.exeGet hashmaliciousUnknownBrowse
                                            • api.ipify.org/
                                            Simple2.exeGet hashmaliciousUnknownBrowse
                                            • api.ipify.org/
                                            systemConfigChecker.exeGet hashmaliciousUnknownBrowse
                                            • api.ipify.org/
                                            systemConfigChecker.exeGet hashmaliciousUnknownBrowse
                                            • api.ipify.org/
                                            2b7cu0KwZl.exeGet hashmaliciousUnknownBrowse
                                            • api.ipify.org/
                                            Zc9eO57fgF.elfGet hashmaliciousUnknownBrowse
                                            • api.ipify.org/
                                            67065b4c84713_Javiles.exeGet hashmaliciousRDPWrap ToolBrowse
                                            • api.ipify.org/
                                            Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                                            • api.ipify.org/
                                            192.254.186.165ru52XOQ1p7.exeGet hashmaliciousAgentTeslaBrowse
                                              Y8Q1voljvb.exeGet hashmaliciousAgentTeslaBrowse
                                                EZZGTmJj4O.exeGet hashmaliciousAgentTeslaBrowse
                                                  4089137200.exeGet hashmaliciousAgentTeslaBrowse
                                                    rDOC24INV0616.exeGet hashmaliciousAgentTeslaBrowse
                                                      INVOICE NO. USF23-24072 IGR23110.exeGet hashmaliciousAgentTeslaBrowse
                                                        Shipping Documents 72908672134.exeGet hashmaliciousAgentTeslaBrowse
                                                          PUK ITALIA PO 120610549.EXE.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse

                                                            Domains

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            api.ipify.orgZeAX5i7cGB.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                            • 104.26.13.205
                                                            jKqPSehspS.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 104.26.12.205
                                                            A6AHI7Uk18.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 172.67.74.152
                                                            Wru9ycO2MJ.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 104.26.13.205
                                                            iNFGd6bDZX.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 104.26.12.205
                                                            MyzWeEOlqb.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 104.26.12.205
                                                            5hD3Yjf7xD.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 172.67.74.152
                                                            ukBQ4ch2nE.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 104.26.13.205
                                                            ru52XOQ1p7.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 172.67.74.152
                                                            xJZHVgxQul.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 104.26.12.205

                                                            ASNs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            UNIFIEDLAYER-AS-1US4LbgdNQgna.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 162.241.62.63
                                                            toIuQILmr1.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 162.241.62.63
                                                            LfZAz7DQzo.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 162.241.62.63
                                                            zdmZjYqz44.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 108.179.234.136
                                                            ZeAX5i7cGB.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                            • 50.87.139.143
                                                            iNFGd6bDZX.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 192.254.225.136
                                                            RHOqJ5BrHW.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 162.241.62.63
                                                            ru52XOQ1p7.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 192.254.186.165
                                                            28uMwHvbTD.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 162.241.62.63
                                                            https://atpscan.global.hornetsecurity.com/?d=W3rdHn1Og9hhUJnVJzqWF36wMmxswAZldvtx3E21ybg&f=v8m9AqGfgV2Ri7cjqmfsuyl2V2Mu_lVW0BRsqcFw4upagWAQ1C-MqANvN6gf4zNV&i=&k=xREg&m=b_ORYMkPffImCXbCPli-aiR7Ga6rGe55sar2xtigCL4MrowDPSzt7ABKETTGxzegakAfoZ57KD02aVix8V8TVmZ2VcxzjeybXYrPiS2SB73LCKYktj5jv2aw6VcPRslz&n=s4crRkyHC4bab6S3yrgn1E3n-VmdqgfSqNiaCJyPrf6hnyL_SE4PHEo5SUcwwsFGV6rnB35iQFM5FLsE91obvZ0HTAEiqHnB8ROLzY5JVgg&r=oMs_cp4DXIjeQhcPWsPLyR3_oxBVUN4Iok_tSVE4DNNtzqeot7ZzvdXkh4vatwpC&s=bd82eb507a358fd35f72f18b86e67f3bfc1ce64bbeab0c01d700897b1b678efb&u=https%3A%2F%2Fe.trustifi.com%2F%23%2Ffff2af%2F32054d%2F67960f%2Fee6fed%2F5d1d11%2F46c760%2Ff79190%2Fc5ec40%2Fe8666a%2Fef542d%2F85972d%2F627493%2F9a11d6%2F1f4096%2F1d247f%2F818e78%2Fc53383%2Fd59aa0%2Fedfa57%2F7914c7%2Fc38cf6%2Ff74f56%2Ff45915%2F39dbbd%2Ff48710%2F1ddf22%2F37d5f2%2F9de9f7%2F96109e%2F882355%2F854b66%2F9d606d%2F2d0447%2Fad3b01%2F637d1c%2F3c0f2b%2F606f48%2Fa6d904%2F8fefe3%2F00a4bb%2F6520c6%2F9b795c%2Fb7de1a%2Fb5dde6%2F3f5692%2F997c7d%2Fc00925%2F782cce%2F511459%2Fab5aa8%2F91722a%2Feec933%2F3f4f91%2F894088%2F43adfa%2Fb78195%2F0407d0%2F56f022%2Fddf20e%2F946567%2Faa271a%2F507b7a%2Faccd06%2F50d63c%2F485c4b%2F07ced8%2Fd0ec21%2F260ce6%2Fb5edbb%2F79a81e%2F1fd160%2Ff4da41%2F7073e0%2F8a5e9a%2Fdac829%2F521e52%2Fa1a847%2F13ea63%2Fabb5a3%2Fe1901e%2Fd876f6%2F7b0bf4%2Fbd19df%2F89bdcd%2F1874d8%2F0fb7f3%2F72f438%2Fa098c5%2F4e2214%2F4b6e54%2F0c4a8fGet hashmaliciousHTMLPhisherBrowse
                                                            • 162.241.149.91
                                                            CLOUDFLARENETUSty1nyFUMlo.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            • 104.21.32.1
                                                            962Zrwh5bU.exeGet hashmaliciousAzorultBrowse
                                                            • 104.21.75.48
                                                            sS7Jrsk0Z7.exeGet hashmaliciousDarkTortilla, Snake Keylogger, VIP KeyloggerBrowse
                                                            • 104.21.64.1
                                                            3qr7JBuNuX.exeGet hashmaliciousMassLogger RATBrowse
                                                            • 104.21.16.1
                                                            lkETeneRL3.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            • 104.21.112.1
                                                            5qJ6QQTcRS.exeGet hashmaliciousDarkTortilla, Snake Keylogger, VIP KeyloggerBrowse
                                                            • 104.21.112.1
                                                            https://mrohailkhan.com/energyaustralia/auth/auhs1/Get hashmaliciousUnknownBrowse
                                                            • 172.64.155.59
                                                            3.elfGet hashmaliciousUnknownBrowse
                                                            • 1.1.1.1
                                                            prgNb8YFEA.exeGet hashmaliciousSnake KeyloggerBrowse
                                                            • 104.21.112.1
                                                            wSoShbuXnJ.exeGet hashmaliciousFormBookBrowse
                                                            • 104.21.86.111

                                                            JA3 Fingerprints

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            3b5074b1b5d032e5620f69f9f700ff0ety1nyFUMlo.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            • 172.67.74.152
                                                            sS7Jrsk0Z7.exeGet hashmaliciousDarkTortilla, Snake Keylogger, VIP KeyloggerBrowse
                                                            • 172.67.74.152
                                                            lkETeneRL3.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            • 172.67.74.152
                                                            5qJ6QQTcRS.exeGet hashmaliciousDarkTortilla, Snake Keylogger, VIP KeyloggerBrowse
                                                            • 172.67.74.152
                                                            ZFCKpFXpzx.exeGet hashmaliciousUnknownBrowse
                                                            • 172.67.74.152
                                                            ZFCKpFXpzx.exeGet hashmaliciousUnknownBrowse
                                                            • 172.67.74.152
                                                            ZeAX5i7cGB.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                            • 172.67.74.152
                                                            jKqPSehspS.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 172.67.74.152
                                                            A6AHI7Uk18.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 172.67.74.152
                                                            Wru9ycO2MJ.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 172.67.74.152

                                                            Dropped Files

                                                            No context

                                                            Created / dropped Files

                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\JuIZye2xKX.exe.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\JuIZye2xKX.exe
                                                            File Type:ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):1415
                                                            Entropy (8bit):5.352427679901606
                                                            Encrypted:false
                                                            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPE4KMRaKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPHKMRatHo6hAH4
                                                            MD5:97AD91F1C1F572C945DA12233082171D
                                                            SHA1:D5E33DDAB37E32E416FC40419FB26B3C0563519D
                                                            SHA-256:3F64591E0447E6F5034BC69A8A8D4C7ED36DAC5FE1E408401AE1B98F0D915F7E
                                                            SHA-512:8FAEED342DADC17571F711DDC1BE67C79A51CA5BD56B5DA13E472ED45FC4EC6F1DC704BA92E81E97F5ECFD73F3D88F9B9CD9AE4EADDF993BFF826627215FBBCE
                                                            Malicious:true
                                                            Reputation:moderate, very likely benign file
                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\1b8c564fd69668e6e62d136259980d9e\System.Data.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fc

                                                            Static File Info

                                                            General

                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Entropy (8bit):7.6270786173558935
                                                            TrID:
                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                            • Win32 Executable (generic) a (10002005/4) 49.78%
                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                            • DOS Executable Generic (2002/1) 0.01%
                                                            File name:JuIZye2xKX.exe
                                                            File size:876'544 bytes
                                                            MD5:bac3a84a01a938c623024c8d5b45ecc0
                                                            SHA1:50c8cf4a479cb0afdd911ba0fd506b442d1706bc
                                                            SHA256:34fe14a66b789140c2d42bb2d1231092ab9bb7b5a6285610840d980a5bcd3d31
                                                            SHA512:76d1de4c8f48e5f1b34995bb2f1c60119bafcc856a532afa291db85f9955b0172d37e2fe34ade7d83027a8d70114a2f92523e30c78e29aa4ed433285119feceb
                                                            SSDEEP:12288:NOs8A6/zwgNhpUgzuwlsxTTo+16jUXbR+6MPku+l0CPPz:EzwEpUgzuwluTtmGFYPd+p
                                                            TLSH:EE15CFC0373AB311CE7CA6708936EDB813652E786010F9E66DDD27D7759DB12AA08F06
                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c.ag..............0..T..........fs... ........@.. ....................................@................................

                                                            File Icon

                                                            Icon Hash:00928e8e8686b000

                                                            Static PE Info

                                                            General

                                                            Entrypoint:0x4d7366
                                                            Entrypoint Section:.text
                                                            Digitally signed:false
                                                            Imagebase:0x400000
                                                            Subsystem:windows gui
                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                            Time Stamp:0x67611163 [Tue Dec 17 05:51:31 2024 UTC]
                                                            TLS Callbacks:
                                                            CLR (.Net) Version:
                                                            OS Version Major:4
                                                            OS Version Minor:0
                                                            File Version Major:4
                                                            File Version Minor:0
                                                            Subsystem Version Major:4
                                                            Subsystem Version Minor:0
                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                            Entrypoint Preview

                                                            Instruction
                                                            jmp dword ptr [00402000h]
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al

                                                            Data Directories

                                                            NameVirtual AddressVirtual Size Is in Section
                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xd73140x4f.text
                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xd80000x608.rsrc
                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xda0000xc.reloc
                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0xd50840x54.text
                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                            Sections

                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                            .text0x20000xd536c0xd5400906e27ecda270ece03ac85bf5d23f87cFalse0.7956969427754983data7.634479443830731IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                            .rsrc0xd80000x6080x800b93304a25e4f676a06615523c5b5ed8bFalse0.33642578125data3.4176239455487845IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                            .reloc0xda0000xc0x200a94c953fef8cdb7b9897911a0f3433c1False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                            Resources

                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                            RT_VERSION0xd80900x378data0.4313063063063063
                                                            RT_MANIFEST0xd84180x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                            Imports

                                                            DLLImport
                                                            mscoree.dll_CorExeMain

                                                            Network Behavior

                                                            Network Port Distribution

                                                            TCP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Jan 11, 2025 06:53:38.741225004 CET49713443192.168.2.6172.67.74.152
                                                            Jan 11, 2025 06:53:38.741266966 CET44349713172.67.74.152192.168.2.6
                                                            Jan 11, 2025 06:53:38.741369009 CET49713443192.168.2.6172.67.74.152
                                                            Jan 11, 2025 06:53:38.748054028 CET49713443192.168.2.6172.67.74.152
                                                            Jan 11, 2025 06:53:38.748068094 CET44349713172.67.74.152192.168.2.6
                                                            Jan 11, 2025 06:53:39.210897923 CET44349713172.67.74.152192.168.2.6
                                                            Jan 11, 2025 06:53:39.211028099 CET49713443192.168.2.6172.67.74.152
                                                            Jan 11, 2025 06:53:39.214402914 CET49713443192.168.2.6172.67.74.152
                                                            Jan 11, 2025 06:53:39.214415073 CET44349713172.67.74.152192.168.2.6
                                                            Jan 11, 2025 06:53:39.214660883 CET44349713172.67.74.152192.168.2.6
                                                            Jan 11, 2025 06:53:39.255016088 CET49713443192.168.2.6172.67.74.152
                                                            Jan 11, 2025 06:53:39.269789934 CET49713443192.168.2.6172.67.74.152
                                                            Jan 11, 2025 06:53:39.311323881 CET44349713172.67.74.152192.168.2.6
                                                            Jan 11, 2025 06:53:39.377876997 CET44349713172.67.74.152192.168.2.6
                                                            Jan 11, 2025 06:53:39.377937078 CET44349713172.67.74.152192.168.2.6
                                                            Jan 11, 2025 06:53:39.377986908 CET49713443192.168.2.6172.67.74.152
                                                            Jan 11, 2025 06:53:39.398833036 CET49713443192.168.2.6172.67.74.152
                                                            Jan 11, 2025 06:53:40.797498941 CET49716587192.168.2.6192.254.186.165
                                                            Jan 11, 2025 06:53:40.802587032 CET58749716192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:40.802670956 CET49716587192.168.2.6192.254.186.165
                                                            Jan 11, 2025 06:53:41.472368956 CET58749716192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:41.472559929 CET49716587192.168.2.6192.254.186.165
                                                            Jan 11, 2025 06:53:41.477497101 CET58749716192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:41.622828007 CET58749716192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:41.622994900 CET49716587192.168.2.6192.254.186.165
                                                            Jan 11, 2025 06:53:41.627885103 CET58749716192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:41.774992943 CET58749716192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:41.775480986 CET49716587192.168.2.6192.254.186.165
                                                            Jan 11, 2025 06:53:41.780544043 CET58749716192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:41.940788984 CET58749716192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:41.940814972 CET58749716192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:41.940834999 CET58749716192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:41.940968990 CET49716587192.168.2.6192.254.186.165
                                                            Jan 11, 2025 06:53:41.958138943 CET49716587192.168.2.6192.254.186.165
                                                            Jan 11, 2025 06:53:41.963032961 CET58749716192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:42.108383894 CET58749716192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:42.111510038 CET49716587192.168.2.6192.254.186.165
                                                            Jan 11, 2025 06:53:42.116482973 CET58749716192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:42.261725903 CET58749716192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:42.263112068 CET49716587192.168.2.6192.254.186.165
                                                            Jan 11, 2025 06:53:42.268064022 CET58749716192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:42.413599014 CET58749716192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:42.417150974 CET49716587192.168.2.6192.254.186.165
                                                            Jan 11, 2025 06:53:42.422125101 CET58749716192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:44.103688955 CET58749716192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:44.103950024 CET49716587192.168.2.6192.254.186.165
                                                            Jan 11, 2025 06:53:44.108850002 CET58749716192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:44.253784895 CET58749716192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:44.255131960 CET58749716192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:44.255211115 CET49716587192.168.2.6192.254.186.165
                                                            Jan 11, 2025 06:53:44.261236906 CET49716587192.168.2.6192.254.186.165
                                                            Jan 11, 2025 06:53:44.266074896 CET58749716192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:44.328846931 CET49738587192.168.2.6192.254.186.165
                                                            Jan 11, 2025 06:53:44.333863020 CET58749738192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:44.333955050 CET49738587192.168.2.6192.254.186.165
                                                            Jan 11, 2025 06:53:44.907860041 CET58749738192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:44.908004999 CET49738587192.168.2.6192.254.186.165
                                                            Jan 11, 2025 06:53:44.912880898 CET58749738192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:45.056830883 CET58749738192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:45.056978941 CET49738587192.168.2.6192.254.186.165
                                                            Jan 11, 2025 06:53:45.061767101 CET58749738192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:45.208250046 CET58749738192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:45.227715015 CET49738587192.168.2.6192.254.186.165
                                                            Jan 11, 2025 06:53:45.232578039 CET58749738192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:45.395036936 CET58749738192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:45.395059109 CET58749738192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:45.395075083 CET58749738192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:45.395092010 CET58749738192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:45.395184040 CET49738587192.168.2.6192.254.186.165
                                                            Jan 11, 2025 06:53:45.395234108 CET49738587192.168.2.6192.254.186.165
                                                            Jan 11, 2025 06:53:45.419533968 CET49738587192.168.2.6192.254.186.165
                                                            Jan 11, 2025 06:53:45.424493074 CET58749738192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:45.568799019 CET58749738192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:45.571634054 CET49738587192.168.2.6192.254.186.165
                                                            Jan 11, 2025 06:53:45.576456070 CET58749738192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:45.720395088 CET58749738192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:45.720693111 CET49738587192.168.2.6192.254.186.165
                                                            Jan 11, 2025 06:53:45.725562096 CET58749738192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:49.870316029 CET58749738192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:49.870677948 CET49738587192.168.2.6192.254.186.165
                                                            Jan 11, 2025 06:53:49.875521898 CET58749738192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:51.539771080 CET58749738192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:51.540025949 CET49738587192.168.2.6192.254.186.165
                                                            Jan 11, 2025 06:53:51.544899940 CET58749738192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:51.688491106 CET58749738192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:51.689182997 CET49738587192.168.2.6192.254.186.165
                                                            Jan 11, 2025 06:53:51.689954996 CET58749738192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:51.690141916 CET49738587192.168.2.6192.254.186.165
                                                            Jan 11, 2025 06:53:51.694048882 CET58749738192.254.186.165192.168.2.6
                                                            Jan 11, 2025 06:53:53.531033039 CET5031953192.168.2.61.1.1.1
                                                            Jan 11, 2025 06:53:53.537424088 CET53503191.1.1.1192.168.2.6
                                                            Jan 11, 2025 06:53:53.537672043 CET5031953192.168.2.61.1.1.1
                                                            Jan 11, 2025 06:53:53.544159889 CET53503191.1.1.1192.168.2.6
                                                            Jan 11, 2025 06:53:54.006603003 CET5031953192.168.2.61.1.1.1
                                                            Jan 11, 2025 06:53:54.011579037 CET53503191.1.1.1192.168.2.6
                                                            Jan 11, 2025 06:53:54.012994051 CET5031953192.168.2.61.1.1.1

                                                            UDP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Jan 11, 2025 06:53:38.727004051 CET4995153192.168.2.61.1.1.1
                                                            Jan 11, 2025 06:53:38.733943939 CET53499511.1.1.1192.168.2.6
                                                            Jan 11, 2025 06:53:40.351658106 CET6070653192.168.2.61.1.1.1
                                                            Jan 11, 2025 06:53:40.787842035 CET53607061.1.1.1192.168.2.6
                                                            Jan 11, 2025 06:53:53.530249119 CET53514291.1.1.1192.168.2.6

                                                            DNS Queries

                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                            Jan 11, 2025 06:53:38.727004051 CET192.168.2.61.1.1.10xdd92Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                            Jan 11, 2025 06:53:40.351658106 CET192.168.2.61.1.1.10xd715Standard query (0)mail.alltoursegypt.comA (IP address)IN (0x0001)false

                                                            DNS Answers

                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                            Jan 11, 2025 06:53:38.733943939 CET1.1.1.1192.168.2.60xdd92No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                            Jan 11, 2025 06:53:38.733943939 CET1.1.1.1192.168.2.60xdd92No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                            Jan 11, 2025 06:53:38.733943939 CET1.1.1.1192.168.2.60xdd92No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                            Jan 11, 2025 06:53:40.787842035 CET1.1.1.1192.168.2.60xd715No error (0)mail.alltoursegypt.comalltoursegypt.comCNAME (Canonical name)IN (0x0001)false
                                                            Jan 11, 2025 06:53:40.787842035 CET1.1.1.1192.168.2.60xd715No error (0)alltoursegypt.com192.254.186.165A (IP address)IN (0x0001)false

                                                            HTTP Request Dependency Graph

                                                            • api.ipify.org

                                                            HTTPS Proxied Packets

                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            0192.168.2.649713172.67.74.1524435812C:\Users\user\Desktop\JuIZye2xKX.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-11 05:53:39 UTC155OUTGET / HTTP/1.1
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                            Host: api.ipify.org
                                                            Connection: Keep-Alive
                                                            2025-01-11 05:53:39 UTC424INHTTP/1.1 200 OK
                                                            Date: Sat, 11 Jan 2025 05:53:39 GMT
                                                            Content-Type: text/plain
                                                            Content-Length: 12
                                                            Connection: close
                                                            Vary: Origin
                                                            CF-Cache-Status: DYNAMIC
                                                            Server: cloudflare
                                                            CF-RAY: 9002a5ccce254270-EWR
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1554&min_rtt=1551&rtt_var=588&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2820&recv_bytes=769&delivery_rate=1852791&cwnd=225&unsent_bytes=0&cid=d0bfc65e245eb576&ts=177&x=0"
                                                            2025-01-11 05:53:39 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                            Data Ascii: 8.46.123.189


                                                            SMTP Packets

                                                            TimestampSource PortDest PortSource IPDest IPCommands
                                                            Jan 11, 2025 06:53:41.472368956 CET58749716192.254.186.165192.168.2.6220-gator3170.hostgator.com ESMTP Exim 4.96.2 #2 Fri, 10 Jan 2025 23:53:41 -0600
                                                            220-We do not authorize the use of this system to transport unsolicited,
                                                            220 and/or bulk e-mail.
                                                            Jan 11, 2025 06:53:41.472559929 CET49716587192.168.2.6192.254.186.165EHLO 134349
                                                            Jan 11, 2025 06:53:41.622828007 CET58749716192.254.186.165192.168.2.6250-gator3170.hostgator.com Hello 134349 [8.46.123.189]
                                                            250-SIZE 52428800
                                                            250-8BITMIME
                                                            250-PIPELINING
                                                            250-PIPECONNECT
                                                            250-AUTH PLAIN LOGIN
                                                            250-STARTTLS
                                                            250 HELP
                                                            Jan 11, 2025 06:53:41.622994900 CET49716587192.168.2.6192.254.186.165STARTTLS
                                                            Jan 11, 2025 06:53:41.774992943 CET58749716192.254.186.165192.168.2.6220 TLS go ahead
                                                            Jan 11, 2025 06:53:44.907860041 CET58749738192.254.186.165192.168.2.6220-gator3170.hostgator.com ESMTP Exim 4.96.2 #2 Fri, 10 Jan 2025 23:53:44 -0600
                                                            220-We do not authorize the use of this system to transport unsolicited,
                                                            220 and/or bulk e-mail.
                                                            Jan 11, 2025 06:53:44.908004999 CET49738587192.168.2.6192.254.186.165EHLO 134349
                                                            Jan 11, 2025 06:53:45.056830883 CET58749738192.254.186.165192.168.2.6250-gator3170.hostgator.com Hello 134349 [8.46.123.189]
                                                            250-SIZE 52428800
                                                            250-8BITMIME
                                                            250-PIPELINING
                                                            250-PIPECONNECT
                                                            250-AUTH PLAIN LOGIN
                                                            250-STARTTLS
                                                            250 HELP
                                                            Jan 11, 2025 06:53:45.056978941 CET49738587192.168.2.6192.254.186.165STARTTLS
                                                            Jan 11, 2025 06:53:45.208250046 CET58749738192.254.186.165192.168.2.6220 TLS go ahead

                                                            Statistics

                                                            CPU Usage

                                                            Click to jump to process

                                                            Memory Usage

                                                            Click to jump to process

                                                            High Level Behavior Distribution

                                                            Click to dive into process behavior distribution

                                                            Behavior

                                                            Click to jump to process

                                                            System Behavior

                                                            General

                                                            Target ID:0
                                                            Start time:00:53:34
                                                            Start date:11/01/2025
                                                            Path:C:\Users\user\Desktop\JuIZye2xKX.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\Desktop\JuIZye2xKX.exe"
                                                            Imagebase:0x4e0000
                                                            File size:876'544 bytes
                                                            MD5 hash:BAC3A84A01A938C623024C8D5B45ECC0
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2165355921.00000000038E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2165355921.00000000038E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2165355921.0000000004154000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2165355921.0000000004154000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            Reputation:low
                                                            Has exited:true

                                                            General

                                                            Target ID:3
                                                            Start time:00:53:37
                                                            Start date:11/01/2025
                                                            Path:C:\Users\user\Desktop\JuIZye2xKX.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:"C:\Users\user\Desktop\JuIZye2xKX.exe"
                                                            Imagebase:0x1d0000
                                                            File size:876'544 bytes
                                                            MD5 hash:BAC3A84A01A938C623024C8D5B45ECC0
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:low
                                                            Has exited:true

                                                            General

                                                            Target ID:4
                                                            Start time:00:53:37
                                                            Start date:11/01/2025
                                                            Path:C:\Users\user\Desktop\JuIZye2xKX.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\Desktop\JuIZye2xKX.exe"
                                                            Imagebase:0xdf0000
                                                            File size:876'544 bytes
                                                            MD5 hash:BAC3A84A01A938C623024C8D5B45ECC0
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.4585576605.000000000339C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.4583658326.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.4583658326.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.4585576605.0000000003371000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.4585576605.0000000003371000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            Reputation:low
                                                            Has exited:false

                                                            Disassembly

                                                            Reset < >

                                                              Execution Graph

                                                              Execution Coverage:11.9%
                                                              Dynamic/Decrypted Code Coverage:100%
                                                              Signature Coverage:0%
                                                              Total number of Nodes:192
                                                              Total number of Limit Nodes:4
                                                              execution_graph 44668 74caac8 44669 74cacd9 44668->44669 44670 74caad2 44668->44670 44674 74cb490 44670->44674 44691 74cb506 44670->44691 44709 74cb4a0 44670->44709 44675 74cb494 44674->44675 44676 74cb4c2 44675->44676 44726 74cba6d 44675->44726 44730 74cbc30 44675->44730 44742 74cbb99 44675->44742 44747 74cbe98 44675->44747 44752 74cba3f 44675->44752 44757 74cb8bf 44675->44757 44762 74cb9de 44675->44762 44767 74cbf3c 44675->44767 44772 74cbc7c 44675->44772 44782 74cba03 44675->44782 44786 74cbd22 44675->44786 44791 74cbac6 44675->44791 44796 74cbb66 44675->44796 44801 74cbaeb 44675->44801 44676->44669 44692 74cb494 44691->44692 44693 74cb509 44691->44693 44694 74cba6d 2 API calls 44692->44694 44695 74cbaeb 2 API calls 44692->44695 44696 74cbb66 2 API calls 44692->44696 44697 74cbac6 2 API calls 44692->44697 44698 74cbd22 2 API calls 44692->44698 44699 74cb4c2 44692->44699 44700 74cba03 2 API calls 44692->44700 44701 74cbc7c 4 API calls 44692->44701 44702 74cbf3c 2 API calls 44692->44702 44703 74cb9de 2 API calls 44692->44703 44704 74cb8bf 2 API calls 44692->44704 44705 74cba3f 2 API calls 44692->44705 44706 74cbe98 2 API calls 44692->44706 44707 74cbb99 2 API calls 44692->44707 44708 74cbc30 6 API calls 44692->44708 44693->44669 44694->44699 44695->44699 44696->44699 44697->44699 44698->44699 44699->44669 44700->44699 44701->44699 44702->44699 44703->44699 44704->44699 44705->44699 44706->44699 44707->44699 44708->44699 44710 74cb4ba 44709->44710 44711 74cb4c2 44710->44711 44712 74cba6d 2 API calls 44710->44712 44713 74cbaeb 2 API calls 44710->44713 44714 74cbb66 2 API calls 44710->44714 44715 74cbac6 2 API calls 44710->44715 44716 74cbd22 2 API calls 44710->44716 44717 74cba03 2 API calls 44710->44717 44718 74cbc7c 4 API calls 44710->44718 44719 74cbf3c 2 API calls 44710->44719 44720 74cb9de 2 API calls 44710->44720 44721 74cb8bf 2 API calls 44710->44721 44722 74cba3f 2 API calls 44710->44722 44723 74cbe98 2 API calls 44710->44723 44724 74cbb99 2 API calls 44710->44724 44725 74cbc30 6 API calls 44710->44725 44711->44669 44712->44711 44713->44711 44714->44711 44715->44711 44716->44711 44717->44711 44718->44711 44719->44711 44720->44711 44721->44711 44722->44711 44723->44711 44724->44711 44725->44711 44806 74ca4b8 44726->44806 44810 74ca4b1 44726->44810 44727 74cba8f 44727->44676 44731 74cbc36 44730->44731 44732 74cbc3a 44731->44732 44734 74cb9ea 44731->44734 44814 74c9f08 44732->44814 44818 74c9f01 44732->44818 44733 74cbad8 44822 74ca3c8 44733->44822 44826 74ca3c0 44733->44826 44735 74cb89f 44734->44735 44830 74c9e30 44734->44830 44834 74c9e29 44734->44834 44735->44676 44743 74cb9ea 44742->44743 44744 74cb89f 44743->44744 44745 74c9e29 Wow64SetThreadContext 44743->44745 44746 74c9e30 Wow64SetThreadContext 44743->44746 44744->44676 44745->44744 44746->44744 44748 74cb9ea 44747->44748 44749 74cb89f 44748->44749 44750 74c9e29 Wow64SetThreadContext 44748->44750 44751 74c9e30 Wow64SetThreadContext 44748->44751 44749->44676 44750->44749 44751->44749 44753 74cbe77 44752->44753 44754 74cc003 44753->44754 44755 74ca3c8 WriteProcessMemory 44753->44755 44756 74ca3c0 WriteProcessMemory 44753->44756 44755->44753 44756->44753 44758 74cb8ca 44757->44758 44838 74ca644 44758->44838 44842 74ca650 44758->44842 44763 74cb9ea 44762->44763 44764 74cb89f 44763->44764 44765 74c9e29 Wow64SetThreadContext 44763->44765 44766 74c9e30 Wow64SetThreadContext 44763->44766 44764->44676 44765->44764 44766->44764 44768 74cbf42 44767->44768 44846 74c9948 44768->44846 44850 74c9940 44768->44850 44769 74cbf68 44769->44676 44773 74cbc82 44772->44773 44774 74cbf53 44773->44774 44775 74cb9ea 44773->44775 44777 74cb89f 44774->44777 44780 74c9948 ResumeThread 44774->44780 44781 74c9940 ResumeThread 44774->44781 44775->44777 44778 74c9e29 Wow64SetThreadContext 44775->44778 44779 74c9e30 Wow64SetThreadContext 44775->44779 44776 74cbf68 44776->44676 44777->44676 44778->44777 44779->44777 44780->44776 44781->44776 44784 74c9e29 Wow64SetThreadContext 44782->44784 44785 74c9e30 Wow64SetThreadContext 44782->44785 44783 74cba1d 44783->44676 44784->44783 44785->44783 44787 74cb9ea 44786->44787 44788 74cb89f 44787->44788 44789 74c9e29 Wow64SetThreadContext 44787->44789 44790 74c9e30 Wow64SetThreadContext 44787->44790 44788->44676 44789->44788 44790->44788 44792 74cbad7 44791->44792 44794 74ca3c8 WriteProcessMemory 44792->44794 44795 74ca3c0 WriteProcessMemory 44792->44795 44793 74cbda1 44793->44676 44794->44793 44795->44793 44797 74cbad8 44796->44797 44799 74ca3c8 WriteProcessMemory 44797->44799 44800 74ca3c0 WriteProcessMemory 44797->44800 44798 74cbda1 44798->44676 44799->44798 44800->44798 44802 74cbb0e 44801->44802 44803 74cbfeb 44802->44803 44804 74ca3c8 WriteProcessMemory 44802->44804 44805 74ca3c0 WriteProcessMemory 44802->44805 44803->44676 44804->44802 44805->44802 44807 74ca503 ReadProcessMemory 44806->44807 44809 74ca547 44807->44809 44809->44727 44811 74ca4b8 ReadProcessMemory 44810->44811 44813 74ca547 44811->44813 44813->44727 44815 74c9f48 VirtualAllocEx 44814->44815 44817 74c9f85 44815->44817 44817->44733 44819 74c9f08 VirtualAllocEx 44818->44819 44821 74c9f85 44819->44821 44821->44733 44823 74ca410 WriteProcessMemory 44822->44823 44825 74ca467 44823->44825 44825->44735 44827 74ca3c8 WriteProcessMemory 44826->44827 44829 74ca467 44827->44829 44829->44735 44831 74c9e75 Wow64SetThreadContext 44830->44831 44833 74c9ebd 44831->44833 44833->44735 44835 74c9e30 Wow64SetThreadContext 44834->44835 44837 74c9ebd 44835->44837 44837->44735 44839 74ca650 CreateProcessA 44838->44839 44841 74ca89b 44839->44841 44841->44841 44843 74ca6d9 CreateProcessA 44842->44843 44845 74ca89b 44843->44845 44847 74c9988 ResumeThread 44846->44847 44849 74c99b9 44847->44849 44849->44769 44851 74c9946 ResumeThread 44850->44851 44853 74c99b9 44851->44853 44853->44769 44869 f4d560 44870 f4d5a6 44869->44870 44874 f4d740 44870->44874 44877 f4d730 44870->44877 44871 f4d693 44881 f4d070 44874->44881 44878 f4d734 44877->44878 44879 f4d76e 44878->44879 44880 f4d070 DuplicateHandle 44878->44880 44879->44871 44880->44879 44882 f4d7a8 DuplicateHandle 44881->44882 44884 f4d76e 44882->44884 44884->44871 44854 71ada10 44855 71ada58 VirtualProtect 44854->44855 44856 71ada92 44855->44856 44857 71a0110 44859 71a003d DrawTextExW 44857->44859 44860 71a00e6 44859->44860 44885 71a2d00 44886 71a2d06 CloseHandle 44885->44886 44888 71a2d6f 44886->44888 44861 f4b1f8 44864 f4b2e0 44861->44864 44862 f4b207 44866 f4b2ec 44864->44866 44865 f4b324 44865->44862 44866->44865 44867 f4b528 GetModuleHandleW 44866->44867 44868 f4b555 44867->44868 44868->44862 44889 f44668 44890 f4467a 44889->44890 44891 f44686 44890->44891 44893 f44779 44890->44893 44894 f4477c 44893->44894 44898 f44888 44894->44898 44902 f44878 44894->44902 44900 f448af 44898->44900 44899 f4498c 44899->44899 44900->44899 44906 f444b0 44900->44906 44904 f4487c 44902->44904 44903 f4498c 44904->44903 44905 f444b0 CreateActCtxA 44904->44905 44905->44903 44907 f45918 CreateActCtxA 44906->44907 44909 f459db 44907->44909 44910 74cc7e0 44911 74cc96b 44910->44911 44913 74cc806 44910->44913 44913->44911 44914 74ca078 44913->44914 44915 74cca60 PostMessageW 44914->44915 44917 74ccacc 44915->44917 44917->44913

                                                              Executed Functions

                                                              Function 071A8A10 Relevance: 4.1, Strings: 3, Instructions: 380COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 173 71a8a10-71a8a16 174 71a8a68-71a8a73 173->174 175 71a8a18-71a8a1a 173->175 176 71a8a74-71a8ac5 174->176 177 71a8a4e-71a8a67 175->177 178 71a8ae1-71a8af0 176->178 179 71a8ac7-71a8ac8 176->179 177->174 178->176 180 71a8af2-71a8b20 178->180 179->177 181 71a8acb-71a8acc 180->181 182 71a8b22-71a8b46 180->182 183 71a8ace-71a8adc 181->183 184 71a8b4d 181->184 182->184 183->178 186 71a8b4f 184->186 187 71a8b54-71a8b92 call 71a90d0 184->187 186->187 189 71a8b98 187->189 190 71a8b9f-71a8bbb 189->190 191 71a8bbd 190->191 192 71a8bc4-71a8bc5 190->192 191->189 191->192 193 71a8cfa-71a8d1a 191->193 194 71a8f1b-71a8f22 191->194 195 71a8d5b-71a8d72 191->195 196 71a8d1f-71a8d31 191->196 197 71a8eff-71a8f16 191->197 198 71a8dbd-71a8dc1 191->198 199 71a8e1d-71a8e29 191->199 200 71a8cd0-71a8cdc 191->200 201 71a8d91-71a8d9e 191->201 202 71a8d36-71a8d56 191->202 203 71a8c96-71a8ca8 191->203 204 71a8d77-71a8d8c 191->204 205 71a8bf7-71a8c09 191->205 206 71a8ed5-71a8ee1 191->206 207 71a8bca-71a8bce 191->207 208 71a8c0b-71a8c14 191->208 209 71a8eab-71a8ed0 191->209 210 71a8ded-71a8df1 191->210 211 71a8cad-71a8ccb 191->211 212 71a8da3-71a8db8 191->212 213 71a8c40-71a8c58 191->213 192->194 193->190 195->190 196->190 197->190 224 71a8dc3-71a8dd2 198->224 225 71a8dd4-71a8ddb 198->225 216 71a8e2b 199->216 217 71a8e30-71a8e46 199->217 218 71a8cde 200->218 219 71a8ce3-71a8cf5 200->219 201->190 202->190 203->190 204->190 205->190 226 71a8ee8-71a8efa 206->226 227 71a8ee3 206->227 220 71a8bd0-71a8bdf 207->220 221 71a8be1-71a8be8 207->221 222 71a8c16-71a8c25 208->222 223 71a8c27-71a8c2e 208->223 209->190 214 71a8df3-71a8e02 210->214 215 71a8e04-71a8e0b 210->215 211->190 212->190 228 71a8c5a 213->228 229 71a8c5f-71a8c75 213->229 230 71a8e12-71a8e18 214->230 215->230 216->217 244 71a8e48 217->244 245 71a8e4d-71a8e63 217->245 218->219 219->190 233 71a8bef-71a8bf5 220->233 221->233 235 71a8c35-71a8c3b 222->235 223->235 237 71a8de2-71a8de8 224->237 225->237 226->190 227->226 228->229 242 71a8c7c-71a8c91 229->242 243 71a8c77 229->243 230->190 233->190 235->190 237->190 242->190 243->242 244->245 248 71a8e6a-71a8e80 245->248 249 71a8e65 245->249 251 71a8e82 248->251 252 71a8e87-71a8ea6 248->252 249->248 251->252 252->190
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ry$ry$ry
                                                              • API String ID: 0-128149707
                                                              • Opcode ID: 0afea181c19a5cdd4aa1ff27d4c2a7787b758f11b63b88920df91600553bb19e
                                                              • Instruction ID: bdb0a028d7d6485c11a1b3e7883b919ebbf6b3dd2b86b4625342d052d3cdc3b2
                                                              • Opcode Fuzzy Hash: 0afea181c19a5cdd4aa1ff27d4c2a7787b758f11b63b88920df91600553bb19e
                                                              • Instruction Fuzzy Hash: 3AF1AFB5D18246DFCB06CFA5D8814EEFBB2FF4A310B15859AC441AB395D7349A82CF90
                                                              Function 071A8ACA Relevance: 4.1, Strings: 3, Instructions: 316COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 255 71a8aca-71a8acc 256 71a8ace-71a8adc 255->256 257 71a8b4d 255->257 258 71a8ae1-71a8af0 256->258 259 71a8b4f 257->259 260 71a8b54-71a8b92 call 71a90d0 257->260 261 71a8af2-71a8b20 258->261 262 71a8a74-71a8ac5 258->262 259->260 270 71a8b98 260->270 264 71a8acb-71a8acc 261->264 265 71a8b22-71a8b46 261->265 262->258 263 71a8ac7-71a8ac8 262->263 263->262 264->256 264->257 265->257 271 71a8b9f-71a8bbb 270->271 272 71a8bbd 271->272 273 71a8bc4-71a8bc5 271->273 272->270 272->273 274 71a8cfa-71a8d1a 272->274 275 71a8f1b-71a8f22 272->275 276 71a8d5b-71a8d72 272->276 277 71a8d1f-71a8d31 272->277 278 71a8eff-71a8f16 272->278 279 71a8dbd-71a8dc1 272->279 280 71a8e1d-71a8e29 272->280 281 71a8cd0-71a8cdc 272->281 282 71a8d91-71a8d9e 272->282 283 71a8d36-71a8d56 272->283 284 71a8c96-71a8ca8 272->284 285 71a8d77-71a8d8c 272->285 286 71a8bf7-71a8c09 272->286 287 71a8ed5-71a8ee1 272->287 288 71a8bca-71a8bce 272->288 289 71a8c0b-71a8c14 272->289 290 71a8eab-71a8ed0 272->290 291 71a8ded-71a8df1 272->291 292 71a8cad-71a8ccb 272->292 293 71a8da3-71a8db8 272->293 294 71a8c40-71a8c58 272->294 273->275 274->271 276->271 277->271 278->271 305 71a8dc3-71a8dd2 279->305 306 71a8dd4-71a8ddb 279->306 297 71a8e2b 280->297 298 71a8e30-71a8e46 280->298 299 71a8cde 281->299 300 71a8ce3-71a8cf5 281->300 282->271 283->271 284->271 285->271 286->271 307 71a8ee8-71a8efa 287->307 308 71a8ee3 287->308 301 71a8bd0-71a8bdf 288->301 302 71a8be1-71a8be8 288->302 303 71a8c16-71a8c25 289->303 304 71a8c27-71a8c2e 289->304 290->271 295 71a8df3-71a8e02 291->295 296 71a8e04-71a8e0b 291->296 292->271 293->271 309 71a8c5a 294->309 310 71a8c5f-71a8c75 294->310 311 71a8e12-71a8e18 295->311 296->311 297->298 325 71a8e48 298->325 326 71a8e4d-71a8e63 298->326 299->300 300->271 314 71a8bef-71a8bf5 301->314 302->314 316 71a8c35-71a8c3b 303->316 304->316 318 71a8de2-71a8de8 305->318 306->318 307->271 308->307 309->310 323 71a8c7c-71a8c91 310->323 324 71a8c77 310->324 311->271 314->271 316->271 318->271 323->271 324->323 325->326 329 71a8e6a-71a8e80 326->329 330 71a8e65 326->330 332 71a8e82 329->332 333 71a8e87-71a8ea6 329->333 330->329 332->333 333->271
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ry$ry$ry
                                                              • API String ID: 0-128149707
                                                              • Opcode ID: 04cee5a7db33ca2e8fa2b4cf6498b9d2dcf33559f2993add1bbeb7febcf08956
                                                              • Instruction ID: b84844d6910f49cb65e0737b5d5ceeae54cc443e149d1dd2b1008af9df94c403
                                                              • Opcode Fuzzy Hash: 04cee5a7db33ca2e8fa2b4cf6498b9d2dcf33559f2993add1bbeb7febcf08956
                                                              • Instruction Fuzzy Hash: C9D16EB8D1434AEFCB0ACFA5C8814AEFBB2FF49311B158555D411AB395D734AA82CF90
                                                              Function 071A8B28 Relevance: 4.0, Strings: 3, Instructions: 284COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 336 71a8b28-71a8b4d 338 71a8b4f 336->338 339 71a8b54-71a8b92 call 71a90d0 336->339 338->339 341 71a8b98 339->341 342 71a8b9f-71a8bbb 341->342 343 71a8bbd 342->343 344 71a8bc4-71a8bc5 342->344 343->341 343->344 345 71a8cfa-71a8d1a 343->345 346 71a8f1b-71a8f22 343->346 347 71a8d5b-71a8d72 343->347 348 71a8d1f-71a8d31 343->348 349 71a8eff-71a8f16 343->349 350 71a8dbd-71a8dc1 343->350 351 71a8e1d-71a8e29 343->351 352 71a8cd0-71a8cdc 343->352 353 71a8d91-71a8d9e 343->353 354 71a8d36-71a8d56 343->354 355 71a8c96-71a8ca8 343->355 356 71a8d77-71a8d8c 343->356 357 71a8bf7-71a8c09 343->357 358 71a8ed5-71a8ee1 343->358 359 71a8bca-71a8bce 343->359 360 71a8c0b-71a8c14 343->360 361 71a8eab-71a8ed0 343->361 362 71a8ded-71a8df1 343->362 363 71a8cad-71a8ccb 343->363 364 71a8da3-71a8db8 343->364 365 71a8c40-71a8c58 343->365 344->346 345->342 347->342 348->342 349->342 376 71a8dc3-71a8dd2 350->376 377 71a8dd4-71a8ddb 350->377 368 71a8e2b 351->368 369 71a8e30-71a8e46 351->369 370 71a8cde 352->370 371 71a8ce3-71a8cf5 352->371 353->342 354->342 355->342 356->342 357->342 378 71a8ee8-71a8efa 358->378 379 71a8ee3 358->379 372 71a8bd0-71a8bdf 359->372 373 71a8be1-71a8be8 359->373 374 71a8c16-71a8c25 360->374 375 71a8c27-71a8c2e 360->375 361->342 366 71a8df3-71a8e02 362->366 367 71a8e04-71a8e0b 362->367 363->342 364->342 380 71a8c5a 365->380 381 71a8c5f-71a8c75 365->381 382 71a8e12-71a8e18 366->382 367->382 368->369 396 71a8e48 369->396 397 71a8e4d-71a8e63 369->397 370->371 371->342 385 71a8bef-71a8bf5 372->385 373->385 387 71a8c35-71a8c3b 374->387 375->387 389 71a8de2-71a8de8 376->389 377->389 378->342 379->378 380->381 394 71a8c7c-71a8c91 381->394 395 71a8c77 381->395 382->342 385->342 387->342 389->342 394->342 395->394 396->397 400 71a8e6a-71a8e80 397->400 401 71a8e65 397->401 403 71a8e82 400->403 404 71a8e87-71a8ea6 400->404 401->400 403->404 404->342
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ry$ry$ry
                                                              • API String ID: 0-128149707
                                                              • Opcode ID: d040553cc61b4635ece6337f933a3262cc4abdbc1e112418a47e1991b4c230c9
                                                              • Instruction ID: cd30aba70ac38a1c01f74a6fd29dbc77ba264253cd4f2aa87683482cb55a5c88
                                                              • Opcode Fuzzy Hash: d040553cc61b4635ece6337f933a3262cc4abdbc1e112418a47e1991b4c230c9
                                                              • Instruction Fuzzy Hash: D3C16AB8D1420AEFCB09CFA5C4858AEFBB2FF89311F118555D415AB394D734AA82CF94
                                                              Function 074CDAC8 Relevance: 3.1, Strings: 2, Instructions: 611COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 407 74cdac8-74cdaea 408 74cde9a-74cde9f 407->408 409 74cdaf0-74cdb2b call 74ca398 call 74ca3a8 call 74cd700 407->409 410 74cdea9-74cdeac 408->410 411 74cdea1-74cdea3 408->411 421 74cdb2d-74cdb37 409->421 422 74cdb3e-74cdb5e 409->422 414 74cdeb4-74cdebc 410->414 411->410 416 74cdec2-74cdec9 414->416 421->422 424 74cdb60-74cdb6a 422->424 425 74cdb71-74cdb91 422->425 424->425 427 74cdba4-74cdbc4 425->427 428 74cdb93-74cdb9d 425->428 430 74cdbc6-74cdbd0 427->430 431 74cdbd7-74cdbe0 call 74cd710 427->431 428->427 430->431 434 74cdc04-74cdc0d call 74cd720 431->434 435 74cdbe2-74cdbfd call 74cd710 431->435 440 74cdc0f-74cdc2a call 74cd720 434->440 441 74cdc31-74cdc3a call 74cd730 434->441 435->434 440->441 447 74cdc3c-74cdc40 call 74cd740 441->447 448 74cdc45-74cdc61 441->448 447->448 452 74cdc79-74cdc7d 448->452 453 74cdc63-74cdc69 448->453 454 74cdc7f-74cdc90 call 74cd750 452->454 455 74cdc97-74cdcdf 452->455 456 74cdc6d-74cdc6f 453->456 457 74cdc6b 453->457 454->455 463 74cdce1 455->463 464 74cdd03-74cdd0a 455->464 456->452 457->452 467 74cdce4-74cdcea 463->467 465 74cdd0c-74cdd1b 464->465 466 74cdd21-74cdd2f call 74cd760 464->466 465->466 476 74cdd39-74cdd63 466->476 477 74cdd31-74cdd33 466->477 468 74cdeca-74cded4 467->468 469 74cdcf0-74cdcf6 467->469 478 74cde6e-74cde75 468->478 479 74cded6-74cdf09 468->479 471 74cdcf8-74cdcfa 469->471 472 74cdd00-74cdd01 469->472 471->472 472->464 472->467 489 74cdd65-74cdd73 476->489 490 74cdd90-74cddac 476->490 477->476 486 74cde77-74cde7b 478->486 487 74cde81-74cde99 478->487 480 74cdf68-74cdf78 479->480 481 74cdf0b-74cdf2c 479->481 491 74ce14e-74ce155 480->491 492 74cdf7e-74cdf88 480->492 481->480 493 74cdf2e-74cdf34 481->493 486->487 489->490 509 74cdd75-74cdd89 489->509 510 74cddae-74cddb8 490->510 511 74cddbf-74cdde6 call 74cd770 490->511 496 74ce164-74ce177 491->496 497 74ce157-74ce15f call 74ca124 491->497 494 74cdf8a-74cdf91 492->494 495 74cdf92-74cdf9c 492->495 499 74cdf36-74cdf38 493->499 500 74cdf42-74cdf47 493->500 505 74ce181-74ce228 495->505 506 74cdfa2-74cdfe2 495->506 497->496 499->500 501 74cdf49-74cdf4d 500->501 502 74cdf54-74cdf61 500->502 501->502 502->480 568 74ce229 505->568 530 74cdffa-74cdffe 506->530 531 74cdfe4-74cdfea 506->531 509->490 510->511 521 74cddfe-74cde02 511->521 522 74cdde8-74cddee 511->522 526 74cde1d-74cde39 521->526 527 74cde04-74cde16 521->527 524 74cddf0 522->524 525 74cddf2-74cddf4 522->525 524->521 525->521 539 74cde3b-74cde41 526->539 540 74cde51-74cde55 526->540 527->526 536 74ce02b-74ce043 call 74cd884 530->536 537 74ce000-74ce025 530->537 534 74cdfec 531->534 535 74cdfee-74cdff0 531->535 534->530 535->530 553 74ce045-74ce04a 536->553 554 74ce050-74ce058 536->554 537->536 543 74cde45-74cde47 539->543 544 74cde43 539->544 540->416 541 74cde57-74cde65 540->541 541->486 550 74cde67-74cde69 541->550 543->540 544->540 550->478 553->554 556 74ce06e-74ce08d 554->556 557 74ce05a-74ce068 554->557 562 74ce08f-74ce095 556->562 563 74ce0a5-74ce0a9 556->563 557->556 566 74ce099-74ce09b 562->566 567 74ce097 562->567 564 74ce0ab-74ce0b8 563->564 565 74ce102-74ce14b 563->565 572 74ce0ee-74ce0fb 564->572 573 74ce0ba-74ce0ec 564->573 565->491 566->563 567->563 568->568 572->565 573->572
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168774586.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_74c0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 0O$0O
                                                              • API String ID: 0-234839962
                                                              • Opcode ID: 8a23936b26876e2786752b334666ec5236ac8e97dca6e072ec959fe686691409
                                                              • Instruction ID: cb5375264e3c99bcf4c304de05ba2fc2a0b258b7470d18f36cb29d0fe304a4eb
                                                              • Opcode Fuzzy Hash: 8a23936b26876e2786752b334666ec5236ac8e97dca6e072ec959fe686691409
                                                              • Instruction Fuzzy Hash: E73279B8B012058FDB58EB69C950BAEBBF6AF89300F14446EE505DB3A1DB35ED01CB51
                                                              Function 071AF418 Relevance: 2.7, Strings: 2, Instructions: 224COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 581 71af418-71af43d 582 71af43f 581->582 583 71af444-71af475 581->583 582->583 584 71af476 583->584 585 71af47d-71af499 584->585 586 71af49b 585->586 587 71af4a2-71af4a3 585->587 586->584 586->587 588 71af5fb-71af610 586->588 589 71af578-71af58f 586->589 590 71af6d9-71af6f0 586->590 591 71af530-71af542 586->591 592 71af594-71af5a7 586->592 593 71af615-71af61e 586->593 594 71af6f5-71af70a 586->594 595 71af6ab-71af6bd 586->595 596 71af4a8-71af4ea 586->596 597 71af68e-71af6a6 586->597 598 71af70f-71af718 586->598 599 71af64f-71af662 586->599 600 71af5ac-71af5b0 586->600 601 71af4ec-71af4ff 586->601 602 71af6c2-71af6d4 586->602 603 71af623-71af64a 586->603 604 71af5e3-71af5f6 586->604 605 71af547-71af54a 586->605 606 71af504-71af52b 586->606 587->598 588->585 589->585 590->585 591->585 592->585 593->585 594->585 595->585 596->585 597->585 609 71af664-71af673 599->609 610 71af675-71af67c 599->610 607 71af5b2-71af5c1 600->607 608 71af5c3-71af5ca 600->608 601->585 602->585 603->585 604->585 618 71af54d call 71af858 605->618 619 71af54d call 71a6a3c 605->619 606->585 613 71af5d1-71af5de 607->613 608->613 611 71af683-71af689 609->611 610->611 611->585 612 71af553-71af573 612->585 613->585 618->612 619->612
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: TuA$UC;"
                                                              • API String ID: 0-2071649361
                                                              • Opcode ID: 7091174336466b52a0c0d2b63785f876269a614ceb7a2cfb819e484d1b9dcc84
                                                              • Instruction ID: cd0c651532a1b689963bbe148b90c3d865508904eee17799053b1033dd5cd0da
                                                              • Opcode Fuzzy Hash: 7091174336466b52a0c0d2b63785f876269a614ceb7a2cfb819e484d1b9dcc84
                                                              • Instruction Fuzzy Hash: F291FBB4D25609EFCB08CFE6E58199EFBB6FF89350F10942AE415AB2A4D7309542CF50
                                                              Function 071AF408 Relevance: 2.7, Strings: 2, Instructions: 223COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 620 71af408-71af43d 621 71af43f 620->621 622 71af444-71af475 620->622 621->622 623 71af476 622->623 624 71af47d-71af499 623->624 625 71af49b 624->625 626 71af4a2-71af4a3 624->626 625->623 625->626 627 71af5fb-71af610 625->627 628 71af578-71af58f 625->628 629 71af6d9-71af6f0 625->629 630 71af530-71af542 625->630 631 71af594-71af5a7 625->631 632 71af615-71af61e 625->632 633 71af6f5-71af70a 625->633 634 71af6ab-71af6bd 625->634 635 71af4a8-71af4ea 625->635 636 71af68e-71af6a6 625->636 637 71af70f-71af718 625->637 638 71af64f-71af662 625->638 639 71af5ac-71af5b0 625->639 640 71af4ec-71af4ff 625->640 641 71af6c2-71af6d4 625->641 642 71af623-71af64a 625->642 643 71af5e3-71af5f6 625->643 644 71af547-71af54a 625->644 645 71af504-71af52b 625->645 626->637 627->624 628->624 629->624 630->624 631->624 632->624 633->624 634->624 635->624 636->624 648 71af664-71af673 638->648 649 71af675-71af67c 638->649 646 71af5b2-71af5c1 639->646 647 71af5c3-71af5ca 639->647 640->624 641->624 642->624 643->624 657 71af54d call 71af858 644->657 658 71af54d call 71a6a3c 644->658 645->624 652 71af5d1-71af5de 646->652 647->652 650 71af683-71af689 648->650 649->650 650->624 651 71af553-71af573 651->624 652->624 657->651 658->651
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: TuA$UC;"
                                                              • API String ID: 0-2071649361
                                                              • Opcode ID: f35934f79c22eedb295c1c6d505b77ba6f30fa2a8d829c66df6649c1f7a7ea9e
                                                              • Instruction ID: b8ff87be7da62982ec809fef2ad290d4856b27728099162d7a9f2208ee9f83fa
                                                              • Opcode Fuzzy Hash: f35934f79c22eedb295c1c6d505b77ba6f30fa2a8d829c66df6649c1f7a7ea9e
                                                              • Instruction Fuzzy Hash: 97913DB5D25609EFCB08CFA5E48199EFBF6FF89310F10942AE415A72A4D7309542CF50
                                                              Function 071A654D Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: z^I
                                                              • API String ID: 0-307258731
                                                              • Opcode ID: b2965cccdd53549ddf4dbea76cab37bbd88dce8297adb58b351ace73ab920f9d
                                                              • Instruction ID: f27a959d340184f1d6a0a34485f6f09f1c9eebfe1e253905cf95dc57ea7d9dbc
                                                              • Opcode Fuzzy Hash: b2965cccdd53549ddf4dbea76cab37bbd88dce8297adb58b351ace73ab920f9d
                                                              • Instruction Fuzzy Hash: 09B17B75E042499FCB08CFA9C9805EDFFB2FF89300F28842AC455AB295D7309916CF64
                                                              Function 071A6521 Relevance: 1.5, Strings: 1, Instructions: 260COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: z^I
                                                              • API String ID: 0-307258731
                                                              • Opcode ID: d6d6add7a990ed76a8edcf2b668c2e8b878c5d7238288f67b5a11c07c39b027a
                                                              • Instruction ID: 9c13cb726f186ae7e1810d57c20713396a9ee33c664d9f8eb43234747090cb65
                                                              • Opcode Fuzzy Hash: d6d6add7a990ed76a8edcf2b668c2e8b878c5d7238288f67b5a11c07c39b027a
                                                              • Instruction Fuzzy Hash: 9EB137B5E042499FCB08CFA9C9846DDFBB2FF89310F24942AD419BB295D7349906CF64
                                                              Function 071A65C0 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: z^I
                                                              • API String ID: 0-307258731
                                                              • Opcode ID: fb7de50cf0e79d4e3548126382a42d96e57d339633b185d283dc8ddcaa7bcbca
                                                              • Instruction ID: 14abff316ea2879ffb97cdc9be8275ca3ead0e5525cf5e8cca44bd958be561fa
                                                              • Opcode Fuzzy Hash: fb7de50cf0e79d4e3548126382a42d96e57d339633b185d283dc8ddcaa7bcbca
                                                              • Instruction Fuzzy Hash: 5D91C4B4E102199FCB08CFAAC98469EFBB2FF89310F24942AD419BB255D7349945CF64
                                                              Function 071AE3D8 Relevance: 1.4, Strings: 1, Instructions: 185COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: iUfo
                                                              • API String ID: 0-3820436262
                                                              • Opcode ID: 0724abd8aa760f3df8995172d0f8e8fbaca95bb6e3edad4f5e09ff59c8a23b90
                                                              • Instruction ID: baf9c6171a521cbd3b59d6629f39cfff8e8888ee26a2ce55468bbd7863354b2f
                                                              • Opcode Fuzzy Hash: 0724abd8aa760f3df8995172d0f8e8fbaca95bb6e3edad4f5e09ff59c8a23b90
                                                              • Instruction Fuzzy Hash: A07123B8E11219EFCF08CFA9D5465AEBBB6FF89310F10846AE405E7390E7349A458F50
                                                              Function 071ADDE2 Relevance: 1.4, Strings: 1, Instructions: 178COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 5=6
                                                              • API String ID: 0-2897083178
                                                              • Opcode ID: 57d0e917369fbfa3ae944a84db7e4a54f3fd13b4c1e4d08fc89763d1ebf50015
                                                              • Instruction ID: bd57c040604fd23db195fcb056e376d08e5363db961694f75b5469fe053d92fb
                                                              • Opcode Fuzzy Hash: 57d0e917369fbfa3ae944a84db7e4a54f3fd13b4c1e4d08fc89763d1ebf50015
                                                              • Instruction Fuzzy Hash: 1B713AB4E1560AAFCB08CFA5E9415AEFBB2FF99310F10992AD015F7294DB349A018F54
                                                              Function 071ADDF0 Relevance: 1.4, Strings: 1, Instructions: 176COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 5=6
                                                              • API String ID: 0-2897083178
                                                              • Opcode ID: 418b975904f9c17ae2e14d9b9109e4de150bbc9d787c8291a0fc1b9d4daf9ff4
                                                              • Instruction ID: 0aaa7b1f0e4455cedd7242717fdd1730c5134b1f193fd195d53a584d3eb78f83
                                                              • Opcode Fuzzy Hash: 418b975904f9c17ae2e14d9b9109e4de150bbc9d787c8291a0fc1b9d4daf9ff4
                                                              • Instruction Fuzzy Hash: 91616A74E1560AAFCB08CFA5E9414AEFBB2FF99300F10D92AD016F7294DB349A018F50
                                                              Function 071AE3E8 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: iUfo
                                                              • API String ID: 0-3820436262
                                                              • Opcode ID: 6486e545db3e1bff174b0fd6e7001940bea01d24f2e35a76caf50bb99e8c596a
                                                              • Instruction ID: e0342ba93adf0ab50abafec1f8ecc47a4feefb7c26a91f09da3509d820934b4e
                                                              • Opcode Fuzzy Hash: 6486e545db3e1bff174b0fd6e7001940bea01d24f2e35a76caf50bb99e8c596a
                                                              • Instruction Fuzzy Hash: 9F5102B8E10219DFCF18CFA9D4465AEBBB6FB89310F10842AE405FB294EB345A458F54
                                                              Function 074C0006 Relevance: .3, Instructions: 279COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168774586.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_74c0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a20534b907d89eb1f27cec71cd92348eaa231ace95b98377d891891ae752ef76
                                                              • Instruction ID: 54ea5e5dd3a64b998e69f028018fb13e8bb889b74f8ad12b8b73d17629b3ee37
                                                              • Opcode Fuzzy Hash: a20534b907d89eb1f27cec71cd92348eaa231ace95b98377d891891ae752ef76
                                                              • Instruction Fuzzy Hash: 04B156B4D16219DFDB58CFA6D9806DEFBB2FF89300F20946AD015AB264D7349A06CF11
                                                              Function 074C0040 Relevance: .3, Instructions: 254COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168774586.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_74c0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7524f3f7fe27fe34b528abdf4c6cf32a3b5834dc133d91abffd4a77c67baa82b
                                                              • Instruction ID: 832655f4f79bd2760a0e082356e70b8684a9730b8d2c3d8d6b72a83838ee9b65
                                                              • Opcode Fuzzy Hash: 7524f3f7fe27fe34b528abdf4c6cf32a3b5834dc133d91abffd4a77c67baa82b
                                                              • Instruction Fuzzy Hash: 7DB1F7B4D16219DFDF58CFA6D9406DEFBB2BF89300F20942AD415AB264DB349A06CF11
                                                              Function 00F46F90 Relevance: .2, Instructions: 188COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2164515583.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_f40000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8816f595ed74cd432c09f795128a787b3934dbaa81e2defddcbcedd8515363e5
                                                              • Instruction ID: 4340d27d4b7defdf6ef9217bc438815d684b4f00ac073ee3aa011fd049e5a8d8
                                                              • Opcode Fuzzy Hash: 8816f595ed74cd432c09f795128a787b3934dbaa81e2defddcbcedd8515363e5
                                                              • Instruction Fuzzy Hash: A191B274E01249CFDB58DFB9D884A9EBBB2BF89300F1085A9D919AB365DB309D45CF40
                                                              Function 00F43E28 Relevance: .2, Instructions: 187COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2164515583.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_f40000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 09cd7ec29ea00ea5d7e31aa1d1fa8f45edb757fb497b703c41dedb4dfdbee485
                                                              • Instruction ID: b228489a332cc2b356dca38cbf42a2451e11ac5cfe37f91b8a1d41a2d91134b1
                                                              • Opcode Fuzzy Hash: 09cd7ec29ea00ea5d7e31aa1d1fa8f45edb757fb497b703c41dedb4dfdbee485
                                                              • Instruction Fuzzy Hash: 0791B374E01219CFDB54DFB9D884A9EBBB2BF89300F5085A9D919AB365DB309D41CF40
                                                              Function 074C35B0 Relevance: .1, Instructions: 138COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168774586.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_74c0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 96300ada6145de9d5066306fcbcb496ff317e913a327573456700ba6dfc97484
                                                              • Instruction ID: a89db9ef0d10b9b8059f539d55920f69632ee6437b039a25ca2cec62febd425a
                                                              • Opcode Fuzzy Hash: 96300ada6145de9d5066306fcbcb496ff317e913a327573456700ba6dfc97484
                                                              • Instruction Fuzzy Hash: 255168B4E096488FDB04CFAAC9142EEBBF6FF8A300F14C16AD409AB395D7755906CB41
                                                              Function 071A7CAA Relevance: .1, Instructions: 75COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f484f97f68627497b83bf8eb499250a0bd4020d33355a61afe991ec49b7e520d
                                                              • Instruction ID: f5c5e3aee73e4ddd83ea61c03a2340f9fef495f661d0e91a8a13d80a9c9f89ce
                                                              • Opcode Fuzzy Hash: f484f97f68627497b83bf8eb499250a0bd4020d33355a61afe991ec49b7e520d
                                                              • Instruction Fuzzy Hash: 46312C71E006589BDB19CFAAD8406DEBBB3AFC9310F14C06AD409AB264DB345A85CF50
                                                              Function 07A1AD88 Relevance: 10.3, Strings: 8, Instructions: 320COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 0O$0O$0O$0O$0O$0O$0O$0O
                                                              • API String ID: 0-245259716
                                                              • Opcode ID: 0904f3639421325259856f38cd2f084f862f0207f38ed220a09ab3717104584f
                                                              • Instruction ID: 03c8774d31b2f086d254d12d64ad603b319d86d997ed59492c77201e812bf0f7
                                                              • Opcode Fuzzy Hash: 0904f3639421325259856f38cd2f084f862f0207f38ed220a09ab3717104584f
                                                              • Instruction Fuzzy Hash: BEB16874B00205CFEB18EBB8D554AAE77F6AFC8340B254469D916AB395CF35EC02CB61
                                                              Function 00F4B2E0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 206COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 106 f4b2e0-f4b2ea 107 f4b2ec-f4b2ed 106->107 108 f4b2ee-f4b2ff 106->108 107->108 109 f4b301-f4b30e call f4aca4 108->109 110 f4b32b-f4b32f 108->110 115 f4b324 109->115 116 f4b310 109->116 112 f4b331-f4b33b 110->112 113 f4b343-f4b384 110->113 112->113 119 f4b386-f4b38e 113->119 120 f4b391-f4b39f 113->120 115->110 169 f4b316 call f4b588 116->169 170 f4b316 call f4b578 116->170 119->120 121 f4b3a1-f4b3a6 120->121 122 f4b3c3-f4b3c5 120->122 124 f4b3b1 121->124 125 f4b3a8-f4b3af call f4acb0 121->125 127 f4b3c8-f4b3cf 122->127 123 f4b31c-f4b31e 123->115 126 f4b460-f4b47e 123->126 129 f4b3b3-f4b3c1 124->129 125->129 143 f4b485 126->143 130 f4b3d1-f4b3d9 127->130 131 f4b3dc-f4b3e3 127->131 129->127 130->131 133 f4b3e5-f4b3ed 131->133 134 f4b3f0-f4b3f9 call f4acc0 131->134 133->134 139 f4b406-f4b40b 134->139 140 f4b3fb-f4b403 134->140 141 f4b40d-f4b414 139->141 142 f4b429-f4b42d 139->142 140->139 141->142 144 f4b416-f4b426 call f4acd0 call f4ace0 141->144 171 f4b430 call f4b841 142->171 172 f4b430 call f4b868 142->172 145 f4b487 143->145 146 f4b4a1-f4b4d8 143->146 144->142 148 f4b488-f4b49e 145->148 149 f4b4d9-f4b4da 145->149 146->143 146->149 148->146 151 f4b4dc 149->151 152 f4b4de-f4b520 149->152 150 f4b433-f4b436 154 f4b438-f4b456 150->154 155 f4b459-f4b45f 150->155 151->152 157 f4b522-f4b525 152->157 158 f4b528-f4b553 GetModuleHandleW 152->158 154->155 157->158 162 f4b555-f4b55b 158->162 163 f4b55c-f4b570 158->163 162->163 169->123 170->123 171->150 172->150
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2164515583.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_f40000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 0O$0O
                                                              • API String ID: 0-234839962
                                                              • Opcode ID: 9484766891f9d4f5adc341b472ec1e265de2795868c27122ccec92e8b98377e8
                                                              • Instruction ID: 693822b0f6b54281a2d0a11eecbdc7a378bb7b016e1c6052c50b5a3c7c7a9697
                                                              • Opcode Fuzzy Hash: 9484766891f9d4f5adc341b472ec1e265de2795868c27122ccec92e8b98377e8
                                                              • Instruction Fuzzy Hash: 93815870A00B058FD764DF6AD44176ABBF1FF88310F00892DD98ADBA52D779E905CB91
                                                              Function 074CA644 Relevance: 1.7, APIs: 1, Instructions: 249processCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 712 74ca644-74ca6e5 715 74ca71e-74ca73e 712->715 716 74ca6e7-74ca6f1 712->716 723 74ca777-74ca7a6 715->723 724 74ca740-74ca74a 715->724 716->715 717 74ca6f3-74ca6f5 716->717 718 74ca718-74ca71b 717->718 719 74ca6f7-74ca701 717->719 718->715 721 74ca705-74ca714 719->721 722 74ca703 719->722 721->721 725 74ca716 721->725 722->721 730 74ca7df-74ca899 CreateProcessA 723->730 731 74ca7a8-74ca7b2 723->731 724->723 726 74ca74c-74ca74e 724->726 725->718 728 74ca750-74ca75a 726->728 729 74ca771-74ca774 726->729 732 74ca75c 728->732 733 74ca75e-74ca76d 728->733 729->723 744 74ca89b-74ca8a1 730->744 745 74ca8a2-74ca928 730->745 731->730 734 74ca7b4-74ca7b6 731->734 732->733 733->733 735 74ca76f 733->735 736 74ca7b8-74ca7c2 734->736 737 74ca7d9-74ca7dc 734->737 735->729 739 74ca7c4 736->739 740 74ca7c6-74ca7d5 736->740 737->730 739->740 740->740 741 74ca7d7 740->741 741->737 744->745 755 74ca938-74ca93c 745->755 756 74ca92a-74ca92e 745->756 758 74ca94c-74ca950 755->758 759 74ca93e-74ca942 755->759 756->755 757 74ca930 756->757 757->755 761 74ca960-74ca964 758->761 762 74ca952-74ca956 758->762 759->758 760 74ca944 759->760 760->758 764 74ca976-74ca97d 761->764 765 74ca966-74ca96c 761->765 762->761 763 74ca958 762->763 763->761 766 74ca97f-74ca98e 764->766 767 74ca994 764->767 765->764 766->767 769 74ca995 767->769 769->769
                                                              APIs
                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 074CA886
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168774586.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_74c0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID: CreateProcess
                                                              • String ID:
                                                              • API String ID: 963392458-0
                                                              • Opcode ID: 4a7b2d2443daee87efa1a023f81587c656d7813e7724b91aca0569cec939893c
                                                              • Instruction ID: ce69c331e73493c15a68df4b41167e0d46c1b152a9708ab09636bb7296af4670
                                                              • Opcode Fuzzy Hash: 4a7b2d2443daee87efa1a023f81587c656d7813e7724b91aca0569cec939893c
                                                              • Instruction Fuzzy Hash: 98A14BB5E0121DDFEB64CF68CC417EEBAB2BF45310F1485AAE848A7240DB749985CF91
                                                              Function 074CA650 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 770 74ca650-74ca6e5 772 74ca71e-74ca73e 770->772 773 74ca6e7-74ca6f1 770->773 780 74ca777-74ca7a6 772->780 781 74ca740-74ca74a 772->781 773->772 774 74ca6f3-74ca6f5 773->774 775 74ca718-74ca71b 774->775 776 74ca6f7-74ca701 774->776 775->772 778 74ca705-74ca714 776->778 779 74ca703 776->779 778->778 782 74ca716 778->782 779->778 787 74ca7df-74ca899 CreateProcessA 780->787 788 74ca7a8-74ca7b2 780->788 781->780 783 74ca74c-74ca74e 781->783 782->775 785 74ca750-74ca75a 783->785 786 74ca771-74ca774 783->786 789 74ca75c 785->789 790 74ca75e-74ca76d 785->790 786->780 801 74ca89b-74ca8a1 787->801 802 74ca8a2-74ca928 787->802 788->787 791 74ca7b4-74ca7b6 788->791 789->790 790->790 792 74ca76f 790->792 793 74ca7b8-74ca7c2 791->793 794 74ca7d9-74ca7dc 791->794 792->786 796 74ca7c4 793->796 797 74ca7c6-74ca7d5 793->797 794->787 796->797 797->797 798 74ca7d7 797->798 798->794 801->802 812 74ca938-74ca93c 802->812 813 74ca92a-74ca92e 802->813 815 74ca94c-74ca950 812->815 816 74ca93e-74ca942 812->816 813->812 814 74ca930 813->814 814->812 818 74ca960-74ca964 815->818 819 74ca952-74ca956 815->819 816->815 817 74ca944 816->817 817->815 821 74ca976-74ca97d 818->821 822 74ca966-74ca96c 818->822 819->818 820 74ca958 819->820 820->818 823 74ca97f-74ca98e 821->823 824 74ca994 821->824 822->821 823->824 826 74ca995 824->826 826->826
                                                              APIs
                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 074CA886
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168774586.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_74c0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID: CreateProcess
                                                              • String ID:
                                                              • API String ID: 963392458-0
                                                              • Opcode ID: b2b00bef6db61e05720ed0f8603892b7d7aeb9eac82dbe4a5ba88d598a500e9d
                                                              • Instruction ID: 11f5fe6e269290d2e799864f20715983414e6437bc58a7ebd6b2818b627eb704
                                                              • Opcode Fuzzy Hash: b2b00bef6db61e05720ed0f8603892b7d7aeb9eac82dbe4a5ba88d598a500e9d
                                                              • Instruction Fuzzy Hash: 2D915BB5E0121ECFEB54CF68CC417EEBAB2BF45310F1485AAE808A7240DB749985CF91
                                                              Function 00F444B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 827 f444b0-f459d9 CreateActCtxA 830 f459e2-f45a3c 827->830 831 f459db-f459e1 827->831 838 f45a3e-f45a41 830->838 839 f45a4b-f45a4f 830->839 831->830 838->839 840 f45a60 839->840 841 f45a51-f45a5d 839->841 843 f45a61 840->843 841->840 843->843
                                                              APIs
                                                              • CreateActCtxA.KERNEL32(?), ref: 00F459C9
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2164515583.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_f40000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID: Create
                                                              • String ID:
                                                              • API String ID: 2289755597-0
                                                              • Opcode ID: d73c93978dc5b11bc120126ab7deeabf378b6ed86d33be341a4510c4581ae24c
                                                              • Instruction ID: e1797f258c4689d8c36f05232340c8a4521714776466eb1c4667165636dae379
                                                              • Opcode Fuzzy Hash: d73c93978dc5b11bc120126ab7deeabf378b6ed86d33be341a4510c4581ae24c
                                                              • Instruction Fuzzy Hash: 4941E370C0071DCBEB24DFA9C9847DDBBB5BF48714F20816AD408AB255DBB56945CF90
                                                              Function 00F4590D Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 844 f4590d-f4590e 845 f45910 844->845 846 f45912 844->846 845->846 847 f45914 846->847 848 f45916-f459d9 CreateActCtxA 846->848 847->848 850 f459e2-f45a3c 848->850 851 f459db-f459e1 848->851 858 f45a3e-f45a41 850->858 859 f45a4b-f45a4f 850->859 851->850 858->859 860 f45a60 859->860 861 f45a51-f45a5d 859->861 863 f45a61 860->863 861->860 863->863
                                                              APIs
                                                              • CreateActCtxA.KERNEL32(?), ref: 00F459C9
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2164515583.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_f40000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID: Create
                                                              • String ID:
                                                              • API String ID: 2289755597-0
                                                              • Opcode ID: 4fe4b98dfcea66bea097cdf33c0cc2409f0a3aa596e15ee44d4003962b0c198d
                                                              • Instruction ID: e4b6b838d8266d1598ebf805a3ac3276eaae8d34ab0a4b9d578f750b73f366dc
                                                              • Opcode Fuzzy Hash: 4fe4b98dfcea66bea097cdf33c0cc2409f0a3aa596e15ee44d4003962b0c198d
                                                              • Instruction Fuzzy Hash: E241B170C0071DCBEB24DFA9C98479DBBB2BF48714F20815AD508AB256DBB56945CF90
                                                              Function 071A0110 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 864 71a0110-71a0127 865 71a00b0 864->865 866 71a003d-71a008c 865->866 867 71a00b1-71a00b8 865->867 871 71a008e-71a0094 866->871 872 71a0097-71a00a6 866->872 868 71a00ba-71a00c2 867->868 869 71a00c6-71a00e4 DrawTextExW 867->869 868->869 873 71a00ed-71a010a 869->873 874 71a00e6-71a00ec 869->874 871->872 875 71a00ab-71a00ae 872->875 876 71a00a8 872->876 874->873 875->865 876->875
                                                              APIs
                                                              • DrawTextExW.USER32(?,?,?,?,?,?), ref: 071A00D7
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID: DrawText
                                                              • String ID:
                                                              • API String ID: 2175133113-0
                                                              • Opcode ID: 06a4f0fdc800f59393313b396517f34f093ea91f7d264a30940969df320879e4
                                                              • Instruction ID: 4d7c9e0aecbc36186aff83668b076c961dd65e3caa270a45993e87debec0bb33
                                                              • Opcode Fuzzy Hash: 06a4f0fdc800f59393313b396517f34f093ea91f7d264a30940969df320879e4
                                                              • Instruction Fuzzy Hash: 8E317AB590534AAFCB12CF99D880ADEBFF0FF08350F14806AE454A7251E375A845CFA1
                                                              Function 074CA3C0 Relevance: 1.6, APIs: 1, Instructions: 75injectionCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 879 74ca3c0-74ca416 882 74ca418-74ca424 879->882 883 74ca426-74ca465 WriteProcessMemory 879->883 882->883 885 74ca46e-74ca49e 883->885 886 74ca467-74ca46d 883->886 886->885
                                                              APIs
                                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 074CA458
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168774586.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_74c0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID: MemoryProcessWrite
                                                              • String ID:
                                                              • API String ID: 3559483778-0
                                                              • Opcode ID: 388c8b0e5fab5f2f1a9d4dd60a73d95db45de8fa2570b6e7f0c912822f7eb181
                                                              • Instruction ID: d8386536b8c2d15f81203e8d84970dcff3503c469327f2f1b494c9571b489407
                                                              • Opcode Fuzzy Hash: 388c8b0e5fab5f2f1a9d4dd60a73d95db45de8fa2570b6e7f0c912822f7eb181
                                                              • Instruction Fuzzy Hash: E22139B59003499FDB10CFA9D885BEEBBF5FF88320F10842AE518A7240D7789954CFA5
                                                              Function 074CA4B1 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 074CA538
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168774586.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_74c0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID: MemoryProcessRead
                                                              • String ID:
                                                              • API String ID: 1726664587-0
                                                              • Opcode ID: fe9179266cfbc2d9239256191bc6f1924a6d26b203bec43e54f543b2cf6ac11b
                                                              • Instruction ID: 54c32341d0645a0e1d83757f4f42266a3ee2f0be9e6369c450bf881cc6e522f2
                                                              • Opcode Fuzzy Hash: fe9179266cfbc2d9239256191bc6f1924a6d26b203bec43e54f543b2cf6ac11b
                                                              • Instruction Fuzzy Hash: 67212AB59003599FDB10CF9AD881BEEBBF5FF88320F50842AE618A7240C7749540CBA5
                                                              Function 074CA3C8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 074CA458
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168774586.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_74c0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID: MemoryProcessWrite
                                                              • String ID:
                                                              • API String ID: 3559483778-0
                                                              • Opcode ID: 3d186e9070ef7fae681c220c0880c2065720337bf18a0b60889c8862d376501e
                                                              • Instruction ID: 7c5da2b35003b814029cc3c2a06f24bdcf0f49b992c94ca19fee395a84e76003
                                                              • Opcode Fuzzy Hash: 3d186e9070ef7fae681c220c0880c2065720337bf18a0b60889c8862d376501e
                                                              • Instruction Fuzzy Hash: 0C2115B59003499FDB10CFA9C885BEEBBF5FF48310F10842AE918A7240D7789954CFA4
                                                              Function 074C9E29 Relevance: 1.6, APIs: 1, Instructions: 69threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 074C9EAE
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168774586.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_74c0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID: ContextThreadWow64
                                                              • String ID:
                                                              • API String ID: 983334009-0
                                                              • Opcode ID: 9e6b63734ee785dbb6173036a37a83578040831f331b26421a50aecd9dcd5c27
                                                              • Instruction ID: 7a9cb8d49673c289ffeb3615217760fe53c99c38a4b16e00f9a6b1dc9c6c5dfa
                                                              • Opcode Fuzzy Hash: 9e6b63734ee785dbb6173036a37a83578040831f331b26421a50aecd9dcd5c27
                                                              • Instruction Fuzzy Hash: B62157B59003099FDB10CFAAC4817EFBBF4EF88320F14842AD519A7240DB78A945CFA5
                                                              Function 071A0040 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • DrawTextExW.USER32(?,?,?,?,?,?), ref: 071A00D7
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID: DrawText
                                                              • String ID:
                                                              • API String ID: 2175133113-0
                                                              • Opcode ID: 76855f7f37652dc43ee5289000a8296093f77e1c1cb29aacb50d05dd23952ee9
                                                              • Instruction ID: 86026d62c60ec8cd2067517d0574562f9f53d133e4d0f078250c444b90bde769
                                                              • Opcode Fuzzy Hash: 76855f7f37652dc43ee5289000a8296093f77e1c1cb29aacb50d05dd23952ee9
                                                              • Instruction Fuzzy Hash: 2221C3B59002099FDB10CF9AD980A9EFBF4FB48360F14842AE519A7250D775A944CFA0
                                                              Function 00F4D070 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00F4D76E,?,?,?,?,?), ref: 00F4D82F
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2164515583.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_f40000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID: DuplicateHandle
                                                              • String ID:
                                                              • API String ID: 3793708945-0
                                                              • Opcode ID: 9ed6ff3d73503677f8803cdf481f86df37d3e0aadeacbb8317c7a5cc1d5af763
                                                              • Instruction ID: 25d3033f550348c3056b9584729db8bffefab70277929a83854005bd95442968
                                                              • Opcode Fuzzy Hash: 9ed6ff3d73503677f8803cdf481f86df37d3e0aadeacbb8317c7a5cc1d5af763
                                                              • Instruction Fuzzy Hash: A221E5B5900209DFDB10CF9AD584AEEBFF4FB48720F14801AE918A7310D374A954CFA4
                                                              Function 00F4D7A0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00F4D76E,?,?,?,?,?), ref: 00F4D82F
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2164515583.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_f40000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID: DuplicateHandle
                                                              • String ID:
                                                              • API String ID: 3793708945-0
                                                              • Opcode ID: 242937a0e0aa22d24b2cc55c96a685147092cbbe566b085e468ec3347aa78ce6
                                                              • Instruction ID: f714de8af87d6f230fdf087ce621d8cb241ae30418eec6c2b51aac619a722088
                                                              • Opcode Fuzzy Hash: 242937a0e0aa22d24b2cc55c96a685147092cbbe566b085e468ec3347aa78ce6
                                                              • Instruction Fuzzy Hash: 9821DFB5900209DFDB10CFA9D984AEEBFF4BB48320F14841AE918A7250D379A954CF64
                                                              Function 074CA4B8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 074CA538
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168774586.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_74c0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID: MemoryProcessRead
                                                              • String ID:
                                                              • API String ID: 1726664587-0
                                                              • Opcode ID: 4a26c8c57013f1fbb5ffddab73421b28537033e443930e189fa17f222047db7a
                                                              • Instruction ID: f26acc6efa59879517c42799cbf70814dbd4893a5c1cc00660cf93538ba6db1c
                                                              • Opcode Fuzzy Hash: 4a26c8c57013f1fbb5ffddab73421b28537033e443930e189fa17f222047db7a
                                                              • Instruction Fuzzy Hash: 2E2116B19003599FDB10CFAAC881BEEBBF5FF48320F50842AE618A7240D7799510CFA5
                                                              Function 074C9E30 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 074C9EAE
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168774586.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_74c0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID: ContextThreadWow64
                                                              • String ID:
                                                              • API String ID: 983334009-0
                                                              • Opcode ID: e7163efaa061fa8ecba5dcd5d0076a63d93e11c5ddfd72f7d27bb72b5142dbcb
                                                              • Instruction ID: 9f2cfd785e544bdb06daf4eddaeb2573612cf0e0a8cd1ad8484e52b0f5ca5b93
                                                              • Opcode Fuzzy Hash: e7163efaa061fa8ecba5dcd5d0076a63d93e11c5ddfd72f7d27bb72b5142dbcb
                                                              • Instruction Fuzzy Hash: 162138B19003099FDB10DFAAC4857EEBBF4AF88324F14842ED559A7340DB78A944CFA5
                                                              Function 074C9F01 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 074C9F76
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168774586.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_74c0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID: AllocVirtual
                                                              • String ID:
                                                              • API String ID: 4275171209-0
                                                              • Opcode ID: 03fe2e20737b8f781f199e221816d875a6774e2ef8bee47e56db4005ac3044e4
                                                              • Instruction ID: 2e9f66df451465bbe522792bde1b451f6769e5695dc3712dfb555f7e04eb55f0
                                                              • Opcode Fuzzy Hash: 03fe2e20737b8f781f199e221816d875a6774e2ef8bee47e56db4005ac3044e4
                                                              • Instruction Fuzzy Hash: EE1167769002499FDF10DFAAD840BDFBBF5EF88320F10841AE519A7250CB75A940CFA1
                                                              Function 071ADA0A Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • VirtualProtect.KERNELBASE(?,?,?,?), ref: 071ADA83
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID: ProtectVirtual
                                                              • String ID:
                                                              • API String ID: 544645111-0
                                                              • Opcode ID: 8361ba60cddfd2218f4a2ab95ffbc9dd88030edf19e7531c90e24303e5b1b35a
                                                              • Instruction ID: 0a77866b351b496274f8978ff0713890607490669ca774f2f1e3df72e223f648
                                                              • Opcode Fuzzy Hash: 8361ba60cddfd2218f4a2ab95ffbc9dd88030edf19e7531c90e24303e5b1b35a
                                                              • Instruction Fuzzy Hash: C52124B690060A9FDB10CFAAD484BDEFBF4FF48720F108429E958A7250D778A544CFA1
                                                              Function 074C9940 Relevance: 1.6, APIs: 1, Instructions: 57threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168774586.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_74c0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID: ResumeThread
                                                              • String ID:
                                                              • API String ID: 947044025-0
                                                              • Opcode ID: 1b9e7accd248bffb335e2d65a1284324df17c94eef1bff610875d14bbb332e3f
                                                              • Instruction ID: 3e85033ce88b241961f4c87c72676715243a8f046e359c2366b4a6c00f8397ef
                                                              • Opcode Fuzzy Hash: 1b9e7accd248bffb335e2d65a1284324df17c94eef1bff610875d14bbb332e3f
                                                              • Instruction Fuzzy Hash: 671197B59003498FDB10CFAAD8457EEFBF4EB88720F10846AD119AB300CB74A840CFA5
                                                              Function 071ADA10 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • VirtualProtect.KERNELBASE(?,?,?,?), ref: 071ADA83
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID: ProtectVirtual
                                                              • String ID:
                                                              • API String ID: 544645111-0
                                                              • Opcode ID: e6d4b1945d39ebf73766b355780b415d920d5aa33a95037a85a34bf644bd5565
                                                              • Instruction ID: a0e8e4f98dd2783ba49654351dcf56974e2d8979700b601c2a90fbdc08ca6a56
                                                              • Opcode Fuzzy Hash: e6d4b1945d39ebf73766b355780b415d920d5aa33a95037a85a34bf644bd5565
                                                              • Instruction Fuzzy Hash: 652103B59006499FDB10CF9AD584BDEFBF4FB48720F108429E958A7250D778A544CFA1
                                                              Function 074C9F08 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 074C9F76
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168774586.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_74c0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID: AllocVirtual
                                                              • String ID:
                                                              • API String ID: 4275171209-0
                                                              • Opcode ID: 89a6ef8ed23a456a1ef8066f8d2db0bbf512a20aa251e46338158c9b13daf966
                                                              • Instruction ID: b6a184307b1b0cc3e8f93a14a2b92d2f69e7a3b54a43ec009911ad1d3c4474be
                                                              • Opcode Fuzzy Hash: 89a6ef8ed23a456a1ef8066f8d2db0bbf512a20aa251e46338158c9b13daf966
                                                              • Instruction Fuzzy Hash: 5C1156729002499FDF10DFAAC844BDFBBF5AF88320F10841AE519A7250CB75A510CFA4
                                                              Function 074CCA59 Relevance: 1.6, APIs: 1, Instructions: 50windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 074CCABD
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168774586.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_74c0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID: MessagePost
                                                              • String ID:
                                                              • API String ID: 410705778-0
                                                              • Opcode ID: 3e450792e6ddcf937fbf08da9f710de3f0ec202ad481818eafa99529fc48b9d6
                                                              • Instruction ID: 9ace6d194f9a57edb5f69146a843bb637871f0a6b97cbeeb579b1b48faf26d06
                                                              • Opcode Fuzzy Hash: 3e450792e6ddcf937fbf08da9f710de3f0ec202ad481818eafa99529fc48b9d6
                                                              • Instruction Fuzzy Hash: 6911D4B98006499FDB10CF9AD985BDEBBF4EB48720F14841AD558A7600C375A544CFA1
                                                              Function 074C9948 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168774586.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_74c0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID: ResumeThread
                                                              • String ID:
                                                              • API String ID: 947044025-0
                                                              • Opcode ID: 4b4ebef21104a0ff8745cfe43062e43fe284458f8c8ace9791e43ff982fc3b89
                                                              • Instruction ID: 5875a8e3dbc7e8ac2d2c4f8212e225e242cb673c8de61cf363fe1f172f851c68
                                                              • Opcode Fuzzy Hash: 4b4ebef21104a0ff8745cfe43062e43fe284458f8c8ace9791e43ff982fc3b89
                                                              • Instruction Fuzzy Hash: 2E1128B19003498FDB10DFAAC4457EEFBF4AF88724F24841AD519A7340DB75A544CF95
                                                              Function 00F4B4E0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 00F4B546
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2164515583.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_f40000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID: HandleModule
                                                              • String ID:
                                                              • API String ID: 4139908857-0
                                                              • Opcode ID: d6ffaa629763072ac342389ac3cab98a94d596c649f25c99052343499961ef84
                                                              • Instruction ID: 22e89e5e56490b981526e24684a64e064faf44d49f912a392cae03ec85fe45f6
                                                              • Opcode Fuzzy Hash: d6ffaa629763072ac342389ac3cab98a94d596c649f25c99052343499961ef84
                                                              • Instruction Fuzzy Hash: 0A110FB6C002498FDB10CF9AD444B9EFBF4AF88320F14842AD928A7211D3B9A545CFA1
                                                              Function 074CA078 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 074CCABD
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168774586.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_74c0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID: MessagePost
                                                              • String ID:
                                                              • API String ID: 410705778-0
                                                              • Opcode ID: c7ea58d673ad295a9af3cb7175723699bb39cca312ef4125f5628a2fdd149701
                                                              • Instruction ID: 7b5b5afc60bd199dd7d3e779510748b487829f196fae2193affefdfc590b50d1
                                                              • Opcode Fuzzy Hash: c7ea58d673ad295a9af3cb7175723699bb39cca312ef4125f5628a2fdd149701
                                                              • Instruction Fuzzy Hash: 191125B58003099FDB10CF8AD488BDEFBF8EB48720F14881AE518A7300C3B5A944CFA4
                                                              Function 07A1DAF8 Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: @
                                                              • API String ID: 0-2766056989
                                                              • Opcode ID: 8ac38119edc3809c43e714de209ed805f72071a167578fd6841cfdc1d6218975
                                                              • Instruction ID: 6ba25616435bce11b50728c145d323bb4189336e6199cd3f3a87ff3814836e07
                                                              • Opcode Fuzzy Hash: 8ac38119edc3809c43e714de209ed805f72071a167578fd6841cfdc1d6218975
                                                              • Instruction Fuzzy Hash: 8891AEB0F01219CFDB14DFA9D484AAEBBB1EF89314F148469E825AB351DB749801CB91
                                                              Function 07A1F370 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID: 0-3916222277
                                                              • Opcode ID: 966499d0fdae26325c2b7ecc5d6f003c9b0f39bb7d3cabffecad328bdd85c7cc
                                                              • Instruction ID: 97e03f4498ac041330bcd3579c8dbdde3ce7e63c11dbacb8009d912f018db048
                                                              • Opcode Fuzzy Hash: 966499d0fdae26325c2b7ecc5d6f003c9b0f39bb7d3cabffecad328bdd85c7cc
                                                              • Instruction Fuzzy Hash: 3D513DB190124ADFDB14DF69C544A9EBBF1FF88311F14C12AE829AB250D734E991CF90
                                                              Function 07A1DAE8 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: @
                                                              • API String ID: 0-2766056989
                                                              • Opcode ID: d24c55af1edb75da46e398656591626ed7905e1698309c131e6fef2e8442fd35
                                                              • Instruction ID: 8f88706dcc755f1ce7d9526d91507a78948789c4e877ad39cf891f21097019df
                                                              • Opcode Fuzzy Hash: d24c55af1edb75da46e398656591626ed7905e1698309c131e6fef2e8442fd35
                                                              • Instruction Fuzzy Hash: BA11A0B5F0025ADFDF15EBA8849057DBBB2EF85210B14447AD4099B341DB388D55C7A2
                                                              Function 07A18D10 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: \M
                                                              • API String ID: 0-646758380
                                                              • Opcode ID: 4b895484bd454b84bac7f41de6cf853177de212d52fc447641cb6a9a582a4dc8
                                                              • Instruction ID: 293ef473916a6d10be05419f47c348eca5cc384180c7f6e5232a5b131621319b
                                                              • Opcode Fuzzy Hash: 4b895484bd454b84bac7f41de6cf853177de212d52fc447641cb6a9a582a4dc8
                                                              • Instruction Fuzzy Hash: 7A111CB5E0020A9FDB04DFA8D8416EEBBF1EB88310F104469D514BB340DB756E01CFA0
                                                              Function 07A12578 Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 0O
                                                              • API String ID: 0-3494374699
                                                              • Opcode ID: 00501b879abdaeba234c27ea0de7e126adbdb8c7fadd6e93cd167c330f1f1166
                                                              • Instruction ID: f3e9ced446dd9ad4d67bc39cba0073f6558454a78c1cb539110404caedebea4b
                                                              • Opcode Fuzzy Hash: 00501b879abdaeba234c27ea0de7e126adbdb8c7fadd6e93cd167c330f1f1166
                                                              • Instruction Fuzzy Hash: 6901E171B042049FC748EB78981426F7EE6EFC9240F05847DD509DB385EE348D4187A1
                                                              Function 071A2D00 Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,071A2BB9,?,?), ref: 071A2D60
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID: CloseHandle
                                                              • String ID:
                                                              • API String ID: 2962429428-0
                                                              • Opcode ID: 9066c1d0c8dbbff84217092975a90f405167914b8d415198de020cb9e1f8ee32
                                                              • Instruction ID: 1311d6a999f7e63a7af7c527e0e6dee619fed4e1a6ac1742c7aabfe0d2863f03
                                                              • Opcode Fuzzy Hash: 9066c1d0c8dbbff84217092975a90f405167914b8d415198de020cb9e1f8ee32
                                                              • Instruction Fuzzy Hash: 501114B68003499FDB20DFA9C484B9EBBF4EF58320F24845AD558AB241D778A544CFA5
                                                              Function 07A18D20 Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: \M
                                                              • API String ID: 0-646758380
                                                              • Opcode ID: 59b3b036f810e82538f0e0c43c23fa3f028cc29212449b98643874329fa5fd4f
                                                              • Instruction ID: 2c06d11acbb9613bb78e3b27e8cc10bd5aab31e090f67d13fef6371c7c83c86d
                                                              • Opcode Fuzzy Hash: 59b3b036f810e82538f0e0c43c23fa3f028cc29212449b98643874329fa5fd4f
                                                              • Instruction Fuzzy Hash: 3411E6B4E0020A9FDB05DFA8D841AEEBBF1EB88310F104569D524BB340DB756E05CFA1
                                                              Function 071A21D4 Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,071A2BB9,?,?), ref: 071A2D60
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID: CloseHandle
                                                              • String ID:
                                                              • API String ID: 2962429428-0
                                                              • Opcode ID: c23fea219a58669e44b1e5755094ebb7c919b910bb4e3bb7c552efcc628a7668
                                                              • Instruction ID: b188c5b6301ccaa12f7f080aba0f2ff4ada61c7180c1fea1970eb91baec16b84
                                                              • Opcode Fuzzy Hash: c23fea219a58669e44b1e5755094ebb7c919b910bb4e3bb7c552efcc628a7668
                                                              • Instruction Fuzzy Hash: 8C1104B68046499FDB20DF99C544B9EBBF4FB48220F108419D558A7241D778A544CFA5
                                                              Function 07A138D0 Relevance: .8, Instructions: 781COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ae345ecc718085c89b3c4df18f2516ed3a2f9bf2828319aeed1b61cb7b6b83b9
                                                              • Instruction ID: cde271542a77b49d5c1ec30f785259d58e771d1731719031a1f575d665e7500e
                                                              • Opcode Fuzzy Hash: ae345ecc718085c89b3c4df18f2516ed3a2f9bf2828319aeed1b61cb7b6b83b9
                                                              • Instruction Fuzzy Hash: 556207F0D50BC38BE7745FB885983AEBB91AB85704F14493ED0FACB651DB34A4818B49
                                                              Function 07A1B470 Relevance: .2, Instructions: 219COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 35ed88d03d3fd20bbf44a5e279ff07cce798f899138d3dd31f096d0013dc5ab1
                                                              • Instruction ID: 6ac3786ac4b07a643f1e3a5e8a69d9bc49e34a4c6883a17cf291e7597771b2c7
                                                              • Opcode Fuzzy Hash: 35ed88d03d3fd20bbf44a5e279ff07cce798f899138d3dd31f096d0013dc5ab1
                                                              • Instruction Fuzzy Hash: D4810FB87106118FDB04EB28D498A697BF6FF8AB14B1541A9E912CB375DB71EC01CB90
                                                              Function 07A1A520 Relevance: .2, Instructions: 211COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ba993e1026ec41eb4cdc2a2b7fef55d39c11c9cfdf5a96ec127d44467a6dd6d5
                                                              • Instruction ID: 71bf11c7617b40e571c0dba7e16cf24147d675a5f0dc734d0565ee82de66e40b
                                                              • Opcode Fuzzy Hash: ba993e1026ec41eb4cdc2a2b7fef55d39c11c9cfdf5a96ec127d44467a6dd6d5
                                                              • Instruction Fuzzy Hash: 8591D6B5A0160A9FDB11CF68C980ADEBBF6BF48320F148569E929DB250D730E951CF51
                                                              Function 07A1C6E0 Relevance: .2, Instructions: 210COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 148ca6d8bf64bcee7370b0da457ac78bfbae21d4d1096ab58367c92b200241d2
                                                              • Instruction ID: c39b932c4db49013bc4f12ad8b9b2d43e3b2f2f43f3ab79e69c3a0a480f898da
                                                              • Opcode Fuzzy Hash: 148ca6d8bf64bcee7370b0da457ac78bfbae21d4d1096ab58367c92b200241d2
                                                              • Instruction Fuzzy Hash: 4581E675A10209DFDB04EFA4D8889EDBBB5FF89310F148569E412AB364EB70E945CF90
                                                              Function 07A12638 Relevance: .2, Instructions: 183COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ea5fd407bcf8e4162d679d202d2ef8988b9714da9f02be9fcde82a718d333f30
                                                              • Instruction ID: 37674341eeb6b543044ffdcc58863f06a821c66e825a74990d0cef66f01a9d81
                                                              • Opcode Fuzzy Hash: ea5fd407bcf8e4162d679d202d2ef8988b9714da9f02be9fcde82a718d333f30
                                                              • Instruction Fuzzy Hash: E4714B74B00609CFEB14DFA9D8587AEBBB1FF89310F108569E426AB290EB34D945CF50
                                                              Function 07A11710 Relevance: .2, Instructions: 174COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bcee907a18a539e5562046f2f926cd92998a5cf70436ec095af2afcd8a776e56
                                                              • Instruction ID: 2498aee10128a47bf28e8d6a8fdcc5bccd326b826af24a893cbe75ac4e20f50c
                                                              • Opcode Fuzzy Hash: bcee907a18a539e5562046f2f926cd92998a5cf70436ec095af2afcd8a776e56
                                                              • Instruction Fuzzy Hash: 4961C2B1A00209DFEB14DF69C884B9DBBF6EF89300F148069E519AB751DB75EC05CB91
                                                              Function 07A12B38 Relevance: .2, Instructions: 168COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: eb434798cbd2b6071e307ea6aefcfae89ffb1e936967bcfbe12cb041368f7b38
                                                              • Instruction ID: a15318847521dbe93ee24879a69134e00daf99d6d31f38caa2e3db49b456f22f
                                                              • Opcode Fuzzy Hash: eb434798cbd2b6071e307ea6aefcfae89ffb1e936967bcfbe12cb041368f7b38
                                                              • Instruction Fuzzy Hash: 41717F74A01209EFDB15DFA9D884E9EBBB6BF88714F114498F911AB361DB31EC81CB50
                                                              Function 07A11720 Relevance: .2, Instructions: 167COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3387a9435ad20ffacec795574fbf51a734cc5155867f2e5b0f2534a50a6bdf9e
                                                              • Instruction ID: 831469237d4ac74217afc230c43c56cd345abbc5d3ecee35622e910bb1d856fd
                                                              • Opcode Fuzzy Hash: 3387a9435ad20ffacec795574fbf51a734cc5155867f2e5b0f2534a50a6bdf9e
                                                              • Instruction Fuzzy Hash: 84519EB0700209DFEB14EB69C484B6ABBF6AF89300F144069E61ADB7A1DB74EC41CB51
                                                              Function 07A1516C Relevance: .2, Instructions: 153COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 82b54797b83c6a30ba0af1855dd16eeae750182c4362ce8c8bce837329345df5
                                                              • Instruction ID: 5e201956c920b2174c99167c57ddf6773083bbeda121fc86d46b8553138e18fd
                                                              • Opcode Fuzzy Hash: 82b54797b83c6a30ba0af1855dd16eeae750182c4362ce8c8bce837329345df5
                                                              • Instruction Fuzzy Hash: 19517D71B002068FDB14EB7998949BEBBF7EFC5220B148569E429DB391DF309D058750
                                                              Function 07A11F58 Relevance: .1, Instructions: 127COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8d1f416bd54a6e0ec0b0b63351ace6e2ab8cfea800cf5dbf2d577f90dccd4557
                                                              • Instruction ID: 0382a24b5f4ef87b79f1fc95910256b0391cefc4476e8010b40cb637226172ce
                                                              • Opcode Fuzzy Hash: 8d1f416bd54a6e0ec0b0b63351ace6e2ab8cfea800cf5dbf2d577f90dccd4557
                                                              • Instruction Fuzzy Hash: 72415A74B142598FEB14DB69C894EADBBF6BF89704F1440A9E611EB3A2DB35DC00CB50
                                                              Function 07A12D48 Relevance: .1, Instructions: 120COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ea8dc00f113abc889bc9a2ecc2ef0a7acd728667f751565c410feb31e0dafc37
                                                              • Instruction ID: 3932f32b57a7894af5b14a4812c8b82135e701cb69a23123b5e9b9eb43f9f234
                                                              • Opcode Fuzzy Hash: ea8dc00f113abc889bc9a2ecc2ef0a7acd728667f751565c410feb31e0dafc37
                                                              • Instruction Fuzzy Hash: D6416D35A0061A8FDB00DF69C4447EEBBF1FF88311F04852AE415E7290DB38D985CB60
                                                              Function 07A12168 Relevance: .1, Instructions: 118COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 55bb0aa81c2fe15acf9697c09ac1f0a4baec781bf165a6793c002c75e553b75a
                                                              • Instruction ID: 274d0d3c5dd5621912be9ccc30e5ee083623abbef87f2a88b79c2b48819259b9
                                                              • Opcode Fuzzy Hash: 55bb0aa81c2fe15acf9697c09ac1f0a4baec781bf165a6793c002c75e553b75a
                                                              • Instruction Fuzzy Hash: F441EA74B002198FEB14EBA8C844FDDBBB5BF89704F114059E915AB3A1DB79E841CBA0
                                                              Function 07A15330 Relevance: .1, Instructions: 114COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e4cadb242dfc14f21a1419216ea88368eada821a0f60c2a49f32434f7bc794fc
                                                              • Instruction ID: 4e3f1253f928f67a8e6022c795302a8f0a78b168770b11f8e693ac32c5f6d368
                                                              • Opcode Fuzzy Hash: e4cadb242dfc14f21a1419216ea88368eada821a0f60c2a49f32434f7bc794fc
                                                              • Instruction Fuzzy Hash: F0418AB1C093989FEB15DFA8D8A47DDBFB0EF49314F14408AD054AB292DBB44849CBA5
                                                              Function 07A1D92E Relevance: .1, Instructions: 112COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 42a6e8a4dab7ae338da9ac58ec2b0f3d483b8f5f484dc65cae53330a44b45189
                                                              • Instruction ID: a151f9eabec7d59da32d1eaa1292a3108812acafbb9cfef2a958c8dbcc8e44fc
                                                              • Opcode Fuzzy Hash: 42a6e8a4dab7ae338da9ac58ec2b0f3d483b8f5f484dc65cae53330a44b45189
                                                              • Instruction Fuzzy Hash: C4418E71B00245CFEB15DFA4C4846AEBBF2FF89354F1580B9E065AB262CB359842CF51
                                                              Function 07A1BFA1 Relevance: .1, Instructions: 103COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 41a3fa736f9cb44cb793b76b484bd0c0f72dd84b2ee7a70cde2a3a2216162498
                                                              • Instruction ID: c5e36d42356ec0f0a6243a9a6ec598a4cd15b989dfb35ea8a22bad412fda60f1
                                                              • Opcode Fuzzy Hash: 41a3fa736f9cb44cb793b76b484bd0c0f72dd84b2ee7a70cde2a3a2216162498
                                                              • Instruction Fuzzy Hash: E1418471920609DFDB00EFA8D954ADDBBB5FF49310F10C129E85577250EB34AA88CFA1
                                                              Function 07A103B9 Relevance: .1, Instructions: 102COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b82a7f7e7166cc2f13587922f4fe56ca60d98a399db43410cede428094a33e7e
                                                              • Instruction ID: 4f54a68b25eaee7a40c363137048b14fb5d3c368772ae202f084195e42b44f13
                                                              • Opcode Fuzzy Hash: b82a7f7e7166cc2f13587922f4fe56ca60d98a399db43410cede428094a33e7e
                                                              • Instruction Fuzzy Hash: BD4139B1610B058FE734DF38D58575BBBF1FB85210F144A29E0AACB640C774E8858B91
                                                              Function 07A1B460 Relevance: .1, Instructions: 100COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 97d82be3168ef1b7160dff113bf219159b8284ac7dc329217c25404b9f163230
                                                              • Instruction ID: 4244a42886fb89e2be03f79e6faa9e77da7b599a23c126b8e1f1d70d01c7bfad
                                                              • Opcode Fuzzy Hash: 97d82be3168ef1b7160dff113bf219159b8284ac7dc329217c25404b9f163230
                                                              • Instruction Fuzzy Hash: 64318DB57046008FDB05DF28C89496D7BF6EF8A700B1541AAE912CB372DB30DD01CB91
                                                              Function 07A1C664 Relevance: .1, Instructions: 94COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e396ea1b97fb54a969004db481a586f50e64edb7dcb83f2869d71e325de2558b
                                                              • Instruction ID: f474d3fc64e8b45b90f67293b597f6ad67c6e3d0a3bc1c822c77e731c2a5dad0
                                                              • Opcode Fuzzy Hash: e396ea1b97fb54a969004db481a586f50e64edb7dcb83f2869d71e325de2558b
                                                              • Instruction Fuzzy Hash: 8B3104B2300601CBEB29DF2CC8851AA7F71EFD2304F24896CE4669B385C73AD956C791
                                                              Function 07A12D38 Relevance: .1, Instructions: 94COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 749fd5e132085cf91b4ed49c5638c6ccc3750438e67a3bf7eb0c9d8b7a77b730
                                                              • Instruction ID: e1fcb8ddcfbd1457228c6c501164765b54da2bdf0279610ceb68685098c05fcb
                                                              • Opcode Fuzzy Hash: 749fd5e132085cf91b4ed49c5638c6ccc3750438e67a3bf7eb0c9d8b7a77b730
                                                              • Instruction Fuzzy Hash: BF314B76A0421A8BEF14CE69C4847EEB7F1FF88311F05852AE854E7280DB38D9858B60
                                                              Function 07A1DE29 Relevance: .1, Instructions: 90COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e0b349be374fb767ab1e4cb331b632f0caff845bc73ec58808f5c17c6a93a04d
                                                              • Instruction ID: dab8fe4410d3ac6ef3a24c3a5d5fb7aac245cf0d6ecd8a99d27e45233da7abbe
                                                              • Opcode Fuzzy Hash: e0b349be374fb767ab1e4cb331b632f0caff845bc73ec58808f5c17c6a93a04d
                                                              • Instruction Fuzzy Hash: D031E4B2704341CFEB19DF38C88109A7F71EF92304B2489ADD0659B292D73AD95AC791
                                                              Function 07A1AD61 Relevance: .1, Instructions: 86COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c2e9b1fcd914fcb02cb147c0ccfe56db5511fa5d1f5d0421d0fe60f89c2cec57
                                                              • Instruction ID: a8560887f125b89cc6f9a12f952eae4456d83d47e3f2d0c64d12b770657280d9
                                                              • Opcode Fuzzy Hash: c2e9b1fcd914fcb02cb147c0ccfe56db5511fa5d1f5d0421d0fe60f89c2cec57
                                                              • Instruction Fuzzy Hash: 3E31E6B1305391CFE7269B3489605667BF7AFC620874984AEC992CB3D6EB35EC05C711
                                                              Function 07A14CC8 Relevance: .1, Instructions: 86COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f032c2d1c6638fe526b62a4e2792a328734afa3740f856c72d29402f30826c3a
                                                              • Instruction ID: 2f2cfe23fd4d42b915ebc995ce6784b5a238065945904f1c650afcba10f2af41
                                                              • Opcode Fuzzy Hash: f032c2d1c6638fe526b62a4e2792a328734afa3740f856c72d29402f30826c3a
                                                              • Instruction Fuzzy Hash: 1321BDB67006418FEF19EB6CD41496E37EAAFC972471540AAE919CB370EE31DC01CBA0
                                                              Function 07A11240 Relevance: .1, Instructions: 84COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9183e8577d2b4db3048592ed28ced0b21e5be6dd5a1b89be8d9c2b7db1484651
                                                              • Instruction ID: e692935e61c59b23c8e2813f5e115efc1071155c26eff2d43029bae5875a60e0
                                                              • Opcode Fuzzy Hash: 9183e8577d2b4db3048592ed28ced0b21e5be6dd5a1b89be8d9c2b7db1484651
                                                              • Instruction Fuzzy Hash: 5F310579A20219DFDB14DFA9E884DADB7F5FF89700F1181A9E915AB720C730A800CF50
                                                              Function 07A19BD8 Relevance: .1, Instructions: 81COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 45635d55288a1656da0e68afef5e38062b74c529609bc70f9e209e30f5a44e22
                                                              • Instruction ID: f5b805ecb421fcc7a4964477b9797f0e24dd4ba478aeee5fcbd86a1106f81c46
                                                              • Opcode Fuzzy Hash: 45635d55288a1656da0e68afef5e38062b74c529609bc70f9e209e30f5a44e22
                                                              • Instruction Fuzzy Hash: 012103B77006118FEB24CB69C8A157E77E6EBC8351B288069D596C32A5CA34F981CB51
                                                              Function 07A19BE8 Relevance: .1, Instructions: 79COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9e795b18756a4a0fa776b038c49295cf6dc2e67d8f110f8be94e4bc6dc1c891d
                                                              • Instruction ID: dd9380ca80cca9439fb9a2c4e859a9a60c6a3703d42157039f4cc491e115b83b
                                                              • Opcode Fuzzy Hash: 9e795b18756a4a0fa776b038c49295cf6dc2e67d8f110f8be94e4bc6dc1c891d
                                                              • Instruction Fuzzy Hash: 7F2131B67002114FFB248B29C8915BF77E6EBC4210B288069D556C3360CA34F881CBA2
                                                              Function 07A16ED0 Relevance: .1, Instructions: 76COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 708ba66601959dd18636b228c150dd5cdaddf0e3bc99dd1916467acf5502fe38
                                                              • Instruction ID: 7025041b9bd12f2e869c8d49f90503cd0caf8d51e28552bdfef6fc2d22685fd4
                                                              • Opcode Fuzzy Hash: 708ba66601959dd18636b228c150dd5cdaddf0e3bc99dd1916467acf5502fe38
                                                              • Instruction Fuzzy Hash: 7D2171B1A00219DFEB14DF69C8447AABBF5FF89360F15C265E828DB290DB358D41CB90
                                                              Function 07A103C8 Relevance: .1, Instructions: 76COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 08b1f1534bea35678c67dae380cf55e43532dd913a2985d318a565ee591a8ddb
                                                              • Instruction ID: 32fbbf9c1d4c7a53b524be0f664ab9f7861b57d6c23b4110fed8cbb22576701c
                                                              • Opcode Fuzzy Hash: 08b1f1534bea35678c67dae380cf55e43532dd913a2985d318a565ee591a8ddb
                                                              • Instruction Fuzzy Hash: FF21B2B1610B059BE734DF38D586B17B7F6FB85210F040E29E1BACB600D774E8898B91
                                                              Function 00EAD658 Relevance: .1, Instructions: 75COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2164231131.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_ead000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fd770c66d2b892dc0444a7c986da8118906b794f3ed938f178396151e535f5cb
                                                              • Instruction ID: f0709ccb6f01101b8e52cbe690929c2e6e6136f5d895f982f21a0d37c78e926f
                                                              • Opcode Fuzzy Hash: fd770c66d2b892dc0444a7c986da8118906b794f3ed938f178396151e535f5cb
                                                              • Instruction Fuzzy Hash: 6E213376508244DFCB04DF14D9C0B2ABF65FBD9328F208169E90A1E656C336E816CAA1
                                                              Function 07A1F541 Relevance: .1, Instructions: 74COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 545548ab50f6107cad9e9df4a87db5ee7af7a8b6bdbe93de46e829e10c3dd979
                                                              • Instruction ID: adb2595048ddcd9b90519ae4618576115b897835cb9bc04715b9c5749cf363f7
                                                              • Opcode Fuzzy Hash: 545548ab50f6107cad9e9df4a87db5ee7af7a8b6bdbe93de46e829e10c3dd979
                                                              • Instruction Fuzzy Hash: A121F376701201DFD7249B58E890B2AB7E2FFC9320B14843FE919DB740DA31EC458B91
                                                              Function 07A1F607 Relevance: .1, Instructions: 73COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0ffe9671a9b6bccc5c35fe43e898c0e414d245f82cd73cfb1a789a63f66ce194
                                                              • Instruction ID: b4ce2c3ed8b79801e2c121957fffdea00ff8656c59682ccb615e7863ccac5d5e
                                                              • Opcode Fuzzy Hash: 0ffe9671a9b6bccc5c35fe43e898c0e414d245f82cd73cfb1a789a63f66ce194
                                                              • Instruction Fuzzy Hash: E82108B1E0564ACFDB027FA8E9860BEFF75FF41211F000995E5C0B2094EB3108A98B81
                                                              Function 07A10E44 Relevance: .1, Instructions: 72COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9c28d4b45adc393a74bb9b2b3f551d905f3e4da24f8a1b20a65c2d1d759af927
                                                              • Instruction ID: 1e9d9012336ef16dacd26d562c57dc46cbd7f57b90193ea83666523551d08ee4
                                                              • Opcode Fuzzy Hash: 9c28d4b45adc393a74bb9b2b3f551d905f3e4da24f8a1b20a65c2d1d759af927
                                                              • Instruction Fuzzy Hash: DB219DB57002118FEB24DF19D980B6A77A6FBC8720F00842EEA5687790DB71EC41DB50
                                                              Function 07A123B8 Relevance: .1, Instructions: 72COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4c20bf8d6644bcdfe0c0139c8b4284107c3305747f1faedee66b9be2c29618d7
                                                              • Instruction ID: b0f96830f9931a190e5e05efffa49107b4ec933174d982ddab08250735094c3c
                                                              • Opcode Fuzzy Hash: 4c20bf8d6644bcdfe0c0139c8b4284107c3305747f1faedee66b9be2c29618d7
                                                              • Instruction Fuzzy Hash: CB21AC703016118FE7199B29C854B2A37E5FF86715B1480BEE916CB3B1DBB1DC02CB50
                                                              Function 07A123C8 Relevance: .1, Instructions: 72COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 493eb29d1d48f03c3dc93d9ad71bd1d1b2f8ab307f9f2806975e22930a76c3b8
                                                              • Instruction ID: a33aca3f4e038bdbc83360ebecfae4cd4624fdebdd11d07439f3bfcb638ea232
                                                              • Opcode Fuzzy Hash: 493eb29d1d48f03c3dc93d9ad71bd1d1b2f8ab307f9f2806975e22930a76c3b8
                                                              • Instruction Fuzzy Hash: 482179743012118FE758AB29C854A6A77E9FFC5614B20807DE516CB3A1DFB1EC42CB50
                                                              Function 07A1D310 Relevance: .1, Instructions: 72COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a406b0506dc5a5766fc4393e4d8c42e579702c24684c9f463097a9c8e34718dc
                                                              • Instruction ID: 795c6f7e6b1c82417aa3cf05522ecffec9a34edf309a94c703fe993c73ac6436
                                                              • Opcode Fuzzy Hash: a406b0506dc5a5766fc4393e4d8c42e579702c24684c9f463097a9c8e34718dc
                                                              • Instruction Fuzzy Hash: 8C21B372D00609CBEB189F64D4156EDBBB2FF88311F14C529E4157B280DB759949CB90
                                                              Function 00EBD36C Relevance: .1, Instructions: 72COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2164308549.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_ebd000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 454e3da755226c57ba0f239faa65813e257dd340b9451dbdd651670cd64445b6
                                                              • Instruction ID: 28ec45e194709048be9255e8df0234270457f996f98fe9f72eebbb9e41ed9d07
                                                              • Opcode Fuzzy Hash: 454e3da755226c57ba0f239faa65813e257dd340b9451dbdd651670cd64445b6
                                                              • Instruction Fuzzy Hash: 6C213475508304EFCB04DF14D9C0B67BBA5FB84318F24C56DE90A5B292D77AD846CA62
                                                              Function 00EBD1B4 Relevance: .1, Instructions: 72COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2164308549.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_ebd000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4a5bf2745abf1721291581ddd92306e7464ebe51c51123acd968ec324b0a742c
                                                              • Instruction ID: 8d3fd9c1add74c5fef95c01d6738017699056863ddbc59a729952b9b13637f57
                                                              • Opcode Fuzzy Hash: 4a5bf2745abf1721291581ddd92306e7464ebe51c51123acd968ec324b0a742c
                                                              • Instruction Fuzzy Hash: DA217671508380EFCB05CF54C9C0B67BB65FB84318F20C56CE8095B262D336D806CB61
                                                              Function 07A12EC8 Relevance: .1, Instructions: 71COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c8114d1129591ee110fcb1ae0e9a05614b73340f931ab9464a1a7f75e84cd460
                                                              • Instruction ID: 1a6d76e443b81254728177030fd963a5cc6dc883aaa05aa7fd48cdade4b55102
                                                              • Opcode Fuzzy Hash: c8114d1129591ee110fcb1ae0e9a05614b73340f931ab9464a1a7f75e84cd460
                                                              • Instruction Fuzzy Hash: C3211B75E0021A9FCF05DFA9D8409EDFBB6FF8C311B14826AE918A7350E731A955CB90
                                                              Function 07A16E34 Relevance: .1, Instructions: 71COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fad354e5778479f4b22268349da125423e3fdc927721a0b30165da66f9623a77
                                                              • Instruction ID: 0482ff2f8f38d98bb565ca515b75dc4ced3de141050cf3c388018de592a1f2ab
                                                              • Opcode Fuzzy Hash: fad354e5778479f4b22268349da125423e3fdc927721a0b30165da66f9623a77
                                                              • Instruction Fuzzy Hash: F721C2B1900215DFEB14CF6AC44479ABFF5FF89720F14C26AE429DB291DB718944CB90
                                                              Function 07A1EAFC Relevance: .1, Instructions: 70COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7fe716f6a2085467b98378177ceeb6c51c96531db41d55c573048df4cb84b3eb
                                                              • Instruction ID: ba2b64ca918ee0bbf09a94b287d5ee81732a317fde2afa2752d1279811f8e7c8
                                                              • Opcode Fuzzy Hash: 7fe716f6a2085467b98378177ceeb6c51c96531db41d55c573048df4cb84b3eb
                                                              • Instruction Fuzzy Hash: F521F5B1E0560ADFDB017FA8E58607FFF75FF81211F000954E594B1094EB3148A98BD6
                                                              Function 07A12EB8 Relevance: .1, Instructions: 68COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d15adb62ed14aab9e5b1d4ae7f3e10c88b9297f34485032be28187e0ee1e8206
                                                              • Instruction ID: 242dd8a964f84f8711b2339bd6d8c402c4fa9737609913ba7b169b30f3201aa4
                                                              • Opcode Fuzzy Hash: d15adb62ed14aab9e5b1d4ae7f3e10c88b9297f34485032be28187e0ee1e8206
                                                              • Instruction Fuzzy Hash: 56212876E0060A9FDB05DFA9C840ADDFBB5FF88310F048269E958B7350E731A995CB90
                                                              Function 07A16A74 Relevance: .1, Instructions: 68COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c4f312b6591f1a8a57b86267757c36d91c9fa3999c8b85550c6d346421690198
                                                              • Instruction ID: 80f34410be1baea8b6021af596dd0e2319b486f3321c20007cddba824e8b61a4
                                                              • Opcode Fuzzy Hash: c4f312b6591f1a8a57b86267757c36d91c9fa3999c8b85550c6d346421690198
                                                              • Instruction Fuzzy Hash: F731E0B0C05319DFEB20DF99C989B9EBFF4AB48714F248419E418BB240CBB55845CF95
                                                              Function 07A14E40 Relevance: .1, Instructions: 67COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 67eff281ac4e3f9c1038e9fd66a872eda1502f56d922b60d1a256d02da6f5259
                                                              • Instruction ID: ee3f4bd47eb0365662af7773a0fe62a2225cd7dcdd5e0e4cc57d6f8d1412e9fc
                                                              • Opcode Fuzzy Hash: 67eff281ac4e3f9c1038e9fd66a872eda1502f56d922b60d1a256d02da6f5259
                                                              • Instruction Fuzzy Hash: 7B21F575A10218CFDB04EF68C895AAD7BB2FF8C710F554468E506AB3A0CB3A9C41CB61
                                                              Function 07A1CDE9 Relevance: .1, Instructions: 67COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3aa4aa470bfa75dcd5ebc2280d0b9f2d9a33e082eca926efba4381a7b14da19f
                                                              • Instruction ID: 570e43aaaecd08180c66b9ee3b99255b3e83505abbe112800f290e475e0ebcb5
                                                              • Opcode Fuzzy Hash: 3aa4aa470bfa75dcd5ebc2280d0b9f2d9a33e082eca926efba4381a7b14da19f
                                                              • Instruction Fuzzy Hash: 00118B75310610CFC704EB38D894A6EBBFAFF89224B14456AE546CB360EF30AD01CBA0
                                                              Function 07A1530C Relevance: .1, Instructions: 67COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7b03714977ae5c8c9665fe5dd99c996674b88b1bb9ccb848b25b76663f893fdd
                                                              • Instruction ID: 95182785ca7471c52138c2143613fa93ded131fae9ac89b347c05a8af425b6cf
                                                              • Opcode Fuzzy Hash: 7b03714977ae5c8c9665fe5dd99c996674b88b1bb9ccb848b25b76663f893fdd
                                                              • Instruction Fuzzy Hash: EA31CEB0D05319DFEB20DF99C988B9EBFF4AB48714F24841AE418BB240CBB56845CF95
                                                              Function 07A13388 Relevance: .1, Instructions: 64COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a8b67ddb13842b053cba5b15c04af2fc6031ef6ec4942054e564181d2b244e4a
                                                              • Instruction ID: 56a017d597af10bd161abd543da753356f50849d6dc3de2687e043720fdc6afe
                                                              • Opcode Fuzzy Hash: a8b67ddb13842b053cba5b15c04af2fc6031ef6ec4942054e564181d2b244e4a
                                                              • Instruction Fuzzy Hash: CE21F971E0010A9FCB04DFADC8849EEFBF5FF98300B11865AE418E7211E7749956CB90
                                                              Function 07A129D0 Relevance: .1, Instructions: 64COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 97e8be5a6d5fcc5d7858f7b0074c2f23900e4a630e2afebdc732e9f1f74277c2
                                                              • Instruction ID: 2832d32f5a845e6f0b836de6846ce9d2c8eb4869e0f289bcaada66e2c5370870
                                                              • Opcode Fuzzy Hash: 97e8be5a6d5fcc5d7858f7b0074c2f23900e4a630e2afebdc732e9f1f74277c2
                                                              • Instruction Fuzzy Hash: 39218CB57006519FEB24CF19C880B6A7BB6BFC9720F05402EE95A877A1D735E841DB50
                                                              Function 07A18E08 Relevance: .1, Instructions: 63COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f9bf0084610a16139b0acfaec1d22c4bb4e8be5854bb7b411a7d2799f3eb7bfd
                                                              • Instruction ID: a03cd0a8abc9455f1b9af77554033945b9a6728971d0f35fb5d6c2e6b17e9483
                                                              • Opcode Fuzzy Hash: f9bf0084610a16139b0acfaec1d22c4bb4e8be5854bb7b411a7d2799f3eb7bfd
                                                              • Instruction Fuzzy Hash: 0F21F3B5E002098FDB04DFA8D885AEEBBF1FB48314F10816AD425B7350D774A940CFA0
                                                              Function 07A14E50 Relevance: .1, Instructions: 61COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d10cb7ec34359ffe758a02236eeab9517e7bbbd3a33855c56760ecb0941d8af6
                                                              • Instruction ID: b4189670f30468f692e6725aee7e1f4f7a2f116af7a09caffa158cf4e957b39e
                                                              • Opcode Fuzzy Hash: d10cb7ec34359ffe758a02236eeab9517e7bbbd3a33855c56760ecb0941d8af6
                                                              • Instruction Fuzzy Hash: 1521E875A10218CFDB44EF68C894AAD7BB2FF8C710F514468E506BB3A0CB359C41CB61
                                                              Function 07A1CDF8 Relevance: .1, Instructions: 61COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f190990ba93c5164916b40b7c25024270fa9e4ab2ae5f09fe6ede7cd2e004873
                                                              • Instruction ID: 36fc824ef14502215461f1aa69462f01fcbfcf4202e63b2a7b7f555bf132cde2
                                                              • Opcode Fuzzy Hash: f190990ba93c5164916b40b7c25024270fa9e4ab2ae5f09fe6ede7cd2e004873
                                                              • Instruction Fuzzy Hash: 4C114C75710614CFD704EB29D854A6EBBEAEF89620B14456AE506DB360EF31AD01CBA0
                                                              Function 07A168C0 Relevance: .1, Instructions: 61COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 82d9fc0f73a0296ea6d3c95d9bba81c58d5fe4ae27ff9dac52f3271254724819
                                                              • Instruction ID: 6638901b321cb61357c6d2187401ea1178b80be048fd0b5a718a3d907cdab142
                                                              • Opcode Fuzzy Hash: 82d9fc0f73a0296ea6d3c95d9bba81c58d5fe4ae27ff9dac52f3271254724819
                                                              • Instruction Fuzzy Hash: 7711E9B5E007164B9B14DF79CC556BFB7FAEBC4250B148528E429DB340EF30990147A1
                                                              Function 07A18E18 Relevance: .1, Instructions: 59COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 468d40a2e7f352f1095c5003ea19183efce8e815582ffe05b8a7c76bb3367ad6
                                                              • Instruction ID: 09923bd62d12ebfc7a2a9f092ab1532feee5f1c1a20c8e8e73d5c9d48ba611e2
                                                              • Opcode Fuzzy Hash: 468d40a2e7f352f1095c5003ea19183efce8e815582ffe05b8a7c76bb3367ad6
                                                              • Instruction Fuzzy Hash: F52190B4E002099FDB44DFA9D885AEEBBF1EB88314F10816AE525B7350D774AD44CBA1
                                                              Function 07A11428 Relevance: .1, Instructions: 59COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f14b9cff19bf36c71ab7dd609e41416e82faa73a1aa9a495c6ad4532d8f8a0a0
                                                              • Instruction ID: b4c7e6ad4307b364b58c297ac36c1070550ccfd40b41976b9b713f43812cccc6
                                                              • Opcode Fuzzy Hash: f14b9cff19bf36c71ab7dd609e41416e82faa73a1aa9a495c6ad4532d8f8a0a0
                                                              • Instruction Fuzzy Hash: 9A1148363043499FDB119FA4D84476B3FA69F85200F08846BEA19CB292CB79C842D3A1
                                                              Function 07A13398 Relevance: .1, Instructions: 59COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c2fd58114bcfda8ade6b4889788667858f0e0256f459d94b36bc2f15955f4e65
                                                              • Instruction ID: 7e75548c6f7acbdc35d53ea09e0b5729123d441855214e2f7a2d49b72e2d6545
                                                              • Opcode Fuzzy Hash: c2fd58114bcfda8ade6b4889788667858f0e0256f459d94b36bc2f15955f4e65
                                                              • Instruction Fuzzy Hash: B621CC71E1020A9F8B04DFADC8449AFFBF9FF98310B10855AE518E7215E774A952CB90
                                                              Function 07A1A131 Relevance: .1, Instructions: 59COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d816ac23b56f95376baebb8796fe43b4829994832cacbde08fb9ba2411dfee3b
                                                              • Instruction ID: ddb2e5f782f4d591fc7851c999c1c6d2e5f8aec85cb161beb31d3e678edca56b
                                                              • Opcode Fuzzy Hash: d816ac23b56f95376baebb8796fe43b4829994832cacbde08fb9ba2411dfee3b
                                                              • Instruction Fuzzy Hash: C821B875E0025A8FCB45CFADD8849AEBFF1FF89210B10816AE958E7315E7349911CBA1
                                                              Function 07A167F0 Relevance: .1, Instructions: 58COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b767a1fe82907c331354ed0f5e75f99cb34f914c6cd47cd610462e347a8e5ea0
                                                              • Instruction ID: 7ecdf0b3e9c6c3ee68bb5e085caf90dcba9c754892b35f76599e617a30c816ae
                                                              • Opcode Fuzzy Hash: b767a1fe82907c331354ed0f5e75f99cb34f914c6cd47cd610462e347a8e5ea0
                                                              • Instruction Fuzzy Hash: 9F110A71F0125A8BDF54EBB999105AEB7B6AFC9312B244069C914E7244EF318D11CB91
                                                              Function 00EAD653 Relevance: .1, Instructions: 56COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2164231131.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_ead000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                              • Instruction ID: 1ede659f0fe9d24e0b96aa15e6d1b728acd47b603b607b132b5fbf789b24e5c6
                                                              • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                              • Instruction Fuzzy Hash: D011D676504284CFCB15CF14D9C4B16BF71FB99318F24C5AAE80A0F656C336D456CBA1
                                                              Function 07A1CF0F Relevance: .1, Instructions: 53COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bc48c53d63f724554b9b1d12c6d588b3c657c6363a9d14c65d3f99096ff343bf
                                                              • Instruction ID: 0afc555a8ea7dcc5b078432920f8ec4c38db9974c641d6d89b9eca64268cb69e
                                                              • Opcode Fuzzy Hash: bc48c53d63f724554b9b1d12c6d588b3c657c6363a9d14c65d3f99096ff343bf
                                                              • Instruction Fuzzy Hash: A501FC73B403714FD7104B79D864B66BBE5AF81760B154076F895CB2A1E625DC0187E0
                                                              Function 07A12A91 Relevance: .1, Instructions: 53COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 960f051ce6402e8bff22688cbc83f990ea53c44bfcc8fc213b621f8efdd253dc
                                                              • Instruction ID: b662bf293f3a77188462a9624a86497b77ff4544a36d63a84f3e5efcc125d85e
                                                              • Opcode Fuzzy Hash: 960f051ce6402e8bff22688cbc83f990ea53c44bfcc8fc213b621f8efdd253dc
                                                              • Instruction Fuzzy Hash: 211170B1B0060A9FDB15DF69C844AAE7BF5FF88610F144469ED24C7360EB30D910CBA1
                                                              Function 00EBD1AF Relevance: .1, Instructions: 53COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2164308549.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_ebd000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                              • Instruction ID: 2cdbeff61730265e5fedb75ad2f0e6c2fb97dd4c1ffb3890ac91cec18ea79f7e
                                                              • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                              • Instruction Fuzzy Hash: 6A11DD75508280CFCB02CF50C9C0B56BFA1FB84318F24C6A9D8494B266C33AD81ACBA1
                                                              Function 00EBD367 Relevance: .1, Instructions: 53COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2164308549.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_ebd000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                              • Instruction ID: bc33a6c3a741e5070f30469d393d8057d989853b22725b99cc7b14d821f32199
                                                              • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                              • Instruction Fuzzy Hash: 66118E75508284DFCB05CF14D9C4B56BF61FB84318F24C6A9D8494B656C33AE84ACF51
                                                              Function 07A1A140 Relevance: .1, Instructions: 52COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d494274778852a781be3b25708f2eefa245bb561fa4576c6c301b1fc2918c977
                                                              • Instruction ID: ee21689835d452bf58e302771a124c6b530c5c695a2976b2276d3bede455d670
                                                              • Opcode Fuzzy Hash: d494274778852a781be3b25708f2eefa245bb561fa4576c6c301b1fc2918c977
                                                              • Instruction Fuzzy Hash: 8111CBB5E0011A9F8B44DFADC8409AEFBF5FF8C310B10816AE918E7315E7309911CBA1
                                                              Function 07A108B8 Relevance: .1, Instructions: 51COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 81679506c41697629c0f18da538c5906b0435d87d13597606e51a2fa45c5564a
                                                              • Instruction ID: fc50060b985a9409672080bd283dbd4cae093d1a4c57f5f000d7c9aebe4e49b3
                                                              • Opcode Fuzzy Hash: 81679506c41697629c0f18da538c5906b0435d87d13597606e51a2fa45c5564a
                                                              • Instruction Fuzzy Hash: E81104303087115BEB14BB2CD8167AB7AD6AB85308F10885DE5899F7C3CEFA58465BE1
                                                              Function 07A1F703 Relevance: .0, Instructions: 50COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 376853db85a8bba2903409ac0c62bc76fd2acf0ef943e65e8f85e940564c02b6
                                                              • Instruction ID: 473c9cf31a75851cc7c8293a6d3850dd925d573540efcfcabb7fa3369ac918ff
                                                              • Opcode Fuzzy Hash: 376853db85a8bba2903409ac0c62bc76fd2acf0ef943e65e8f85e940564c02b6
                                                              • Instruction Fuzzy Hash: 98114C7190F3D09FCB138BB49864498BFB1EF8321131A85DBD4A5DB1A3C6398D5ACB12
                                                              Function 07A12AA0 Relevance: .0, Instructions: 50COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dc6c814c3470e95d9d199a0b72b6d67f29fafd5fbcc75fa7913529b72b483496
                                                              • Instruction ID: ccc8507327b5f92d9056e860ed015912c9dbf4c6e214907645cd600c3ecff13e
                                                              • Opcode Fuzzy Hash: dc6c814c3470e95d9d199a0b72b6d67f29fafd5fbcc75fa7913529b72b483496
                                                              • Instruction Fuzzy Hash: 561161B5B0060A9FDF55DF69C884AAE7BF5FF88610F148429E924D7350DB30D910CBA1
                                                              Function 07A15D30 Relevance: .0, Instructions: 48COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 203453cd0513f3c72002625767b01709a6e65747f712ae41ee1e9c4c3f2e8e27
                                                              • Instruction ID: 4b1408bc2a4199cc62f42b1dcb57237cbb17df1ddd6c769e368c97fd88edd42d
                                                              • Opcode Fuzzy Hash: 203453cd0513f3c72002625767b01709a6e65747f712ae41ee1e9c4c3f2e8e27
                                                              • Instruction Fuzzy Hash: 3111C03090134AEFCB09EFB4E85AA9DBFB5EB45300F0041A9E855AB351DA341A09CB41
                                                              Function 07A108C8 Relevance: .0, Instructions: 47COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 679c95972926f07116fe9647ac691e0ee05e4ff5d3c65925545b6cb506d9c9f5
                                                              • Instruction ID: df83c72b0ae125ba2484f98a0919edd77bf8c7997d3ced5197d315918b87339f
                                                              • Opcode Fuzzy Hash: 679c95972926f07116fe9647ac691e0ee05e4ff5d3c65925545b6cb506d9c9f5
                                                              • Instruction Fuzzy Hash: 5E01F5303047115BE714B62CD8157AA7AC6AB84308F10855DE1898F7C2CEFA68455BE1
                                                              Function 07A114C9 Relevance: .0, Instructions: 46COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 30fe3654804cc8244b6bb911f920ae5fc64606824ddcd7b3a271467f0b294616
                                                              • Instruction ID: 27c3261a2abd9d2ace4cf6f47ea69fbeef99e51e3ea630d660bd17b36df06790
                                                              • Opcode Fuzzy Hash: 30fe3654804cc8244b6bb911f920ae5fc64606824ddcd7b3a271467f0b294616
                                                              • Instruction Fuzzy Hash: BB01F2B260410D9BDF119B88D9547BF3B69EF85315F18C01AE62A8A242C736C493D7E1
                                                              Function 07A134B8 Relevance: .0, Instructions: 45COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3a4a629dbdb6917ef4b0e545ae0db846fcdc9c0a4f9131582ae478d9f39b30de
                                                              • Instruction ID: eea3836717a71400c3215ce1d579b8d9585b5bedac1dc6352034ec2dc5c819f5
                                                              • Opcode Fuzzy Hash: 3a4a629dbdb6917ef4b0e545ae0db846fcdc9c0a4f9131582ae478d9f39b30de
                                                              • Instruction Fuzzy Hash: CC01F7702002118FEF18AB29DC20A2B7BA5AFC1721F18C46DD9158B241DF71DC46CB91
                                                              Function 07A134C8 Relevance: .0, Instructions: 45COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dc42909aab8f1ec7cb116a0da5933b02ecebdd66a4ead605404cd8cc1106f4b1
                                                              • Instruction ID: 91da458332aa289b43246d13b6880a834978f36878fd5e73cc25cf49216d4787
                                                              • Opcode Fuzzy Hash: dc42909aab8f1ec7cb116a0da5933b02ecebdd66a4ead605404cd8cc1106f4b1
                                                              • Instruction Fuzzy Hash: 9801F9B03002158FEF18AB7AC82092B7BAAAFC1B20724D57DD5168B241DF70DC02CB91
                                                              Function 00EAD76D Relevance: .0, Instructions: 45COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2164231131.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_ead000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 92e5735edc89c3f7c3228852b8ac008540e06e6aa473e181018811ac611dec20
                                                              • Instruction ID: c9773fe480634e8d4637263ffdaf756c70248b1cf25b738cedcea8deca6e5273
                                                              • Opcode Fuzzy Hash: 92e5735edc89c3f7c3228852b8ac008540e06e6aa473e181018811ac611dec20
                                                              • Instruction Fuzzy Hash: B801F77100C3449AE7148B15DD84B66BF98EF46724F18D41BFD0A2E592C6B8A840CA71
                                                              Function 07A19EBC Relevance: .0, Instructions: 44COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0038b955a8b95294844c5c5bdba440b5b083660f6fb958ae9bf400c2ed21bfb6
                                                              • Instruction ID: 8c3f31331face0596267295bc3f6f98607c53aaf091d83e40c337a630ed325d3
                                                              • Opcode Fuzzy Hash: 0038b955a8b95294844c5c5bdba440b5b083660f6fb958ae9bf400c2ed21bfb6
                                                              • Instruction Fuzzy Hash: D7F062B1360122CBE6189B3AC894A3E37E99FC5A117094069F566C72B0DF11DC02C6A1
                                                              Function 07A13431 Relevance: .0, Instructions: 43COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5a1431ecbabdd5d068c49a0959ec163c1990811f2df9156319c50a0c34fb73a6
                                                              • Instruction ID: 9cfa38c0c551e82c9e5da057b4f37ca6bbf752629f6e3e7dc8c3f744689deeae
                                                              • Opcode Fuzzy Hash: 5a1431ecbabdd5d068c49a0959ec163c1990811f2df9156319c50a0c34fb73a6
                                                              • Instruction Fuzzy Hash: 7601DF302002018FDF15DB19DC44E2AB7A6EFCA321F24C5BEE90A8B221CB71EC02CB44
                                                              Function 07A11F47 Relevance: .0, Instructions: 42COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 684f69823efb7ac8fb2a684a4450b323840d825aa141516cb2096aa21d499a50
                                                              • Instruction ID: a08f20ec7a776d84a9c7d57d1df331ca58e0a153823bf78d508bd66070a9940f
                                                              • Opcode Fuzzy Hash: 684f69823efb7ac8fb2a684a4450b323840d825aa141516cb2096aa21d499a50
                                                              • Instruction Fuzzy Hash: F8017C70A181589FEB14DF69D894EEEBFF5AF89300F14405AE511EB361C734D8018B54
                                                              Function 07A1D291 Relevance: .0, Instructions: 42COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2d31c2bfa178d768cc8aae187a183a094b621a266815bf2896aae350252c2217
                                                              • Instruction ID: 7ae6df449bd9ac919ea8605964a1b1e866c8647e14969a44bc890f4bd57b052b
                                                              • Opcode Fuzzy Hash: 2d31c2bfa178d768cc8aae187a183a094b621a266815bf2896aae350252c2217
                                                              • Instruction Fuzzy Hash: C301D132914B098BC701BF28DC01898BB74EF97321B05436AED84AB351EB34D5A4CBD1
                                                              Function 07A13440 Relevance: .0, Instructions: 41COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 77548b03fe75d95f6c97c8bd0686f025e12991da61ed7a6da9c07a86eeff23aa
                                                              • Instruction ID: 9c569b2dad31884d573a3859a318b597eefbfe7b4d293154b6154bb7db5f3d0d
                                                              • Opcode Fuzzy Hash: 77548b03fe75d95f6c97c8bd0686f025e12991da61ed7a6da9c07a86eeff23aa
                                                              • Instruction Fuzzy Hash: F7016D703006018FDB15DB29D854D26B7EAEFCA221B14C5BDE51ACB221DBB1EC028B54
                                                              Function 07A1B950 Relevance: .0, Instructions: 41COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3042c5872af2905488de82c1ed39279a0871d0f5bda146b741f1e2084b14330f
                                                              • Instruction ID: 2d9d3806e0063d63c7d28a5bf636005ff0eb5bf967ed8e38287362225c383693
                                                              • Opcode Fuzzy Hash: 3042c5872af2905488de82c1ed39279a0871d0f5bda146b741f1e2084b14330f
                                                              • Instruction Fuzzy Hash: C2F0F6F1364112CFE7149B35C8A0A6E37E95FC191130940AAF565CB3B1DB24DC43C7A1
                                                              Function 07A1A0C9 Relevance: .0, Instructions: 39COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0fbd7240d731461b90e1a51331f05a0284d6cd47fe05c5f5c04be78f94cb3bcc
                                                              • Instruction ID: f758c01d15c841e8b2d4ca893f2f429650d6b99cfb168b4b3f51c01bf22885a8
                                                              • Opcode Fuzzy Hash: 0fbd7240d731461b90e1a51331f05a0284d6cd47fe05c5f5c04be78f94cb3bcc
                                                              • Instruction Fuzzy Hash: 7A01C832A14654CFCB11EF69E8948DEFFB4EF8631071442ABE5849B321D7306E05CBA2
                                                              Function 07A1EB34 Relevance: .0, Instructions: 38COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 91e3a173266b02e5fdb1fc2807d15e2639d621b4070ac8e2d222fe0f423e7408
                                                              • Instruction ID: c258a2bc2f6142e8beb35083ff15d329806868c60280857b7348dae23aa75556
                                                              • Opcode Fuzzy Hash: 91e3a173266b02e5fdb1fc2807d15e2639d621b4070ac8e2d222fe0f423e7408
                                                              • Instruction Fuzzy Hash: 89F0B475A06114EFDB14DF69D08446DBBB5EFC576172581A9E42997210CB318C22CF40
                                                              Function 07A11AAF Relevance: .0, Instructions: 38COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 92d9de3ffef05d48f435c8c6cdc58ca220bf25adcb4ec4d87270c142741c9f22
                                                              • Instruction ID: ebcf90e11cd0e02e09a1056e3e4eaac0f630331201de69f2ce291cfe069c76b7
                                                              • Opcode Fuzzy Hash: 92d9de3ffef05d48f435c8c6cdc58ca220bf25adcb4ec4d87270c142741c9f22
                                                              • Instruction Fuzzy Hash: B0F0C231B043145FDB186B75E85556F7FBAEBC1325F04842EE446CB340CE3498418B91
                                                              Function 07A10C1C Relevance: .0, Instructions: 37COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 623fbaf549be7090c85f8b9e2c679ff194651bf8535e35e590653308bbd658d1
                                                              • Instruction ID: 77d8806550ec7fc4ba261b6db38ab61eafe2139ad534154b944bf3a42ed2fea9
                                                              • Opcode Fuzzy Hash: 623fbaf549be7090c85f8b9e2c679ff194651bf8535e35e590653308bbd658d1
                                                              • Instruction Fuzzy Hash: 1EF09E723185544BC324561CCC1453A3BB6EFDA11270C40FAD015CB722D954CC428350
                                                              Function 07A12960 Relevance: .0, Instructions: 37COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 77dc94ccfd0e117cdd45139f4f59bc754dc39ea933fc977b9412d0a5533e9ac1
                                                              • Instruction ID: 022f40e8e90757eeb26c7d74f2bf1cf50acdd38a2d7abad114a41db8617795f7
                                                              • Opcode Fuzzy Hash: 77dc94ccfd0e117cdd45139f4f59bc754dc39ea933fc977b9412d0a5533e9ac1
                                                              • Instruction Fuzzy Hash: E8F0F6739893845FD7029A70C84278A3F31EB13720F0980DBD9508E2A3E2298907D740
                                                              Function 00EAD76C Relevance: .0, Instructions: 36COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2164231131.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_ead000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d90ea9e297f53dfb6325e619574818e3a72cdb91444f7a532bc463f4c1e28157
                                                              • Instruction ID: f7be388fef8c9be4f9a7304b61f2b5b31f488898219ada09f14749780088fae1
                                                              • Opcode Fuzzy Hash: d90ea9e297f53dfb6325e619574818e3a72cdb91444f7a532bc463f4c1e28157
                                                              • Instruction Fuzzy Hash: FBF0C2714093449EE7148B06DC84B62FF98EF45738F18C45AFD491F682C278AC44CE71
                                                              Function 07A15F40 Relevance: .0, Instructions: 35COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6d58e33a5f468c4e9ce3a2302a2566edba30303c6f62c10b6fb97ee7507c1a9c
                                                              • Instruction ID: ee6f80937d11d18837ca7ca209a735399fb939a7729506f07a4c376928d335f6
                                                              • Opcode Fuzzy Hash: 6d58e33a5f468c4e9ce3a2302a2566edba30303c6f62c10b6fb97ee7507c1a9c
                                                              • Instruction Fuzzy Hash: 26F090362013069FDB06AF24D8508AA7BB9EF8635035144A5F544CF226DAB19C01CBA0
                                                              Function 07A10E84 Relevance: .0, Instructions: 35COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 80b18e90268b9382e88dfd6a324c7d4892c60fb70e53ccf2a46a02719a4fd71a
                                                              • Instruction ID: 3655629fd2f2330a40bb08d12d674c6ec70df5df1fb053f668e56efecdb82f54
                                                              • Opcode Fuzzy Hash: 80b18e90268b9382e88dfd6a324c7d4892c60fb70e53ccf2a46a02719a4fd71a
                                                              • Instruction Fuzzy Hash: 8CF01D7295010A8FDB50DF78C8457BD7BF0EB44301F0489B5E418D3241EA399A059B81
                                                              Function 07A1D2A0 Relevance: .0, Instructions: 35COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 02e20113eef4937ec93ea475857d363bf2c65f9259a0524f62404655425a1c89
                                                              • Instruction ID: ff594a2a1e3c4a3294efa5b202c24976f5760eae1764f550b08357d989de604e
                                                              • Opcode Fuzzy Hash: 02e20113eef4937ec93ea475857d363bf2c65f9259a0524f62404655425a1c89
                                                              • Instruction Fuzzy Hash: 40F06232910A0997CB007F2DDC0149DBB74EF96321B41832AE99567250EB31D590D7D1
                                                              Function 07A1998E Relevance: .0, Instructions: 35COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 69812a546e059372212b9987f3bb73307ad204577923ff4bda7d3ea1e43a3e29
                                                              • Instruction ID: 26c5c8922bddc06e2f16d1a70b30bc1e93d7c4c606adca1dbd76856604383102
                                                              • Opcode Fuzzy Hash: 69812a546e059372212b9987f3bb73307ad204577923ff4bda7d3ea1e43a3e29
                                                              • Instruction Fuzzy Hash: A6F0BE31214A408FC3159B28E844D4A7BE9EF8B72072641EAE448CF772CA35EC01CB91
                                                              Function 07A16E40 Relevance: .0, Instructions: 34COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ba7c2ec6959ca97df8a210c8de5e3835a6108c0bab2909b6a7d349a8ccdbd624
                                                              • Instruction ID: 11e92fbde11e095f3bffed6afa43efb4ea404cbf5d3ca6fc98c69c89f80210e0
                                                              • Opcode Fuzzy Hash: ba7c2ec6959ca97df8a210c8de5e3835a6108c0bab2909b6a7d349a8ccdbd624
                                                              • Instruction Fuzzy Hash: 0301BBB1800219DFEF14DF6AC4047AEBAF5BF49760F14C625E824EA290DB754A84CF91
                                                              Function 07A11AC0 Relevance: .0, Instructions: 33COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 92d3f4ab8150f4cd226f9fe9db557328d86cd953f3c4be92a45ae9c8297a0036
                                                              • Instruction ID: 45896be5b2cf3520c06ecb5cf68ae3114fc9e4951dea92b28b5c59b95c22aeaa
                                                              • Opcode Fuzzy Hash: 92d3f4ab8150f4cd226f9fe9db557328d86cd953f3c4be92a45ae9c8297a0036
                                                              • Instruction Fuzzy Hash: 0BF05E31B003189FCB18AB79E85852E7BAAEBC5321B14882EE546CB340CE74A8458B90
                                                              Function 07A16EE0 Relevance: .0, Instructions: 32COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c8156742d76f9f01bebbfadbc17dea24dcf9083ff4520aea42969a73e9e59d36
                                                              • Instruction ID: 0df3b123d5eba4594410f98b3fdb232aa956b60246733faecae0e8d2db754ad0
                                                              • Opcode Fuzzy Hash: c8156742d76f9f01bebbfadbc17dea24dcf9083ff4520aea42969a73e9e59d36
                                                              • Instruction Fuzzy Hash: 7CE039727042286F9304DA6AD884D6BBBEEEBCD664311807AF508C7311DA319C0186A0
                                                              Function 07A15D60 Relevance: .0, Instructions: 32COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 12cf9a0e02c4b7b72cbf4d4f16ee4b4684fedd241e1ac7c6f159361ff505e8d8
                                                              • Instruction ID: 7e9e5343096450c532f686f99d519ef2f3a67a01ad3a31d26d81e49eaccc7104
                                                              • Opcode Fuzzy Hash: 12cf9a0e02c4b7b72cbf4d4f16ee4b4684fedd241e1ac7c6f159361ff505e8d8
                                                              • Instruction Fuzzy Hash: 7BF06930A0120AEFCB48EFB8E85956CBFB6EB44300F1041A9E405AB315EE702A48CB40
                                                              Function 07A10BD0 Relevance: .0, Instructions: 31COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 295fbdaeebdd412feb85e3ffb358e5b4d28c8551a1335717af19f13cdda8f9f0
                                                              • Instruction ID: 81b4a33cf0509960d5a9787e7db2581fafe68633a51b779dcc1ef0e72c59f00f
                                                              • Opcode Fuzzy Hash: 295fbdaeebdd412feb85e3ffb358e5b4d28c8551a1335717af19f13cdda8f9f0
                                                              • Instruction Fuzzy Hash: ADE0DF763609190BC7249A19DC05B7E33ABEFC9A22F1880B5E409CBB65CE25CC4246A0
                                                              Function 07A109C0 Relevance: .0, Instructions: 31COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c61c4118f36a230042a7567fdb71d3e50788270702ab1838e3bbb69893a75714
                                                              • Instruction ID: bd2b86ff916f0d244c71d3cf75977e2cb4469c4e204838caa818fa13f896186e
                                                              • Opcode Fuzzy Hash: c61c4118f36a230042a7567fdb71d3e50788270702ab1838e3bbb69893a75714
                                                              • Instruction Fuzzy Hash: 42F0FE716147158FAF18CF28D4429957BE5FB45358720095DE466CF302E7B2EC438B94
                                                              Function 07A14F6C Relevance: .0, Instructions: 30COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1c1aa9071b3e100a0353c333bde599e9c6d725292ab998d4fee154c85a043c0a
                                                              • Instruction ID: 40a770d9e344a6671b3f6c56e92299e7499629b31bfe7a5b7b49eaf29d6d43e3
                                                              • Opcode Fuzzy Hash: 1c1aa9071b3e100a0353c333bde599e9c6d725292ab998d4fee154c85a043c0a
                                                              • Instruction Fuzzy Hash: A5F03AB2620146CFFB00DF6CE44A7A833F0EB88B16F0400A5E025E72A1CF7489C5CB21
                                                              Function 07A13548 Relevance: .0, Instructions: 30COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ead474b11c65ce2241dff8a36de00a1d3c13ac4c685c30a70404445937c8f49e
                                                              • Instruction ID: 2b668291e3911240d4410894d33a97eabf4a67070bf8c98d3b11410df3bbb9c5
                                                              • Opcode Fuzzy Hash: ead474b11c65ce2241dff8a36de00a1d3c13ac4c685c30a70404445937c8f49e
                                                              • Instruction Fuzzy Hash: 43F0F472D1010A8FDF60DF68C886BEDBBB0EF44305F1485A9D818D7256E6399A16CB81
                                                              Function 07A15F50 Relevance: .0, Instructions: 29COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 09eff54eefe3d636b52e8c5d449106a2a33f2f86e7e6b1f31064ac326bee647f
                                                              • Instruction ID: 500ac128a6ea9f76292fd9964be06c2cf2538323d9471302b85718e9974757ab
                                                              • Opcode Fuzzy Hash: 09eff54eefe3d636b52e8c5d449106a2a33f2f86e7e6b1f31064ac326bee647f
                                                              • Instruction Fuzzy Hash: A3F039363112069FDB15AF29D850CAE7BAEEFCA3503504469F6098F225DBB59C01DF90
                                                              Function 07A1DFA7 Relevance: .0, Instructions: 28COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 50b04b6e3c1a640acbdd018ad6cc0d1caf92b0fa3a38265c8a6f50fd74fdc9b4
                                                              • Instruction ID: 0647f512948ebc802fbec7587375a32e16e0c019615c9e4c6cd7f8ab7af1fbaa
                                                              • Opcode Fuzzy Hash: 50b04b6e3c1a640acbdd018ad6cc0d1caf92b0fa3a38265c8a6f50fd74fdc9b4
                                                              • Instruction Fuzzy Hash: C9E0DFAA3012205FC306A7AC99A126D3BB68FC662535940A7D209EB782C9688C1243A1
                                                              Function 07A13878 Relevance: .0, Instructions: 27COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5d25ff8df32d879304d0784f44324677a4694d47de16661fd76e2c3cc2953a8b
                                                              • Instruction ID: abf256e1f45af38ccddf2ef5da873c4db638810d5d53182ac437562dc0f9dd86
                                                              • Opcode Fuzzy Hash: 5d25ff8df32d879304d0784f44324677a4694d47de16661fd76e2c3cc2953a8b
                                                              • Instruction Fuzzy Hash: EEE0ED7B610529C6C610DF58F8814B5B3A9E78466A31C8056E51DCAA21E762DC52D790
                                                              Function 07A1DF4B Relevance: .0, Instructions: 26COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5b65c298f41502a414faffbf9c3c34f37fad08cccdc5c59b9bcf1d7f4fd9d5b9
                                                              • Instruction ID: 3bbc68a5c2c366b28ff7c55b160935ac2ef0842c2b0ba0a4d62bd062721d6e47
                                                              • Opcode Fuzzy Hash: 5b65c298f41502a414faffbf9c3c34f37fad08cccdc5c59b9bcf1d7f4fd9d5b9
                                                              • Instruction Fuzzy Hash: 55F0307230A3928FE72667749920B963FE5AF82215F090AFED259CB1D6D9289D00C752
                                                              Function 07A113C1 Relevance: .0, Instructions: 26COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 836b91abf413d10040e22163774eab888c0dc847ec1978d3b085928d442797db
                                                              • Instruction ID: c6f9a80ec8691c55745047e159a2b14a1d44cc68164a572fc7a378d657c67645
                                                              • Opcode Fuzzy Hash: 836b91abf413d10040e22163774eab888c0dc847ec1978d3b085928d442797db
                                                              • Instruction Fuzzy Hash: 53F0E5332041446BCB06DF9CE900B9A7FEAEF88311F08845AF948C7161CBB89911DB64
                                                              Function 07A12B28 Relevance: .0, Instructions: 26COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c24427a1b68dedd54ce17b3e0c92235c5224fc2bc9479d5885492aa8d9d34792
                                                              • Instruction ID: b33bd9fdb641f823062deb13a2237252d392d164d1a457bf34bd5ea2fe5ff3cb
                                                              • Opcode Fuzzy Hash: c24427a1b68dedd54ce17b3e0c92235c5224fc2bc9479d5885492aa8d9d34792
                                                              • Instruction Fuzzy Hash: 61E0ED76B005599FCF01CFA8D8519EE7772FB98220B048016EA28D7350D7768922AF51
                                                              Function 07A199A0 Relevance: .0, Instructions: 26COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 514952567ba09ca31a5f8b665b98709b6c9943416331ab929557cfdea495b3b5
                                                              • Instruction ID: 0421a3a564a7818c6fd12d98ba19455a73b00aa6805fd20c31da3d9ad4ba7c28
                                                              • Opcode Fuzzy Hash: 514952567ba09ca31a5f8b665b98709b6c9943416331ab929557cfdea495b3b5
                                                              • Instruction Fuzzy Hash: 7FE0ED353106148FC7549B1DD444C1AB7E9EFCAB2576541AAE509CB731CA71EC01CB50
                                                              Function 07A109B0 Relevance: .0, Instructions: 26COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 913cc30f2b128fc8b231cc821aea3eee77ec28dc6f99542053e4dd6ae1ae9ac0
                                                              • Instruction ID: 6cd2b976ab94ffb22792962ab5e6c9f2b37f1878e19255003d752c786b2460a8
                                                              • Opcode Fuzzy Hash: 913cc30f2b128fc8b231cc821aea3eee77ec28dc6f99542053e4dd6ae1ae9ac0
                                                              • Instruction Fuzzy Hash: BEE0D8312187958BDF24CF28DC436567FE5EB46344B1449ADF45ACF302EBA5E8438B85
                                                              Function 07A113D0 Relevance: .0, Instructions: 25COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d798b3559f6d99f366890f565b6208f6b38837130d2fad97787c9d13592f08e9
                                                              • Instruction ID: 9aec5d8d5c59649fbe802e40a1b4d10c3e52e23d2ac225bdc482fd3dab7db7db
                                                              • Opcode Fuzzy Hash: d798b3559f6d99f366890f565b6208f6b38837130d2fad97787c9d13592f08e9
                                                              • Instruction Fuzzy Hash: 98E092322045486BCB06DA5DE800E9E7FDEEBC8310F08841AF949C7161CAB598119BA4
                                                              Function 07A10BE0 Relevance: .0, Instructions: 24COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 774d9c7fc91446d42cb4c96962b61bfc0debeac4bca92ace91402ac75a2ca90d
                                                              • Instruction ID: 48a4167d5eab1ac815637add137bb9eb7f00bbb6f73b6c94b2e6ec4cda071825
                                                              • Opcode Fuzzy Hash: 774d9c7fc91446d42cb4c96962b61bfc0debeac4bca92ace91402ac75a2ca90d
                                                              • Instruction Fuzzy Hash: A4E0C2363109194BC728A60DD81497E339BEFCCA21B1880BAE005C7766CE75CC814B94
                                                              Function 07A1FF10 Relevance: .0, Instructions: 23COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8555edf2cd1a2edbcda836671b8811ea1bad5589a89a32336426a23bbfa0843b
                                                              • Instruction ID: 59c341bffaabaaeda325f84befe3c5e4e0c55dc2a254890dc31a4be06a2aede9
                                                              • Opcode Fuzzy Hash: 8555edf2cd1a2edbcda836671b8811ea1bad5589a89a32336426a23bbfa0843b
                                                              • Instruction Fuzzy Hash: BDE04837104258AFCB029F50DD41DD67F79EF4A3507188086EA448B122D332D555D7A1
                                                              Function 07A1BF58 Relevance: .0, Instructions: 23COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 096845e85d734fca1bfeda5bbfe56f184f96bf648c15227ab5f7c659e19b8d35
                                                              • Instruction ID: 57c5f954807d4510a6e8dc352e697b4f01d644569cea4ab82e2f65b19625fc15
                                                              • Opcode Fuzzy Hash: 096845e85d734fca1bfeda5bbfe56f184f96bf648c15227ab5f7c659e19b8d35
                                                              • Instruction Fuzzy Hash: 39F0E5B2814318EFCB42EF74C9859897BF0FF16310B00C5AAE459CA111EB34D259DF62
                                                              Function 07A1BC70 Relevance: .0, Instructions: 23COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fddc2342822a5937c2eef4df209db41bb4bb2d78c503c7a74c2339264e06e2a3
                                                              • Instruction ID: cbbe79e906d05fe6ae951d76f173c674989b477b9f183d8e2fec750687fe7138
                                                              • Opcode Fuzzy Hash: fddc2342822a5937c2eef4df209db41bb4bb2d78c503c7a74c2339264e06e2a3
                                                              • Instruction Fuzzy Hash: C0E086B12182248FD7064B71A4482FA3FA59BC9391B0A4167E051CA190CB248900C791
                                                              Function 07A12110 Relevance: .0, Instructions: 23COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0ce7d7fbc0927bdcd3b8a964c7496a6c97c3ff268aa3bb523596b453e10a612f
                                                              • Instruction ID: 161b010128e54c6a799e330b23ab739cf4365b0e4d550a36a6fda775769f5bf4
                                                              • Opcode Fuzzy Hash: 0ce7d7fbc0927bdcd3b8a964c7496a6c97c3ff268aa3bb523596b453e10a612f
                                                              • Instruction Fuzzy Hash: 4AE0D87130C75147C326962CEC8154BBFD19FC6311B08456FE9599F162EFA45C068392
                                                              Function 07A1DFB8 Relevance: .0, Instructions: 22COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 238b0fc826c8b0613299a1d3caad0e04afea396fa21f4590f964c300a1d70177
                                                              • Instruction ID: a0d3b59470bad1e52201b4985cddbc0949dc05eaef08c2f2e6fb8ee6dcb4148d
                                                              • Opcode Fuzzy Hash: 238b0fc826c8b0613299a1d3caad0e04afea396fa21f4590f964c300a1d70177
                                                              • Instruction Fuzzy Hash: CCD05E2630022857C608B2BD146167F7AABC7C9AA6740802BEA0AE7380DCA59C0243E1
                                                              Function 07A1DF60 Relevance: .0, Instructions: 22COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c14c04503049206f8263ae24da79867400996275c9cf38f8b74a828a4e488a8e
                                                              • Instruction ID: 3625aaf4599ff0954b4507ce71ab38aa4cb610ca9df6d60e1a0ea11211ded191
                                                              • Opcode Fuzzy Hash: c14c04503049206f8263ae24da79867400996275c9cf38f8b74a828a4e488a8e
                                                              • Instruction Fuzzy Hash: CCE086713013128BE7246778DD10B967BD9EF80355F00057CA61AC7280DE74E8004791
                                                              Function 07A1BEA0 Relevance: .0, Instructions: 22COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fb4940090f20871a665815f61b959ae865ef6655e63506c91ecc2720abef6fcd
                                                              • Instruction ID: dfdd93f07c8adc8762fc4c7d8f1a10ca1c126a6a8727cafe4443b7ed35b62703
                                                              • Opcode Fuzzy Hash: fb4940090f20871a665815f61b959ae865ef6655e63506c91ecc2720abef6fcd
                                                              • Instruction Fuzzy Hash: 77E02BF23099A44BF70B333055301BE6B154B4181130800AFC07A8F692CD0C0E1BC3DB
                                                              Function 07A18DC0 Relevance: .0, Instructions: 22COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6f52af4f15a52a1e676e95285f27e4a78f427e8e824d00f4c9e937f1dbb7d23c
                                                              • Instruction ID: 44c20d0ba7d29d69ec2d5f04ba42c3f6a8ab1ea121b2b0be942078a8a7a014c8
                                                              • Opcode Fuzzy Hash: 6f52af4f15a52a1e676e95285f27e4a78f427e8e824d00f4c9e937f1dbb7d23c
                                                              • Instruction Fuzzy Hash: 31F030B59442859FC710DF64D440E597BF0AB56320F5042DAE8619B3B2D3389986DB81
                                                              Function 07A1D251 Relevance: .0, Instructions: 22COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7649752fe89156fd365d8d4be03e6116ffff5d0172d5b9091d3846b6c35c1a1d
                                                              • Instruction ID: 039f8e1dece4b46c4dd4c3549f36d8a725af90b34722263026d2bfd79f8e9123
                                                              • Opcode Fuzzy Hash: 7649752fe89156fd365d8d4be03e6116ffff5d0172d5b9091d3846b6c35c1a1d
                                                              • Instruction Fuzzy Hash: 1DE092310082C9AFCB02CF64D941CAD3FB19A42220B0482CAF840DA293C73956A5E751
                                                              Function 07A1BC38 Relevance: .0, Instructions: 21COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6f72575c0d30c93315f3e1e5e89eb0c4d1ddf945a0852683e4586caf7a926c83
                                                              • Instruction ID: 427e4a0559e8b2806221fa7d7db418935c66e38a85b6d8ec522526ab06c26db2
                                                              • Opcode Fuzzy Hash: 6f72575c0d30c93315f3e1e5e89eb0c4d1ddf945a0852683e4586caf7a926c83
                                                              • Instruction Fuzzy Hash: 7EE08CB66051908FC702DB64D9A0C993FB1AF1A261306409BE140CB376CA20CE61CB40
                                                              Function 07A14F30 Relevance: .0, Instructions: 20COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b9d15488d87681743aed88e1a544ba0c9ac9e3e518b898576e5a07bcdadd3d7c
                                                              • Instruction ID: f442ae30e05c3c24fb874b3adf687ef745999c72192d83ef116dcf53dc0b080d
                                                              • Opcode Fuzzy Hash: b9d15488d87681743aed88e1a544ba0c9ac9e3e518b898576e5a07bcdadd3d7c
                                                              • Instruction Fuzzy Hash: ABE01A72210015CFEB04DF68E449BE873B1BB88756F0000A5E015EB2B1DF349985CB10
                                                              Function 07A15EF8 Relevance: .0, Instructions: 20COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 06f199e3be91e3d291987387fb57a28cb8a92858a9128a318a6f9078af13ec56
                                                              • Instruction ID: 6263b1304297ce14e698484fbad4baabd6385ca2609dd23112aa506181c96434
                                                              • Opcode Fuzzy Hash: 06f199e3be91e3d291987387fb57a28cb8a92858a9128a318a6f9078af13ec56
                                                              • Instruction Fuzzy Hash: 7CF0E534D083C9AFCB06CBE0C8548DDBF75EF42300F0042DAE85296192DB341706DB90
                                                              Function 07A18DD0 Relevance: .0, Instructions: 20COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 361c3b22f0094ed35e537d6d94eb97a87823ea3c44ddd387d4dca8da26872e59
                                                              • Instruction ID: 73e0260ad7138ebd07616e44fa1a5a8bac8d174dfaf74ba1d027a455e4a5b03e
                                                              • Opcode Fuzzy Hash: 361c3b22f0094ed35e537d6d94eb97a87823ea3c44ddd387d4dca8da26872e59
                                                              • Instruction Fuzzy Hash: 3AE0E5B4E00208AFC744DFA9D444A9DBBB0EB48300F0081A9E81497360D7349A40DF80
                                                              Function 07A10878 Relevance: .0, Instructions: 20COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0a0c041e1a743bcb3b02aeced7aa92b33645f61ae2d0871c19aed7c0b21a8b01
                                                              • Instruction ID: 4fa14dd022ffa7b48f1e45dc7022c75844ccd83e583de8f6a6f514f998a7a91a
                                                              • Opcode Fuzzy Hash: 0a0c041e1a743bcb3b02aeced7aa92b33645f61ae2d0871c19aed7c0b21a8b01
                                                              • Instruction Fuzzy Hash: 69E0C2767556440BE7099B1CE4257867BD69FC9301F05C47FD50D8F785C67888014349
                                                              Function 07A1BF21 Relevance: .0, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 494c2ac8bf802c4cf53fb3a9019fee7964bed4008cd44fc15906b26d3671f657
                                                              • Instruction ID: 02b92fa209eaf2047a5c1f0f9b6443b13c5b20b4b36687d04040b440303cac82
                                                              • Opcode Fuzzy Hash: 494c2ac8bf802c4cf53fb3a9019fee7964bed4008cd44fc15906b26d3671f657
                                                              • Instruction Fuzzy Hash: 60E08231004A448FC302EB38E9408E4BF30AE1230070602E7E084CF226EA219A868BA0
                                                              Function 07A15F08 Relevance: .0, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0076592e529aa0d0b7dbbc2a788930f0f0b6132e9cb97442a5795daa533f91a5
                                                              • Instruction ID: 6b7b263c07cf6e1ebf74fe3f2121302701f9b90e1654696dcb0623174e51404e
                                                              • Opcode Fuzzy Hash: 0076592e529aa0d0b7dbbc2a788930f0f0b6132e9cb97442a5795daa533f91a5
                                                              • Instruction Fuzzy Hash: FCE07E75D1020DEFCB44DFE4D9959DDFBB9EB48200F1082AAE809E2210EA306B559B90
                                                              Function 07A138C0 Relevance: .0, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 89af0f70bb3fe50eaf7fe064d2e6aaa67bd04d978f0f89fbb3f31628bd3eb6ff
                                                              • Instruction ID: 0d610a4fb51dd3ed5dd203b2a241219ad7d034b4bb0dce689dae5049ab49db52
                                                              • Opcode Fuzzy Hash: 89af0f70bb3fe50eaf7fe064d2e6aaa67bd04d978f0f89fbb3f31628bd3eb6ff
                                                              • Instruction Fuzzy Hash: 75E026B6C043908FEB519F88E880A947F14AB01321F0740D2D0A88F1A5D374DC808B01
                                                              Function 07A19BB0 Relevance: .0, Instructions: 18COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 73fece7f7c271bb921371483f6f8980d74ef3535e1daf201d9c0ec794d3c9985
                                                              • Instruction ID: 09031bdae28c7da6f1f72311759ab0617aa382d55fa6b63e7352a13c6699d3f0
                                                              • Opcode Fuzzy Hash: 73fece7f7c271bb921371483f6f8980d74ef3535e1daf201d9c0ec794d3c9985
                                                              • Instruction Fuzzy Hash: 52E01235148699AFC7039F24D855A957FB1EF1B321F0581D2E8C88F2A3D335D912CB91
                                                              Function 07A1D260 Relevance: .0, Instructions: 18COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 69f16f4d2a75a7ee7de788acd9f09dae3fc67dfdfd60796d9326d525ea6f9332
                                                              • Instruction ID: 4b86f392fd82b33547bf4cceb8463cc1b5aec80cd4b99c3727de5074772dc1b5
                                                              • Opcode Fuzzy Hash: 69f16f4d2a75a7ee7de788acd9f09dae3fc67dfdfd60796d9326d525ea6f9332
                                                              • Instruction Fuzzy Hash: 52E0EC3180010CAFCB00DFA4D9458AD7FB5EB44311F508595FC04D6251E7319B649B91
                                                              Function 07A10888 Relevance: .0, Instructions: 18COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bc499e4a340f212991a870de5b84881b5b9719efd596b054a0545afef4203f5b
                                                              • Instruction ID: e4173634d069ad948d2fb7c487489ad5c9556f13ec6746c8ab344d89f951d74e
                                                              • Opcode Fuzzy Hash: bc499e4a340f212991a870de5b84881b5b9719efd596b054a0545afef4203f5b
                                                              • Instruction Fuzzy Hash: 8AD05E317446181BD709674CA41079A76CE9FCD750F05807BE50D8B781CAA59C0003D9
                                                              Function 07A1BF68 Relevance: .0, Instructions: 17COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6bb6524c92a3555652b7181e7c418771ad7135a7b210887f4ce4425b1544cc4f
                                                              • Instruction ID: d90e76828f193869e43b4de5397a55a6ef28ba0df5196200a38da6d1626715c3
                                                              • Opcode Fuzzy Hash: 6bb6524c92a3555652b7181e7c418771ad7135a7b210887f4ce4425b1544cc4f
                                                              • Instruction Fuzzy Hash: E0E0EC7181061CDECB40EF75D5444997BE8AB55211F00C52AE859DA110EB31D294DF90
                                                              Function 07A1BEB0 Relevance: .0, Instructions: 17COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2874644edac6b3a3a1ec80b12942cdf9517e0e2172e9f52cb0802990d73f5d9c
                                                              • Instruction ID: bc926bf643854d55963bfc81b2242a9fc4d762b9c99622f3399f9dc6b1547836
                                                              • Opcode Fuzzy Hash: 2874644edac6b3a3a1ec80b12942cdf9517e0e2172e9f52cb0802990d73f5d9c
                                                              • Instruction Fuzzy Hash: 2BC012E270483D53795D3258992057E61494B84C60704007DD12E47A81CE4C1D1702EB
                                                              Function 07A1BC80 Relevance: .0, Instructions: 15COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bac633e02b4a63669cf2dab5f634f087a20edcb0163f3891ea3ca91a8757570c
                                                              • Instruction ID: a40e0b2b2bef286f56b8a63a03604a0ce9b131d9347efe8b10949f4f326cc6d3
                                                              • Opcode Fuzzy Hash: bac633e02b4a63669cf2dab5f634f087a20edcb0163f3891ea3ca91a8757570c
                                                              • Instruction Fuzzy Hash: 33D0A9F122022C8BD7081A76A4082BE3B4CABC87A1F088026E4118A280DF248800C2E4
                                                              Function 07A1BC48 Relevance: .0, Instructions: 15COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8048d6846f6f75dcf03632493fad91607754d44ec40b097b4367c8d500ea6127
                                                              • Instruction ID: aba2eb07e50cc91749bb357d734d6a0ffb1cf9199b4ac540592b69782caa4539
                                                              • Opcode Fuzzy Hash: 8048d6846f6f75dcf03632493fad91607754d44ec40b097b4367c8d500ea6127
                                                              • Instruction Fuzzy Hash: 42D0A9323400249F8604AA18D410CA937A9EB496703000066F904CB330CA61DC0187C4
                                                              Function 07A14988 Relevance: .0, Instructions: 15COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ab3252569730443e97d0e2fd51f7f409e0bb967ef97924ea7122e8f0d3e0f206
                                                              • Instruction ID: f8d986c3f9ba9588b0cb204da825d3a68304d4b4aeedf5e3a9146e1e77005f72
                                                              • Opcode Fuzzy Hash: ab3252569730443e97d0e2fd51f7f409e0bb967ef97924ea7122e8f0d3e0f206
                                                              • Instruction Fuzzy Hash: 52D05E72244B08AFF7415B94CC00F423B949B15720F099184B9588E2D1C273DC518B90
                                                              Function 07A19B88 Relevance: .0, Instructions: 14COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d3ff953ce9abeb3ac6267edf5c2a4d9e289bc407d086d20bd8b41563a288abae
                                                              • Instruction ID: a1dd41538439240be03b9cdd62feddf5fa6fa2e1383d57e3f82784e49b8903af
                                                              • Opcode Fuzzy Hash: d3ff953ce9abeb3ac6267edf5c2a4d9e289bc407d086d20bd8b41563a288abae
                                                              • Instruction Fuzzy Hash: 83D0C77644A7818FC356BB34E4915857F71FE7F30471A1AC7D180C7153E72449A9C712
                                                              Function 07A1BF30 Relevance: .0, Instructions: 12COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e247092a9e4b30cd9d17889fcd55a8eb90d43a5abeafb0cf4df26b1d0429a472
                                                              • Instruction ID: 66a99d59b0f4892e021664671d7d58b9efc9242177401fef554d1d207ee926e1
                                                              • Opcode Fuzzy Hash: e247092a9e4b30cd9d17889fcd55a8eb90d43a5abeafb0cf4df26b1d0429a472
                                                              • Instruction Fuzzy Hash: 9FD0C931510A048FC300FB6CD945864B7B4EF45604B450195E1059B221FB21F8548A51
                                                              Function 07A14998 Relevance: .0, Instructions: 11COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b94463e7a71ad4074205d72da2938aa25c0f17c34c22f2cf75d1d839fa1c46b9
                                                              • Instruction ID: 26dd78726503a648ac4882edfcd463afbcb5533b830085cc4f6f5b9110fad015
                                                              • Opcode Fuzzy Hash: b94463e7a71ad4074205d72da2938aa25c0f17c34c22f2cf75d1d839fa1c46b9
                                                              • Instruction Fuzzy Hash: 31C01276200208EFEA81AA94C800D567769AB08610F50D000BA088A241C672E8A2DBA1
                                                              Function 07A1B858 Relevance: .0, Instructions: 11COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 64e52fe87ae6a9777219eab6f59d08d8a82d66966dd6207b41ca6faa4cea000c
                                                              • Instruction ID: 31943cdf5652ddbec952564888ba6671dc2e17df38414f33b078a8c9ad3819db
                                                              • Opcode Fuzzy Hash: 64e52fe87ae6a9777219eab6f59d08d8a82d66966dd6207b41ca6faa4cea000c
                                                              • Instruction Fuzzy Hash: CAB09232B08638930909369DB9244AFB79D8A89961304406BED2AC73909EA52D5182EA
                                                              Function 07A167B8 Relevance: .0, Instructions: 10COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9eea14f36b9c2f83b57ba029ac6381d14265d4497fd1309e0dbde967e0b8887e
                                                              • Instruction ID: 2331c5ef7d60def09d4dc1a8a5eba4e3e9683dfcbbb0fe316aadc6f0f2b150fb
                                                              • Opcode Fuzzy Hash: 9eea14f36b9c2f83b57ba029ac6381d14265d4497fd1309e0dbde967e0b8887e
                                                              • Instruction Fuzzy Hash: 06C08C3B0464849FD703FF10CE01F8ABEA0BF57240F8984A2A1480E1B1DA31C439BB1B
                                                              Function 07A129B0 Relevance: .0, Instructions: 10COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f9ec71c902f1d008d41949e973b1ea7faf983a2ca7ac54df9480d479c9678237
                                                              • Instruction ID: 3f538b38f774111d513de1b22b95430d06be018c6eb1343aee9b638a842e773a
                                                              • Opcode Fuzzy Hash: f9ec71c902f1d008d41949e973b1ea7faf983a2ca7ac54df9480d479c9678237
                                                              • Instruction Fuzzy Hash: 4AC01232100108BBCB026A81C800E0ABF2AAB04290F148004F7080D061D673D962AB80
                                                              Function 07A19BC0 Relevance: .0, Instructions: 9COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
                                                              • Instruction ID: 61412fa5721fa0801f19765b42d0f6ac58f054d2697597a3f249e516f761f0d5
                                                              • Opcode Fuzzy Hash: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
                                                              • Instruction Fuzzy Hash: 87C00235140108AFC740DF55D445D95BBA9EB59660B1180A1F9484B722C632E9119A90
                                                              Function 07A1514C Relevance: .0, Instructions: 9COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bb59fb04d53c8d12c37ceb13ab8bdc77dddf3b6c47461af5bf13652f92983e83
                                                              • Instruction ID: d0dbc0822ca5addbd327cef5062d8cee257c3ed96902e2c1e787fdc81c296495
                                                              • Opcode Fuzzy Hash: bb59fb04d53c8d12c37ceb13ab8bdc77dddf3b6c47461af5bf13652f92983e83
                                                              • Instruction Fuzzy Hash: C5C04C7A014005DAA601BF54C58486A7EE5FB96740B859855E15445060DA21C528AB12
                                                              Function 07A1B856 Relevance: .0, Instructions: 9COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ab7f74fc9b936c600d735f828da7ae95095e62ce91c2a9c16d462704ec5757ac
                                                              • Instruction ID: f04151132c8bf733415df83ebd7ecc727f7ffd7a7f30792900ace6d016b8073b
                                                              • Opcode Fuzzy Hash: ab7f74fc9b936c600d735f828da7ae95095e62ce91c2a9c16d462704ec5757ac
                                                              • Instruction Fuzzy Hash: 3DB0927AB0A424875A096B98B22446E77669B88622304446FED2AC7390CF781951C68A
                                                              Function 07A14CA1 Relevance: .0, Instructions: 8COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7a61d8f55923721c69f93775bc47a7d247d4a78558cc65bf6c3876e83462cf85
                                                              • Instruction ID: a46a153ba7cedf3dce4022167efd69a06f51a72e588dead476a54ae42333dc6e
                                                              • Opcode Fuzzy Hash: 7a61d8f55923721c69f93775bc47a7d247d4a78558cc65bf6c3876e83462cf85
                                                              • Instruction Fuzzy Hash: FAB0112AC0800803EF008AA0C80B3023230EB20202F8C8020CA28CAFA0CA888200A220

                                                              Non-executed Functions

                                                              Function 074C05F0 Relevance: 1.6, Strings: 1, Instructions: 325COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168774586.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_74c0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: {#L
                                                              • API String ID: 0-1361971085
                                                              • Opcode ID: a523b25ed4eacaa10ae012ee619761bee4716780e68ce4997a68595c8bd14d79
                                                              • Instruction ID: 1e1a2c53a08ee38c952750767f545fc7c1013af346ecb4158e707780da1bd059
                                                              • Opcode Fuzzy Hash: a523b25ed4eacaa10ae012ee619761bee4716780e68ce4997a68595c8bd14d79
                                                              • Instruction Fuzzy Hash: 86D1E7B4E15219DBCB58CFAAD9806DEFBF2BF89340F14D92AD415AB224D7349902CF50
                                                              Function 074C05E0 Relevance: 1.6, Strings: 1, Instructions: 323COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168774586.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_74c0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: {#L
                                                              • API String ID: 0-1361971085
                                                              • Opcode ID: 5838fe75ae105d0761594186ef44563841223ab2291d5fb760050c3314d3de5f
                                                              • Instruction ID: 0388644eac3b264e07cbc3b7d587314716a751946c12f525a30274bdddb167cf
                                                              • Opcode Fuzzy Hash: 5838fe75ae105d0761594186ef44563841223ab2291d5fb760050c3314d3de5f
                                                              • Instruction Fuzzy Hash: FDD1F6B4E15219DBCB58CFAAD9806DEFBF2BF89340F14D92AD415AB224D73499028F50
                                                              Function 071A7708 Relevance: 1.4, Strings: 1, Instructions: 179COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 98R
                                                              • API String ID: 0-576591972
                                                              • Opcode ID: ae7cf7ad552364f42bd2c855fdcf58a9ce393dda3827f545309eab43de3ba976
                                                              • Instruction ID: 642c7e177c0ae44255ef25a1b58714704db96b14fb9c9e8c4fb271ee25bf0bb9
                                                              • Opcode Fuzzy Hash: ae7cf7ad552364f42bd2c855fdcf58a9ce393dda3827f545309eab43de3ba976
                                                              • Instruction Fuzzy Hash: FA714DB9E1120AEFCB04CFA9D5859AEFBB2FF89310F109529D415A7394D3349A41CF94
                                                              Function 071A7271 Relevance: 1.4, Strings: 1, Instructions: 143COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: -2m
                                                              • API String ID: 0-2686427999
                                                              • Opcode ID: 2753028b21fefb54d2c0dd17d75e30b2f00208e6ce689916049da866cd74d193
                                                              • Instruction ID: 15e6c79840afbcdd75cd5908daa5349e907871f23d64fd3a4021295b0cf89cfd
                                                              • Opcode Fuzzy Hash: 2753028b21fefb54d2c0dd17d75e30b2f00208e6ce689916049da866cd74d193
                                                              • Instruction Fuzzy Hash: 83515DB4D142199FDB08CFAAC5406AEFBF2FF89300F25D16AD809A7294D7345A41CFA4
                                                              Function 071AE7E0 Relevance: 1.4, Strings: 1, Instructions: 123COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: w7e^
                                                              • API String ID: 0-1657886525
                                                              • Opcode ID: d21854d91f61b0bcf3dbd389a0ca3fd8994229c86b2863ba5fea3a1256bbafd0
                                                              • Instruction ID: 76b1249c26a030ebe7578abb62e56fc780f07ac664c474ebc809758a69ba29c7
                                                              • Opcode Fuzzy Hash: d21854d91f61b0bcf3dbd389a0ca3fd8994229c86b2863ba5fea3a1256bbafd0
                                                              • Instruction Fuzzy Hash: C34128B8D1525AEFCF08CFA6C9425EEFBB1FB89201F14942AC415B7294D7384646CF68
                                                              Function 071AB279 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 0ni
                                                              • API String ID: 0-1488673370
                                                              • Opcode ID: 9db22845ea93fc13d0da1d0efe9208e56b0ddfe3ca3ff09f9b8b147f7ba530d6
                                                              • Instruction ID: 5cc8d906accc8129cbf3fa7f3beb64136144f36965be8e1cdd49d79d478399c0
                                                              • Opcode Fuzzy Hash: 9db22845ea93fc13d0da1d0efe9208e56b0ddfe3ca3ff09f9b8b147f7ba530d6
                                                              • Instruction Fuzzy Hash: D4517EB1E106588BDB18CF6BD94579EFBF3AFC8300F14C1BA950CA6254EB340A868F11
                                                              Function 071AE7D0 Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: w7e^
                                                              • API String ID: 0-1657886525
                                                              • Opcode ID: b59e309882485608f1a9d6c3a7a70d85f9c9fc638bc2ce7070ef639b38047e38
                                                              • Instruction ID: 2687a931f1a363fcd5e6cae3ebd94a4f77b8a5165b5dcdd084e209e3be806f0b
                                                              • Opcode Fuzzy Hash: b59e309882485608f1a9d6c3a7a70d85f9c9fc638bc2ce7070ef639b38047e38
                                                              • Instruction Fuzzy Hash: 1C412AB8D1525AEFCB08CFA6C4426EEFBB1BB89201F14986AC015B7294D7384645CF59
                                                              Function 07A17A08 Relevance: .5, Instructions: 536COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f25ca25e9e4bacae668ac8ae8589eebac6d4607795815a3252218e941ef33b1e
                                                              • Instruction ID: 4446d82db11abf4d5ab528ad9ee8e94107c2e4b1faabbbfeeb404c1372d1e167
                                                              • Opcode Fuzzy Hash: f25ca25e9e4bacae668ac8ae8589eebac6d4607795815a3252218e941ef33b1e
                                                              • Instruction Fuzzy Hash: D442C374A0021ACFDB64CF58C984BA9FBB2BF88310F15C1A9D459AB751DB319E86CF50
                                                              Function 074C7D07 Relevance: .3, Instructions: 325COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168774586.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_74c0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8f69112c564bce1c746aea467d99146b2ddc66e17520da072be332214855f92a
                                                              • Instruction ID: 7903bfffa7629816a2c8ee2dc4d65ceec70d33291bffac82c2ede3a81e9ae31f
                                                              • Opcode Fuzzy Hash: 8f69112c564bce1c746aea467d99146b2ddc66e17520da072be332214855f92a
                                                              • Instruction Fuzzy Hash: 3FE10AB4E006598FDB54DFA9C580AAEFBF2FF89304F24816AD414AB355D7309942CF60
                                                              Function 074C74A8 Relevance: .3, Instructions: 312COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168774586.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_74c0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 32f571df105e008d9340d084cfdad040ff6c368e5669d4972c6c29d60213bc81
                                                              • Instruction ID: 718330e029328e2cf4fc457bc6d77cc389f809c01e3c1693bfebc8c16c327942
                                                              • Opcode Fuzzy Hash: 32f571df105e008d9340d084cfdad040ff6c368e5669d4972c6c29d60213bc81
                                                              • Instruction Fuzzy Hash: 05E10DB4E001598FDB55DFA9C680AAEFBF2FF89304F24815AD514AB355D730A942CF60
                                                              Function 074C9120 Relevance: .3, Instructions: 312COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168774586.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_74c0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d22d0b8781ed6da5b5732a72938abdb76a6bcd331764ecb9b703fec6c07fd78e
                                                              • Instruction ID: fae2f7eaafee76ceeaf3ec07daa382631740cd92c48ff31d5a89d3f59e843417
                                                              • Opcode Fuzzy Hash: d22d0b8781ed6da5b5732a72938abdb76a6bcd331764ecb9b703fec6c07fd78e
                                                              • Instruction Fuzzy Hash: 27E11DB4E001599FDB54DFA9C580AAEFBF2FF89304F24816AD454AB355D730A942CF60
                                                              Function 074C99F8 Relevance: .3, Instructions: 312COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168774586.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_74c0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5293364c26feec4968e80011af6eb5f64e6383091a3a501e7a84a3c61e3b1b70
                                                              • Instruction ID: e75015fc92148b5b700a9ed2a935ae40105f6e9eaa80f2b3db1e64cb8ce08180
                                                              • Opcode Fuzzy Hash: 5293364c26feec4968e80011af6eb5f64e6383091a3a501e7a84a3c61e3b1b70
                                                              • Instruction Fuzzy Hash: A5E11DB4E006599FDB54DFA9C580AAEFBF2FF89304F24816AD414AB355D730A942CF60
                                                              Function 074C78E0 Relevance: .3, Instructions: 312COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168774586.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_74c0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: af9aae3b747844a88238b332090110c6b88bae1c7a63183ebd92361d61ce37a4
                                                              • Instruction ID: 17b944e484982a5a1ef9ddbc23b236392562206b4671a65c5fb91633a6c4df1f
                                                              • Opcode Fuzzy Hash: af9aae3b747844a88238b332090110c6b88bae1c7a63183ebd92361d61ce37a4
                                                              • Instruction Fuzzy Hash: DDE12CB4E002598FDB55DFA8C580AAEFBF2FF89304F24825AD415AB355D730A942CF60
                                                              Function 07A17448 Relevance: .3, Instructions: 270COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 70044b4a63268f852e2ba6f20fcacd1f63ec82deec3ef9f4702e942723aaeb2b
                                                              • Instruction ID: 6f9be8e38f2f7ccb39161795a4b3de73a053f6f885a96f9761e3cc0ad80a1f20
                                                              • Opcode Fuzzy Hash: 70044b4a63268f852e2ba6f20fcacd1f63ec82deec3ef9f4702e942723aaeb2b
                                                              • Instruction Fuzzy Hash: 16D1E935D20B5ACACB14EB64D9906A9B7B1FF95300F60979AE1093B211EF706AC4CF90
                                                              Function 00F4E104 Relevance: .3, Instructions: 264COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2164515583.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_f40000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bd818d6d98a6a8dd12abe3330b5f46687a5943e7691b4afbecdfdc8aa471df5a
                                                              • Instruction ID: 389009f1d2429d6b727e37ee868a6df0baa6897ab1e16a7cb2880187940fa7c9
                                                              • Opcode Fuzzy Hash: bd818d6d98a6a8dd12abe3330b5f46687a5943e7691b4afbecdfdc8aa471df5a
                                                              • Instruction Fuzzy Hash: 7CA17C32E002198FCF05DFB4C84459EBBB2FFC5310B1545BAE805AB265DB75E959DB80
                                                              Function 07A17458 Relevance: .3, Instructions: 264COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168927337.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7a10000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 124ad4f1a60a887e0c768a8ab5cee2bb8d5f47d4154e45ab650efc26c1865b77
                                                              • Instruction ID: 7705ac2bce63138718f05877e19505b40135f6864ca9adb30047659b80dd9aa2
                                                              • Opcode Fuzzy Hash: 124ad4f1a60a887e0c768a8ab5cee2bb8d5f47d4154e45ab650efc26c1865b77
                                                              • Instruction Fuzzy Hash: 3CD1E935D20B5ACACB14EB64D9906A9B7B1FF95300F60D79AE1093B215EF706AC4CF90
                                                              Function 071A99F9 Relevance: .2, Instructions: 198COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f254fe203740bbab486124b167bf11f2867953ab150a629aff01c616d8bc59fd
                                                              • Instruction ID: 93c16a15c3c4e00a73a18fa0e7679eabfb5b9e9b4437de8580627cd427038c64
                                                              • Opcode Fuzzy Hash: f254fe203740bbab486124b167bf11f2867953ab150a629aff01c616d8bc59fd
                                                              • Instruction Fuzzy Hash: DE811474A2521ADFCB08CFA9C58489EFBF1FF89310F159566D415AB360D334AA41CF51
                                                              Function 071A9A08 Relevance: .2, Instructions: 196COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e1b9edb7428f102549657c9f8b14d330561f879f790b9104c56da8bca57f79c7
                                                              • Instruction ID: e4ede49627ab34cf1847e1da75b38b9ab08eafff340798a5ace82585df6c62ae
                                                              • Opcode Fuzzy Hash: e1b9edb7428f102549657c9f8b14d330561f879f790b9104c56da8bca57f79c7
                                                              • Instruction Fuzzy Hash: 259102B4A2421ADFCB08CFA9C58489EFBF2FF89310F25955AD415BB260D334AA41CF50
                                                              Function 071AEB90 Relevance: .2, Instructions: 193COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f17b644a8ccc5741b02b5ced2861df37370d966ca2c5ef173668628b152bbc1f
                                                              • Instruction ID: 4e749055240c4ce6febb7c193405da9d244695903bad7bb9a090ecaffa1a94b5
                                                              • Opcode Fuzzy Hash: f17b644a8ccc5741b02b5ced2861df37370d966ca2c5ef173668628b152bbc1f
                                                              • Instruction Fuzzy Hash: 15914EB4D102699FDB14CF69C590AAEFBB2FF89301F24C2A9D408A7255D7309A46CF61
                                                              Function 071AAE18 Relevance: .2, Instructions: 173COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6afbe0c4212937f0418d3989971860639bf3c34a53dd2294508c99001c366e98
                                                              • Instruction ID: 03b0ffa648bff6eb578f83960e2fe4b08714b6ab2947db9be0ad47c57a078b3c
                                                              • Opcode Fuzzy Hash: 6afbe0c4212937f0418d3989971860639bf3c34a53dd2294508c99001c366e98
                                                              • Instruction Fuzzy Hash: C371E6B4E15609DFCB18CFA9C5805DEFBF2FF99210F24942AD416BB264D3349A41CB64
                                                              Function 071AAE08 Relevance: .2, Instructions: 173COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: eb1994b551eafcba27ee3ab4f5c0eaa0087070a4e01685cf19925467450cc872
                                                              • Instruction ID: f57019dad5f69afecab4500537bfcfa81af156674de11c6f9ebdd6e1749ec6ac
                                                              • Opcode Fuzzy Hash: eb1994b551eafcba27ee3ab4f5c0eaa0087070a4e01685cf19925467450cc872
                                                              • Instruction Fuzzy Hash: 1771F5B8E156099FCB08CFA9C5805DEFBF2FF99250F24942AD416B7264D3349A42CB64
                                                              Function 071AB099 Relevance: .1, Instructions: 110COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fdd12ee78c294a1223a6d329df3642acb95d64e401ebe964ce3ff39c721de4b8
                                                              • Instruction ID: 60949457da9e61079cdd8f5ef7dc4ac23842fab0cbaa5beed95215274d6f2340
                                                              • Opcode Fuzzy Hash: fdd12ee78c294a1223a6d329df3642acb95d64e401ebe964ce3ff39c721de4b8
                                                              • Instruction Fuzzy Hash: C0412BB5E0924ADFCB18CFAAC5815AEFBF2EF89300F14C56AC515A7254D7309A418FA4
                                                              Function 071AE098 Relevance: .1, Instructions: 109COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ecd12b0d8541fa9cb9161ff68f6d88aef3f141a924ec2bb95f30e33ea50ac515
                                                              • Instruction ID: ab2656bb1f42481e17d7a66e0311bc8db1510341fc92cd6e7ee8b735ce4d5ee6
                                                              • Opcode Fuzzy Hash: ecd12b0d8541fa9cb9161ff68f6d88aef3f141a924ec2bb95f30e33ea50ac515
                                                              • Instruction Fuzzy Hash: 6A414FB4E1560ADFDB08CFA5C5426AEFBF2EF89300F24D46AC105A7294D3748745CB91
                                                              Function 071AB0A8 Relevance: .1, Instructions: 108COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d1ec414083eedc4a2a01feb04da8c0016a50e42112af8a72b6938c2a48c08a2c
                                                              • Instruction ID: 98807a9a1030dd44349491afc773b78104514377a8d1ae4233c7cf53127beda9
                                                              • Opcode Fuzzy Hash: d1ec414083eedc4a2a01feb04da8c0016a50e42112af8a72b6938c2a48c08a2c
                                                              • Instruction Fuzzy Hash: 0B411AF4E0924ADBCB58CFAAC5815AEFBF2FF88300F20C56AC515B7254D7309A418B94
                                                              Function 071AE0A8 Relevance: .1, Instructions: 106COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ab3c595f53635bdacf5a1e06bf897442bd23edf9eede44d744dcbe1233eed92d
                                                              • Instruction ID: ac6f33bf7041eb723a01ac17d3b8ea2b5a3968473f280825458089770f25a9a8
                                                              • Opcode Fuzzy Hash: ab3c595f53635bdacf5a1e06bf897442bd23edf9eede44d744dcbe1233eed92d
                                                              • Instruction Fuzzy Hash: BA412EB4E1560ADFCB48CFA6D5426AEFBF2EF89300F10D46AC015B72A4D37497458B94
                                                              Function 071AAC01 Relevance: .1, Instructions: 103COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e19a061b4cd6f15c6d97bffa7461ac336e3e9ce26dc7176140b9cc00f44d817c
                                                              • Instruction ID: a6c82a8a414f2207f2ed01cddfb536f69cd1b793492b95a2d95e4e2359696fad
                                                              • Opcode Fuzzy Hash: e19a061b4cd6f15c6d97bffa7461ac336e3e9ce26dc7176140b9cc00f44d817c
                                                              • Instruction Fuzzy Hash: BF41F6B4E1420A9FDB08CFAAD4816AEFBF2BF89300F14D46AC415B7254D7399A41CF94
                                                              Function 071AAC10 Relevance: .1, Instructions: 101COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0b59c211f5787844cb203cc77ccc1884e24465751af6948ffd596c8dd5e4b84e
                                                              • Instruction ID: 6f68dd0b23bed2e1f77aac270ae0ed4da135bb15c2c9f7282741e50cd8237a16
                                                              • Opcode Fuzzy Hash: 0b59c211f5787844cb203cc77ccc1884e24465751af6948ffd596c8dd5e4b84e
                                                              • Instruction Fuzzy Hash: 7241D5B4E1420ADFDB48CFAAC4815AEFBF2BF89200F14D56AC415B7254D7399A41CF94
                                                              Function 071A5A60 Relevance: .1, Instructions: 66COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2168598819.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_71a0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bba1c0e0ebedab31dbf6ad149ebc0edf08f5c306b2a7a733d9b0e448b364b725
                                                              • Instruction ID: 2c12aad32294066f2a87759bc26e9bf4040e8aab87c5cffed241f015ba82e168
                                                              • Opcode Fuzzy Hash: bba1c0e0ebedab31dbf6ad149ebc0edf08f5c306b2a7a733d9b0e448b364b725
                                                              • Instruction Fuzzy Hash: CD210E71E046589FEB18CF6BD84079EFBF7AFC9200F08C076C518A6254EB3405558F51

                                                              Execution Graph

                                                              Execution Coverage:13.6%
                                                              Dynamic/Decrypted Code Coverage:100%
                                                              Signature Coverage:0%
                                                              Total number of Nodes:3
                                                              Total number of Limit Nodes:0
                                                              execution_graph 23632 6cfeb80 23633 6cfebc6 GlobalMemoryStatusEx 23632->23633 23634 6cfebf6 23633->23634

                                                              Executed Functions

                                                              Function 01943E80 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 287 1943e80-1943ee6 289 1943f30-1943f32 287->289 290 1943ee8-1943ef3 287->290 292 1943f34-1943f8c 289->292 290->289 291 1943ef5-1943f01 290->291 293 1943f24-1943f2e 291->293 294 1943f03-1943f0d 291->294 301 1943fd6-1943fd8 292->301 302 1943f8e-1943f99 292->302 293->292 296 1943f11-1943f20 294->296 297 1943f0f 294->297 296->296 298 1943f22 296->298 297->296 298->293 304 1943fda-1943ff2 301->304 302->301 303 1943f9b-1943fa7 302->303 305 1943fa9-1943fb3 303->305 306 1943fca-1943fd4 303->306 310 1943ff4-1943fff 304->310 311 194403c-194403e 304->311 307 1943fb5 305->307 308 1943fb7-1943fc6 305->308 306->304 307->308 308->308 312 1943fc8 308->312 310->311 313 1944001-194400d 310->313 314 1944040-19440a2 311->314 312->306 315 1944030-194403a 313->315 316 194400f-1944019 313->316 323 19440a4-19440aa 314->323 324 19440ab-19440cb 314->324 315->314 317 194401d-194402c 316->317 318 194401b 316->318 317->317 320 194402e 317->320 318->317 320->315 323->324 328 19440d5-194410b 324->328 331 194410d-1944111 328->331 332 194411b-194411f 328->332 331->332 333 1944113 331->333 334 1944121-1944125 332->334 335 194412f-1944133 332->335 333->332 334->335 336 1944127-194412a call 1940ab8 334->336 337 1944135-1944139 335->337 338 1944143-1944147 335->338 336->335 337->338 339 194413b-194413e call 1940ab8 337->339 340 1944157-194415b 338->340 341 1944149-194414d 338->341 339->338 345 194415d-1944161 340->345 346 194416b-194416f 340->346 341->340 344 194414f-1944152 call 1940ab8 341->344 344->340 345->346 348 1944163 345->348 349 1944171-1944175 346->349 350 194417f 346->350 348->346 349->350 351 1944177 349->351 352 1944180 350->352 351->350 352->352
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: \V[n
                                                              • API String ID: 0-1005319620
                                                              • Opcode ID: efbd55fa330191e7f6013d7c81fc4e63c07b3dbb210acf5687277f47a7b07355
                                                              • Instruction ID: ad982480be7d64b527aa8a8e06797d98a9a19687b2f30fff1a19fda5487ba282
                                                              • Opcode Fuzzy Hash: efbd55fa330191e7f6013d7c81fc4e63c07b3dbb210acf5687277f47a7b07355
                                                              • Instruction Fuzzy Hash: F8917C70E00219CFEF14CFA9C985BDEBBF2BF98315F148129E409A7294EB749945CB81
                                                              Function 01944A98 Relevance: .3, Instructions: 266COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c59230a413ed785f2343e8956dec77bdab41ccb3e2e137da636eb1ad85cef5fb
                                                              • Instruction ID: 508dbd4c72445173ebad8c1897f4e291e669f282d8fecb09910a12445517aa29
                                                              • Opcode Fuzzy Hash: c59230a413ed785f2343e8956dec77bdab41ccb3e2e137da636eb1ad85cef5fb
                                                              • Instruction Fuzzy Hash: ABB16F70E002098FDF14CFA9C895BDDBBF6AF88315F188529D859EB294EB749845CB81
                                                              Function 01944810 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 0 1944810-194489c 3 19448e6-19448e8 0->3 4 194489e-19448a9 0->4 6 19448ea-1944902 3->6 4->3 5 19448ab-19448b7 4->5 7 19448b9-19448c3 5->7 8 19448da-19448e4 5->8 13 1944904-194490f 6->13 14 194494c-194494e 6->14 9 19448c5 7->9 10 19448c7-19448d6 7->10 8->6 9->10 10->10 12 19448d8 10->12 12->8 13->14 16 1944911-194491d 13->16 15 1944950-1944995 14->15 24 194499b-19449a9 15->24 17 1944940-194494a 16->17 18 194491f-1944929 16->18 17->15 20 194492d-194493c 18->20 21 194492b 18->21 20->20 22 194493e 20->22 21->20 22->17 25 19449b2-1944a0f 24->25 26 19449ab-19449b1 24->26 33 1944a11-1944a15 25->33 34 1944a1f-1944a23 25->34 26->25 33->34 35 1944a17-1944a1a call 1940ab8 33->35 36 1944a25-1944a29 34->36 37 1944a33-1944a37 34->37 35->34 36->37 39 1944a2b-1944a2e call 1940ab8 36->39 40 1944a47-1944a4b 37->40 41 1944a39-1944a3d 37->41 39->37 43 1944a4d-1944a51 40->43 44 1944a5b 40->44 41->40 42 1944a3f 41->42 42->40 43->44 46 1944a53 43->46 47 1944a5c 44->47 46->44 47->47
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: \V[n$\V[n
                                                              • API String ID: 0-3705941238
                                                              • Opcode ID: e2aea2144ad0223e36f8f09be244065883f4cad8a82b1b8eb7af9d67101e92b1
                                                              • Instruction ID: d1ed86f58eee09b222b65b2502533184417bb90e5fc7c0feeb7d5fb5e5991216
                                                              • Opcode Fuzzy Hash: e2aea2144ad0223e36f8f09be244065883f4cad8a82b1b8eb7af9d67101e92b1
                                                              • Instruction Fuzzy Hash: 91717C70E00249CFEF14CFA9C984B9EBBF6BF88714F148129E519A7294EB749841CF95
                                                              Function 01944806 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 48 1944806-194489c 51 19448e6-19448e8 48->51 52 194489e-19448a9 48->52 54 19448ea-1944902 51->54 52->51 53 19448ab-19448b7 52->53 55 19448b9-19448c3 53->55 56 19448da-19448e4 53->56 61 1944904-194490f 54->61 62 194494c-194494e 54->62 57 19448c5 55->57 58 19448c7-19448d6 55->58 56->54 57->58 58->58 60 19448d8 58->60 60->56 61->62 64 1944911-194491d 61->64 63 1944950-1944962 62->63 71 1944969-1944995 63->71 65 1944940-194494a 64->65 66 194491f-1944929 64->66 65->63 68 194492d-194493c 66->68 69 194492b 66->69 68->68 70 194493e 68->70 69->68 70->65 72 194499b-19449a9 71->72 73 19449b2-1944a0f 72->73 74 19449ab-19449b1 72->74 81 1944a11-1944a15 73->81 82 1944a1f-1944a23 73->82 74->73 81->82 83 1944a17-1944a1a call 1940ab8 81->83 84 1944a25-1944a29 82->84 85 1944a33-1944a37 82->85 83->82 84->85 87 1944a2b-1944a2e call 1940ab8 84->87 88 1944a47-1944a4b 85->88 89 1944a39-1944a3d 85->89 87->85 91 1944a4d-1944a51 88->91 92 1944a5b 88->92 89->88 90 1944a3f 89->90 90->88 91->92 94 1944a53 91->94 95 1944a5c 92->95 94->92 95->95
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: \V[n$\V[n
                                                              • API String ID: 0-3705941238
                                                              • Opcode ID: 981dcc33cffbe676c3282b9fbab0c13fd43ad9938c980f1d12589abc0a2c11a0
                                                              • Instruction ID: 3546e229100cfbc2a7f35b9abb090cc6020ad580193593a992f5b5364e1a94eb
                                                              • Opcode Fuzzy Hash: 981dcc33cffbe676c3282b9fbab0c13fd43ad9938c980f1d12589abc0a2c11a0
                                                              • Instruction Fuzzy Hash: 0F716970E00249CFEB14CFA9C984BDEBBF6BF88714F148129E519A7294EB749841CF95
                                                              Function 06CFEB79 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 274 6cfeb79-6cfebbe 276 6cfebc6-6cfebf4 GlobalMemoryStatusEx 274->276 277 6cfebfd-6cfec25 276->277 278 6cfebf6-6cfebfc 276->278 278->277
                                                              APIs
                                                              • GlobalMemoryStatusEx.KERNELBASE ref: 06CFEBE7
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4589630101.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6cf0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID: GlobalMemoryStatus
                                                              • String ID:
                                                              • API String ID: 1890195054-0
                                                              • Opcode ID: bd96223011833191d967a9939e0d29215f6c0ad4c8354d3adf1330e80da0b7b3
                                                              • Instruction ID: e9a0ed3b285952151403b90eb32308070f56d9f7bc08d2f4fced139a717cef71
                                                              • Opcode Fuzzy Hash: bd96223011833191d967a9939e0d29215f6c0ad4c8354d3adf1330e80da0b7b3
                                                              • Instruction Fuzzy Hash: B6111AB1C0065A9FCB10CF9AC545BDEFBF4AF48210F14816AD918B7240D778A954CFA5
                                                              Function 06CFEB80 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 281 6cfeb80-6cfebf4 GlobalMemoryStatusEx 283 6cfebfd-6cfec25 281->283 284 6cfebf6-6cfebfc 281->284 284->283
                                                              APIs
                                                              • GlobalMemoryStatusEx.KERNELBASE ref: 06CFEBE7
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4589630101.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6cf0000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID: GlobalMemoryStatus
                                                              • String ID:
                                                              • API String ID: 1890195054-0
                                                              • Opcode ID: 4d19013436c5fdb2ac8c3c3a5f29ad33cddb79801914685d59071be764a5f20b
                                                              • Instruction ID: c53e85662b41bc5baf07268afdbdb347f891c9534c61cfcdf79e8db92ac13b99
                                                              • Opcode Fuzzy Hash: 4d19013436c5fdb2ac8c3c3a5f29ad33cddb79801914685d59071be764a5f20b
                                                              • Instruction Fuzzy Hash: 0D1114B1C0065A9BCB10CF9AC944BDEFBF4AF48220F14816AD518A7240D778A954CFA5
                                                              Function 01943E74 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 353 1943e74-1943ee6 355 1943f30-1943f32 353->355 356 1943ee8-1943ef3 353->356 358 1943f34-1943f8c 355->358 356->355 357 1943ef5-1943f01 356->357 359 1943f24-1943f2e 357->359 360 1943f03-1943f0d 357->360 367 1943fd6-1943fd8 358->367 368 1943f8e-1943f99 358->368 359->358 362 1943f11-1943f20 360->362 363 1943f0f 360->363 362->362 364 1943f22 362->364 363->362 364->359 370 1943fda-1943ff2 367->370 368->367 369 1943f9b-1943fa7 368->369 371 1943fa9-1943fb3 369->371 372 1943fca-1943fd4 369->372 376 1943ff4-1943fff 370->376 377 194403c-194403e 370->377 373 1943fb5 371->373 374 1943fb7-1943fc6 371->374 372->370 373->374 374->374 378 1943fc8 374->378 376->377 379 1944001-194400d 376->379 380 1944040-1944052 377->380 378->372 381 1944030-194403a 379->381 382 194400f-1944019 379->382 387 1944059-194408e 380->387 381->380 383 194401d-194402c 382->383 384 194401b 382->384 383->383 386 194402e 383->386 384->383 386->381 388 1944094-19440a2 387->388 389 19440a4-19440aa 388->389 390 19440ab-19440b9 388->390 389->390 393 19440c1-19440cb 390->393 394 19440d5-194410b 393->394 397 194410d-1944111 394->397 398 194411b-194411f 394->398 397->398 399 1944113 397->399 400 1944121-1944125 398->400 401 194412f-1944133 398->401 399->398 400->401 402 1944127-194412a call 1940ab8 400->402 403 1944135-1944139 401->403 404 1944143-1944147 401->404 402->401 403->404 405 194413b-194413e call 1940ab8 403->405 406 1944157-194415b 404->406 407 1944149-194414d 404->407 405->404 411 194415d-1944161 406->411 412 194416b-194416f 406->412 407->406 410 194414f-1944152 call 1940ab8 407->410 410->406 411->412 414 1944163 411->414 415 1944171-1944175 412->415 416 194417f 412->416 414->412 415->416 417 1944177 415->417 418 1944180 416->418 417->416 418->418
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: \V[n
                                                              • API String ID: 0-1005319620
                                                              • Opcode ID: df069d7bf03d2dc3a45617ec3399bb0c28fee6950ffa7aa3ca3d1512c46b9ede
                                                              • Instruction ID: 9283acdde7be64cc1b8db5334ef077314197e45222f6f90eaf20ec7ce4b470ea
                                                              • Opcode Fuzzy Hash: df069d7bf03d2dc3a45617ec3399bb0c28fee6950ffa7aa3ca3d1512c46b9ede
                                                              • Instruction Fuzzy Hash: 7B915C70E0021ACFEF10CFA8C985BDDBBF1BF98315F148129E819A7254EB749945CB81
                                                              Function 01940838 Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 434 1940838-194084c 435 194084e-1940851 434->435 436 19408d5-19408d8 435->436 437 1940857-1940867 435->437 438 19408e5-19408e8 436->438 439 19408da 436->439 446 1940899-19408a1 437->446 447 1940869-1940897 437->447 440 19408f5-19408f8 438->440 441 19408ea 438->441 464 19408da call 1941380 439->464 465 19408da call 1941488 439->465 444 1940909-194090b 440->444 445 19408fa 440->445 448 19408f0 441->448 443 19408e0 443->438 452 1940912-1940915 444->452 453 194090d 444->453 451 1940904 445->451 449 19408a7-19408a9 446->449 450 19408a3-19408a5 446->450 447->446 448->440 454 19408af-19408b1 449->454 450->454 451->444 452->435 456 194091b-194091d 452->456 453->452 457 19408b3-19408b9 454->457 458 19408c9-19408d0 454->458 460 19408bd-19408bf 457->460 461 19408bb 457->461 458->436 460->458 461->458 464->443 465->443
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Ko
                                                              • API String ID: 0-716275355
                                                              • Opcode ID: 438658b64bc5f9d621102a0b636fe1ef4bcacbddc461226b0dc18bbb6afeec58
                                                              • Instruction ID: 2443fef9c8194c48ddfbbe41f1b24ec1634f87425d0780d63985eafdd89b76f5
                                                              • Opcode Fuzzy Hash: 438658b64bc5f9d621102a0b636fe1ef4bcacbddc461226b0dc18bbb6afeec58
                                                              • Instruction Fuzzy Hash: 8D11C830A04205CBFF2556799614FF93668EB85316F28492EE74ECF386D92ACC454FD2
                                                              Function 01940848 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 466 1940848-194084c 467 194084e-1940851 466->467 468 19408d5-19408d8 467->468 469 1940857-1940867 467->469 470 19408e5-19408e8 468->470 471 19408da 468->471 478 1940899-19408a1 469->478 479 1940869-1940897 469->479 472 19408f5-19408f8 470->472 473 19408ea 470->473 496 19408da call 1941380 471->496 497 19408da call 1941488 471->497 476 1940909-194090b 472->476 477 19408fa 472->477 480 19408f0 473->480 475 19408e0 475->470 484 1940912-1940915 476->484 485 194090d 476->485 483 1940904 477->483 481 19408a7-19408a9 478->481 482 19408a3-19408a5 478->482 479->478 480->472 486 19408af-19408b1 481->486 482->486 483->476 484->467 488 194091b-194091d 484->488 485->484 489 19408b3-19408b9 486->489 490 19408c9-19408d0 486->490 492 19408bd-19408bf 489->492 493 19408bb 489->493 490->468 492->490 493->490 496->475 497->475
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Ko
                                                              • API String ID: 0-716275355
                                                              • Opcode ID: 1bec8abc997eb44fd3ae2b341a4719b25e359c3d747a47f33941462875c22f59
                                                              • Instruction ID: 68a807b53a5d07fdbaadd9734b7cab0f9d00d8714cb58fb5d92418ab02b356da
                                                              • Opcode Fuzzy Hash: 1bec8abc997eb44fd3ae2b341a4719b25e359c3d747a47f33941462875c22f59
                                                              • Instruction Fuzzy Hash: 38116030B002098BFB255A7DD614FAA3659FB85316F28492DE70ACF346DA26CC414FC2
                                                              Function 019486E0 Relevance: .6, Instructions: 571COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1710 19486e0-19486f4 1712 1948754-1948757 1710->1712 1713 19486f6-1948717 1710->1713 1714 1948759-194875c 1712->1714 1713->1712 1716 194875e-1948784 1714->1716 1717 1948789-194878c 1714->1717 1716->1717 1718 194878e-19487b4 1717->1718 1719 19487b9-19487bc 1717->1719 1718->1719 1720 19487be-19487e4 1719->1720 1721 19487e9-19487ec 1719->1721 1720->1721 1725 19487ee-1948814 1721->1725 1726 1948819-194881c 1721->1726 1725->1726 1727 194881e-1948844 1726->1727 1728 1948849-194884c 1726->1728 1727->1728 1733 194884e-1948874 1728->1733 1734 1948879-194887c 1728->1734 1733->1734 1735 194887e-19488a4 1734->1735 1736 19488a9-19488ac 1734->1736 1735->1736 1743 19488ae-19488d4 1736->1743 1744 19488d9-19488dc 1736->1744 1743->1744 1745 19488de-1948904 1744->1745 1746 1948909-194890c 1744->1746 1745->1746 1753 194890e-1948934 1746->1753 1754 1948939-194893c 1746->1754 1753->1754 1755 194893e-1948964 1754->1755 1756 1948969-194896c 1754->1756 1755->1756 1763 194896e-1948994 1756->1763 1764 1948999-194899c 1756->1764 1763->1764 1765 194899e-19489c4 1764->1765 1766 19489c9-19489cc 1764->1766 1765->1766 1773 19489ce-19489f4 1766->1773 1774 19489f9-19489fc 1766->1774 1773->1774 1775 19489fe-1948a24 1774->1775 1776 1948a29-1948a2c 1774->1776 1775->1776 1783 1948a2e-1948a54 1776->1783 1784 1948a59-1948a5c 1776->1784 1783->1784 1785 1948a5e-1948a84 1784->1785 1786 1948a89-1948a8c 1784->1786 1785->1786 1793 1948a8e-1948aa4 1786->1793 1794 1948aa9-1948aac 1786->1794 1793->1794 1795 1948aae-1948ad4 1794->1795 1796 1948ad9-1948adc 1794->1796 1795->1796 1803 1948ade-1948b04 1796->1803 1804 1948b09-1948b0c 1796->1804 1803->1804 1805 1948b0e-1948b34 1804->1805 1806 1948b39-1948b3c 1804->1806 1805->1806 1812 1948b3e-1948b64 1806->1812 1813 1948b69-1948b6c 1806->1813 1812->1813 1815 1948b6e-1948b94 1813->1815 1816 1948b99-1948b9c 1813->1816 1815->1816 1821 1948b9e-1948bc4 1816->1821 1822 1948bc9-1948bcc 1816->1822 1821->1822 1824 1948bce-1948bf4 1822->1824 1825 1948bf9-1948bfc 1822->1825 1824->1825 1831 1948bfe-1948c24 1825->1831 1832 1948c29-1948c2c 1825->1832 1831->1832 1834 1948c2e-1948c54 1832->1834 1835 1948c59-1948c5c 1832->1835 1834->1835 1841 1948c5e-1948c84 1835->1841 1842 1948c89-1948c8c 1835->1842 1841->1842 1844 1948c8e-1948cb4 1842->1844 1845 1948cb9-1948cbc 1842->1845 1844->1845 1851 1948cd7-1948cda 1845->1851 1852 1948cbe-1948cca 1845->1852 1854 1948d07-1948d0a 1851->1854 1855 1948cdc-1948d02 1851->1855 1869 1948cd2 1852->1869 1861 1948d37-1948d3a 1854->1861 1862 1948d0c-1948d32 1854->1862 1855->1854 1864 1948d67-1948d6a 1861->1864 1865 1948d3c-1948d62 1861->1865 1862->1861 1871 1948d97-1948d9a 1864->1871 1872 1948d6c-1948d92 1864->1872 1865->1864 1869->1851 1874 1948dc7-1948dca 1871->1874 1875 1948d9c-1948dc2 1871->1875 1872->1871 1879 1948df7-1948dfa 1874->1879 1880 1948dcc-1948df2 1874->1880 1875->1874 1883 1948e27-1948e2a 1879->1883 1884 1948dfc-1948e22 1879->1884 1880->1879 1889 1948e57-1948e5a 1883->1889 1890 1948e2c-1948e52 1883->1890 1884->1883 1893 1948e67-1948e6a 1889->1893 1894 1948e5c 1889->1894 1890->1889 1899 1948e97-1948e9a 1893->1899 1900 1948e6c-1948e92 1893->1900 1903 1948e62 1894->1903 1906 1948ec7-1948eca 1899->1906 1907 1948e9c-1948ec2 1899->1907 1900->1899 1903->1893 1909 1948ef7-1948efa 1906->1909 1910 1948ecc-1948ef2 1906->1910 1907->1906 1915 1948efc-1948efe 1909->1915 1916 1948f0b-1948f0d 1909->1916 1910->1909 1929 1948f00 call 1949f98 1915->1929 1930 1948f00 call 1949f88 1915->1930 1931 1948f00 call 194a03b 1915->1931 1918 1948f14-1948f17 1916->1918 1919 1948f0f 1916->1919 1918->1714 1924 1948f1d-1948f23 1918->1924 1919->1918 1922 1948f06 1922->1916 1929->1922 1930->1922 1931->1922
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 59df2f49194e6f339e3deeb6f5a41c76e6a9eb7a6c9240a612592dd27bc08595
                                                              • Instruction ID: c051778cee0f0ce32d974eeb6dbeba0d6597acd826a045eacb070cdd877342dd
                                                              • Opcode Fuzzy Hash: 59df2f49194e6f339e3deeb6f5a41c76e6a9eb7a6c9240a612592dd27bc08595
                                                              • Instruction Fuzzy Hash: 4D22F070701202DBCB6AAB7CE84062E37A6FBD9741F60592ED106DB365DE79EC42C781
                                                              Function 01948740 Relevance: .6, Instructions: 560COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 2216 1948740-1948757 2218 1948759-194875c 2216->2218 2219 194875e-1948784 2218->2219 2220 1948789-194878c 2218->2220 2219->2220 2221 194878e-19487b4 2220->2221 2222 19487b9-19487bc 2220->2222 2221->2222 2223 19487be-19487e4 2222->2223 2224 19487e9-19487ec 2222->2224 2223->2224 2227 19487ee-1948814 2224->2227 2228 1948819-194881c 2224->2228 2227->2228 2229 194881e-1948844 2228->2229 2230 1948849-194884c 2228->2230 2229->2230 2235 194884e-1948874 2230->2235 2236 1948879-194887c 2230->2236 2235->2236 2237 194887e-19488a4 2236->2237 2238 19488a9-19488ac 2236->2238 2237->2238 2245 19488ae-19488d4 2238->2245 2246 19488d9-19488dc 2238->2246 2245->2246 2247 19488de-1948904 2246->2247 2248 1948909-194890c 2246->2248 2247->2248 2255 194890e-1948934 2248->2255 2256 1948939-194893c 2248->2256 2255->2256 2257 194893e-1948964 2256->2257 2258 1948969-194896c 2256->2258 2257->2258 2265 194896e-1948994 2258->2265 2266 1948999-194899c 2258->2266 2265->2266 2267 194899e-19489c4 2266->2267 2268 19489c9-19489cc 2266->2268 2267->2268 2275 19489ce-19489f4 2268->2275 2276 19489f9-19489fc 2268->2276 2275->2276 2277 19489fe-1948a24 2276->2277 2278 1948a29-1948a2c 2276->2278 2277->2278 2285 1948a2e-1948a54 2278->2285 2286 1948a59-1948a5c 2278->2286 2285->2286 2287 1948a5e-1948a84 2286->2287 2288 1948a89-1948a8c 2286->2288 2287->2288 2295 1948a8e-1948aa4 2288->2295 2296 1948aa9-1948aac 2288->2296 2295->2296 2297 1948aae-1948ad4 2296->2297 2298 1948ad9-1948adc 2296->2298 2297->2298 2305 1948ade-1948b04 2298->2305 2306 1948b09-1948b0c 2298->2306 2305->2306 2307 1948b0e-1948b34 2306->2307 2308 1948b39-1948b3c 2306->2308 2307->2308 2314 1948b3e-1948b64 2308->2314 2315 1948b69-1948b6c 2308->2315 2314->2315 2317 1948b6e-1948b94 2315->2317 2318 1948b99-1948b9c 2315->2318 2317->2318 2323 1948b9e-1948bc4 2318->2323 2324 1948bc9-1948bcc 2318->2324 2323->2324 2326 1948bce-1948bf4 2324->2326 2327 1948bf9-1948bfc 2324->2327 2326->2327 2333 1948bfe-1948c24 2327->2333 2334 1948c29-1948c2c 2327->2334 2333->2334 2336 1948c2e-1948c54 2334->2336 2337 1948c59-1948c5c 2334->2337 2336->2337 2343 1948c5e-1948c84 2337->2343 2344 1948c89-1948c8c 2337->2344 2343->2344 2346 1948c8e-1948cb4 2344->2346 2347 1948cb9-1948cbc 2344->2347 2346->2347 2353 1948cd7-1948cda 2347->2353 2354 1948cbe-1948cca 2347->2354 2356 1948d07-1948d0a 2353->2356 2357 1948cdc-1948d02 2353->2357 2371 1948cd2 2354->2371 2363 1948d37-1948d3a 2356->2363 2364 1948d0c-1948d32 2356->2364 2357->2356 2366 1948d67-1948d6a 2363->2366 2367 1948d3c-1948d62 2363->2367 2364->2363 2373 1948d97-1948d9a 2366->2373 2374 1948d6c-1948d92 2366->2374 2367->2366 2371->2353 2376 1948dc7-1948dca 2373->2376 2377 1948d9c-1948dc2 2373->2377 2374->2373 2381 1948df7-1948dfa 2376->2381 2382 1948dcc-1948df2 2376->2382 2377->2376 2385 1948e27-1948e2a 2381->2385 2386 1948dfc-1948e22 2381->2386 2382->2381 2391 1948e57-1948e5a 2385->2391 2392 1948e2c-1948e52 2385->2392 2386->2385 2395 1948e67-1948e6a 2391->2395 2396 1948e5c 2391->2396 2392->2391 2401 1948e97-1948e9a 2395->2401 2402 1948e6c-1948e92 2395->2402 2405 1948e62 2396->2405 2408 1948ec7-1948eca 2401->2408 2409 1948e9c-1948ec2 2401->2409 2402->2401 2405->2395 2411 1948ef7-1948efa 2408->2411 2412 1948ecc-1948ef2 2408->2412 2409->2408 2417 1948efc-1948efe 2411->2417 2418 1948f0b-1948f0d 2411->2418 2412->2411 2431 1948f00 call 1949f98 2417->2431 2432 1948f00 call 1949f88 2417->2432 2433 1948f00 call 194a03b 2417->2433 2420 1948f14-1948f17 2418->2420 2421 1948f0f 2418->2421 2420->2218 2426 1948f1d-1948f23 2420->2426 2421->2420 2424 1948f06 2424->2418 2431->2424 2432->2424 2433->2424
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f72761d3267517f229593a4d1c9fe95b2367ecac1b4575faf3345b4cb8bfb34d
                                                              • Instruction ID: 7d07dbb5b583c406d3d2d0d23aa93a686dd81f25e7a5bc82f5b8963c3fa3e513
                                                              • Opcode Fuzzy Hash: f72761d3267517f229593a4d1c9fe95b2367ecac1b4575faf3345b4cb8bfb34d
                                                              • Instruction Fuzzy Hash: 4C12E070701202DBCB6AAB6CE84062E37A6FBD9741F60592ED006DB365DF79EC42C781
                                                              Function 0194A1A0 Relevance: .3, Instructions: 310COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ed7b9fd22ecdf05393b9c41f0b0bdc6f6787c6ea367fa94a66ca6dc2741227c5
                                                              • Instruction ID: cff727d2622a9ea248f3feb0e9daea699df78b39792e24f51225de695163adcf
                                                              • Opcode Fuzzy Hash: ed7b9fd22ecdf05393b9c41f0b0bdc6f6787c6ea367fa94a66ca6dc2741227c5
                                                              • Instruction Fuzzy Hash: 1BB16134A002059FDB15DF68D884AADBBF6FF88310F248469E90AEB351DB75ED46CB50
                                                              Function 01944A8C Relevance: .3, Instructions: 260COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b827fdcaf54d5943c10f4416355e695f54ac60ed1d0bebaa76b1bf759f1c91d7
                                                              • Instruction ID: fd84e22534b84a11ca08a069060fa2c72133ac515a1cfb8b6e96c3227731c6f5
                                                              • Opcode Fuzzy Hash: b827fdcaf54d5943c10f4416355e695f54ac60ed1d0bebaa76b1bf759f1c91d7
                                                              • Instruction Fuzzy Hash: 38B15C70E0025ACFDF11CFA8D885BDDBBF5AF88315F188129D859EB294EB749845CB81
                                                              Function 0194A6D8 Relevance: .2, Instructions: 216COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4a374be5f815e982fb88ba570123e4063a6ad85a41dfc8ab0c07a6efdd462922
                                                              • Instruction ID: 5cd8395675871b6aeeed07bfcfb304be0433ca723dbd2e88773e22964da41e11
                                                              • Opcode Fuzzy Hash: 4a374be5f815e982fb88ba570123e4063a6ad85a41dfc8ab0c07a6efdd462922
                                                              • Instruction Fuzzy Hash: 16817E75A00205CFEB14CF69D884B9DBBF6FF88310F14C16AE909AB395EB719945CB90
                                                              Function 01946ED8 Relevance: .2, Instructions: 170COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1bfc421ccea513e176e7ad8fd1581c31deb2b59f1bf41756ce0a2d58afb987ac
                                                              • Instruction ID: 3f00d00893852a06a007fe9fbb6e7403386ee1e3843d50451f3f740836e7bb04
                                                              • Opcode Fuzzy Hash: 1bfc421ccea513e176e7ad8fd1581c31deb2b59f1bf41756ce0a2d58afb987ac
                                                              • Instruction Fuzzy Hash: 7A518C34700209CFDB18DBA8C458EAE7BB6FF89701F2144A9E50ADB3A1DB759C41CB91
                                                              Function 0194A518 Relevance: .1, Instructions: 145COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0886d7a8b94318e2bb583f8ce5402d49f14abbb23800d17a9ed1d31fafc22ea0
                                                              • Instruction ID: 1f6b455a60bb1138864235a2210454d5b4bd21016e685be96fdd6c2820db2389
                                                              • Opcode Fuzzy Hash: 0886d7a8b94318e2bb583f8ce5402d49f14abbb23800d17a9ed1d31fafc22ea0
                                                              • Instruction Fuzzy Hash: C5418430B412068FDF268A6CD980B7EB77AFBC5311F60482AD51ADB291D739DC458B81
                                                              Function 01946CE2 Relevance: .1, Instructions: 135COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 363f7786933a7a2c683351967b68eacc3b2dfb46ffdfe312026b2d199f7b7a3d
                                                              • Instruction ID: 5b210dd93c2a0c5bfda92bb6dc91b7499a6401a973447797fd104c92f814d208
                                                              • Opcode Fuzzy Hash: 363f7786933a7a2c683351967b68eacc3b2dfb46ffdfe312026b2d199f7b7a3d
                                                              • Instruction Fuzzy Hash: A75115B1D002188FDB18CFA9D884B9EBBF5BF49310F548129E859BB391D774A844CF91
                                                              Function 01946CE8 Relevance: .1, Instructions: 132COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 83f0cb2ba00fba837824fd70c47508e7ba8383e53d2a917ca2b93e7f77c1aa26
                                                              • Instruction ID: 879e108047619ccc259574f4503ac41c775f0759db09c9aea20dfd44a80bdb38
                                                              • Opcode Fuzzy Hash: 83f0cb2ba00fba837824fd70c47508e7ba8383e53d2a917ca2b93e7f77c1aa26
                                                              • Instruction Fuzzy Hash: 7E5124B1D002188FDB18CFA9C884B9EBBF5BF49310F548529E859BB391DB74A844CF95
                                                              Function 01947D44 Relevance: .1, Instructions: 128COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c7cdc8546f7896bda94148b41fc7b16da6c291cb9cf01472a533d055237e0bba
                                                              • Instruction ID: 48e2b5b31d39c045cfc118d8b505c4b297e86852329a18f2d080a894969b728e
                                                              • Opcode Fuzzy Hash: c7cdc8546f7896bda94148b41fc7b16da6c291cb9cf01472a533d055237e0bba
                                                              • Instruction Fuzzy Hash: 1E316030E10249DBDB29CFA8C855BAEB7B6FF85311F60851AE409F7250E771AC42CB50
                                                              Function 01941128 Relevance: .1, Instructions: 126COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dd9b66127c521f9855de2ff52722858d83b49ac448cf48d354dfffc378725c77
                                                              • Instruction ID: cd7c5ab0bad8a89b5165c8408ebea3f24a1701e159deac831ea236bde6a1e56b
                                                              • Opcode Fuzzy Hash: dd9b66127c521f9855de2ff52722858d83b49ac448cf48d354dfffc378725c77
                                                              • Instruction Fuzzy Hash: 5551F830215242CFC72ADB38FA8097A3FA9FB99305B1471ADD2055B266DA7E6D05CF81
                                                              Function 01941138 Relevance: .1, Instructions: 112COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d54d4ec764437125fa561e1e73cb3f61aadc9a439cef0dc8882ce564516a67e2
                                                              • Instruction ID: 3e9d8e3a1629b17c00772b26a5284a85c1da715441d7ab6beee6501940730d10
                                                              • Opcode Fuzzy Hash: d54d4ec764437125fa561e1e73cb3f61aadc9a439cef0dc8882ce564516a67e2
                                                              • Instruction Fuzzy Hash: 0D51C730215242CFC639DB38FE8097A3FA9FB99305B1471ADD2055B266DA7E6D05CF81
                                                              Function 01941488 Relevance: .1, Instructions: 109COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 640264edf833e75f67d14ee648cfab1b7a9f5c33e7602e8f43aaf003148ea595
                                                              • Instruction ID: fbc616a606614bb901ef7a78c22dd96d7ce1bd0bb96fbdbd1c755f5b3dda6ec6
                                                              • Opcode Fuzzy Hash: 640264edf833e75f67d14ee648cfab1b7a9f5c33e7602e8f43aaf003148ea595
                                                              • Instruction Fuzzy Hash: 4731BE31A003128FDB369BBCD444AAD7BB9EB85721F54047AD50EDB252E739E8C1CB91
                                                              Function 0194DE86 Relevance: .1, Instructions: 101COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cbecad97f72c62f53a0e8d80f0f029f8833704d5ecd409baa63cf8f3c55a53aa
                                                              • Instruction ID: 59cf05618230ef2d2614307534112030e318009b05dea1d8f8a180ff668a249a
                                                              • Opcode Fuzzy Hash: cbecad97f72c62f53a0e8d80f0f029f8833704d5ecd409baa63cf8f3c55a53aa
                                                              • Instruction Fuzzy Hash: D8314F75B00616EFE715DB68D840E3AB7BABBC8300F55C169E5059B296CB35EC42C790
                                                              Function 01947D98 Relevance: .1, Instructions: 99COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1800209e23b64bd1d78b087557f60c65b903d007ce295f77d9fe572d51bd1ec9
                                                              • Instruction ID: c29e4743c9bad8f0b44c7226dd5b35e3d274e2b0f3617b0f9fcb27dc89c7b0ad
                                                              • Opcode Fuzzy Hash: 1800209e23b64bd1d78b087557f60c65b903d007ce295f77d9fe572d51bd1ec9
                                                              • Instruction Fuzzy Hash: CF318D31E102599BDB29CBE8C844BAEB7B6FF85311F508969E50AF7250EB71AC41CB50
                                                              Function 019426DC Relevance: .1, Instructions: 94COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d25d29a0fb222f732d6b1a10749e40ba0a1f1754c1c107991f1cdd656a362b89
                                                              • Instruction ID: e2b7519abe9303a776c8d2c6cd12a7d45683d063ca031fa9737dd778d35642be
                                                              • Opcode Fuzzy Hash: d25d29a0fb222f732d6b1a10749e40ba0a1f1754c1c107991f1cdd656a362b89
                                                              • Instruction Fuzzy Hash: 4941EFB0900349DFEB10CFA9C584ADEBFB5BF48314F14802AE509AB254DB75A945CB91
                                                              Function 01945099 Relevance: .1, Instructions: 91COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 920bb38a38e09974ef2268553a44efae867748c29298df7871182ada5fae9087
                                                              • Instruction ID: 015341e8a4acdcf5f36b62d1b1bacbb48aef8fc19c4bdf1d81acdcb03dd30e6c
                                                              • Opcode Fuzzy Hash: 920bb38a38e09974ef2268553a44efae867748c29298df7871182ada5fae9087
                                                              • Instruction Fuzzy Hash: 40310930600215CFEB29DBB8C954AAE77BABF8D345F1104ADD509AB3A4DB36DC41CB51
                                                              Function 019426E8 Relevance: .1, Instructions: 90COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c48092c224da1036165f7bb2a8cfd3b5dd84353001ba07472c0bc4ebbbb52a5f
                                                              • Instruction ID: 84683b52a17d629012388f1ef62d0cf478ae7192ca1cf86da61c5eb0e96d9850
                                                              • Opcode Fuzzy Hash: c48092c224da1036165f7bb2a8cfd3b5dd84353001ba07472c0bc4ebbbb52a5f
                                                              • Instruction Fuzzy Hash: C741EEB0D00349DFEB10CFA9C980A9EBFF5FF48310F248029E909AB254DB75A945CB91
                                                              Function 019450A8 Relevance: .1, Instructions: 89COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b66d6074b61f183871bc463597c517ead8f3c1aa71a68db397d051794aec7d13
                                                              • Instruction ID: 722e1a828505a0026a95ac91578753ec3fb20d9bcbb4dbdb524b1d323b2108d1
                                                              • Opcode Fuzzy Hash: b66d6074b61f183871bc463597c517ead8f3c1aa71a68db397d051794aec7d13
                                                              • Instruction Fuzzy Hash: 333119346002158FEB29DBB8C954AAE77FAAB8D341F1104ADD509AB3A0DB36DC41CB91
                                                              Function 019417C2 Relevance: .1, Instructions: 88COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ad5df37139bbe373a72582a4eef98d596c0ed8ea7d8983bd6c8d0af59e2bb7ec
                                                              • Instruction ID: 27f385c6af37d5d28ae13c328e52f21dfa41cbe1611eb463c4cf8db32253f341
                                                              • Opcode Fuzzy Hash: ad5df37139bbe373a72582a4eef98d596c0ed8ea7d8983bd6c8d0af59e2bb7ec
                                                              • Instruction Fuzzy Hash: EC21E571B002529FDB21DB78E848A6E7BA9FF88311F104579EA09D7342EB39DC418BC1
                                                              Function 0194A088 Relevance: .1, Instructions: 82COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b0359a365053ebf1efc868800065da6cdc6c958c7b29a008b4eac4e043f71b39
                                                              • Instruction ID: 615ae7502fe0d8a9a0a0a7241edba4804492a255c9886cede02c28cfbb771265
                                                              • Opcode Fuzzy Hash: b0359a365053ebf1efc868800065da6cdc6c958c7b29a008b4eac4e043f71b39
                                                              • Instruction Fuzzy Hash: E5318570E0024A9BDB19CF68D944A9EF7BAFF89340F10C519E80AEB351DB759D45CB90
                                                              Function 019416A2 Relevance: .1, Instructions: 81COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 931aa0f4f89adc2fb87348c1332836e56ca0c2920d7ef170ca63f7f4233e7d1c
                                                              • Instruction ID: f30f2c77efa92391f3dcd4ba92ff397674e5e8dd4ab081ac75c8b8a7219353bc
                                                              • Opcode Fuzzy Hash: 931aa0f4f89adc2fb87348c1332836e56ca0c2920d7ef170ca63f7f4233e7d1c
                                                              • Instruction Fuzzy Hash: 6621B1306001028FEB36D73CE944B293B6AEB89315F20696DD40EC7256DA3DEC858F91
                                                              Function 0194A098 Relevance: .1, Instructions: 78COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d3173c4917bd038e12a5812283c40dc464e3644c263e77e3842023b2ccae5513
                                                              • Instruction ID: 438adb4cc14d0f8fc1fc2443bc313950df335e195db5fc573897fa5220bb9b69
                                                              • Opcode Fuzzy Hash: d3173c4917bd038e12a5812283c40dc464e3644c263e77e3842023b2ccae5513
                                                              • Instruction Fuzzy Hash: 4D218870E4020A9BDB19CF65D944A9EF7BAFF89340F10C519D40AEB341DB759D41CB90
                                                              Function 01949F88 Relevance: .1, Instructions: 77COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9e12e71ca1c07b89931f84de8cfea8eb3b7a02e83d35288195cbe96e57d28b64
                                                              • Instruction ID: 285b679e423d5007700e5c2a1b2f2415933baf28efdc191dee656b37da5f5414
                                                              • Opcode Fuzzy Hash: 9e12e71ca1c07b89931f84de8cfea8eb3b7a02e83d35288195cbe96e57d28b64
                                                              • Instruction Fuzzy Hash: F5216230E0021A9FDB19CFA8D454AAEB7B6BF89300F11C61AE81ABB351DB719D45CB51
                                                              Function 01941380 Relevance: .1, Instructions: 75COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0e9e29abcf00e51b16c23f73fe546b25c2fb22acd258f53fce5ff7d913fdadca
                                                              • Instruction ID: fa548649bf0015d8a398b412980c5c9eb484553596aec49269e619331826b2b7
                                                              • Opcode Fuzzy Hash: 0e9e29abcf00e51b16c23f73fe546b25c2fb22acd258f53fce5ff7d913fdadca
                                                              • Instruction Fuzzy Hash: 712190307043019BEB365A7CE448B7D3BA9EB46716F14087ED50EC7296EA6DACC1C792
                                                              Function 014BD124 Relevance: .1, Instructions: 72COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584137543.00000000014BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014BD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_14bd000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ae3c5fd90c05e74be4aaa37c1e22e9b9e586769b6a37a643c87ca6b9b55edb79
                                                              • Instruction ID: 7a501d75af30f622199a8345df1aa3fb1754a64b12bff9cc97f3efb0611bef0c
                                                              • Opcode Fuzzy Hash: ae3c5fd90c05e74be4aaa37c1e22e9b9e586769b6a37a643c87ca6b9b55edb79
                                                              • Instruction Fuzzy Hash: A02137B5A04240EFDB05DF54C9C0B66BB65FB84318F24C5AED90A4B362C376D446CB71
                                                              Function 01944F89 Relevance: .1, Instructions: 71COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cfe2170755061fdf0a5b2c73314454c9e6584bb820c0d2aca72cda47025705ea
                                                              • Instruction ID: d19a0e55fbf8b976d78eeafc50c0a55ef02a677e8d2ee5d368d55ef2b86ba34d
                                                              • Opcode Fuzzy Hash: cfe2170755061fdf0a5b2c73314454c9e6584bb820c0d2aca72cda47025705ea
                                                              • Instruction Fuzzy Hash: F7213538B00204CFDB64DF79D958AAE7BF5AF89305F1104A8E40AEB3A4DB369D00CB51
                                                              Function 01941888 Relevance: .1, Instructions: 70COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5e57ff2c77a87301afb3cce25a231f51b417e0228fda92ee777a5eafc05bbfa0
                                                              • Instruction ID: 140fef56ef30ed5fd44562ab4819afa611832b5169094ff9ef4c283c55bbca64
                                                              • Opcode Fuzzy Hash: 5e57ff2c77a87301afb3cce25a231f51b417e0228fda92ee777a5eafc05bbfa0
                                                              • Instruction Fuzzy Hash: 69211034B00205CFEB68DB78D554AAE77F6AF89345F100479D50AEB350DB36AD81CB62
                                                              Function 01949F98 Relevance: .1, Instructions: 70COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6fd1c77c242725d2c0b9c977d43d10494b4012d298d83b6bc6a93f5cc9ba886d
                                                              • Instruction ID: a26db17c2511fb1802edc44972d2d813edae5c719730d9a961c4fc69c2463c10
                                                              • Opcode Fuzzy Hash: 6fd1c77c242725d2c0b9c977d43d10494b4012d298d83b6bc6a93f5cc9ba886d
                                                              • Instruction Fuzzy Hash: 90214230E002199BDB19CFA8D454A9EF7B6BF8A310F10851AE81AFB351DB71AD45CB51
                                                              Function 019416B0 Relevance: .1, Instructions: 69COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 67d4bc329b3e079739ed9e1a3ae61e76a90a0f9f462f2d939076e9b0f00f7a55
                                                              • Instruction ID: 62a5d5eb293880e9b3cc2fed3e8f7b56551d01234bcf9a9ff7e7e99bf3083216
                                                              • Opcode Fuzzy Hash: 67d4bc329b3e079739ed9e1a3ae61e76a90a0f9f462f2d939076e9b0f00f7a55
                                                              • Instruction Fuzzy Hash: 45214F346001028BEF36D738E984B693B5EEB89315F20693DD50EC7256DA7DEC858F91
                                                              Function 0194187A Relevance: .1, Instructions: 69COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 14be50ba393a824558e83ce3b4f06a7c0cf6953a9d8296a24c27c7328540355e
                                                              • Instruction ID: d82e11162f32aa107a8a87c1f47211703af87aca20ee51833da89d7b8d240441
                                                              • Opcode Fuzzy Hash: 14be50ba393a824558e83ce3b4f06a7c0cf6953a9d8296a24c27c7328540355e
                                                              • Instruction Fuzzy Hash: 4E213B34B00245CFEB68DB68D554AAE77F5AF89301F10047DD50AEB260EB36AD81CB52
                                                              Function 01946BA0 Relevance: .1, Instructions: 68COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 462e1e6b22d61e5ba86617022d94b5b690dd8c425b9d60647b3e0cfb5b0fc694
                                                              • Instruction ID: 9d994350b43a3cfb9c8da6f0a11097549e0caed21a04e1e00fe5c89203c92e7c
                                                              • Opcode Fuzzy Hash: 462e1e6b22d61e5ba86617022d94b5b690dd8c425b9d60647b3e0cfb5b0fc694
                                                              • Instruction Fuzzy Hash: B221F0317041428FC715AF3890147AEBBB6FF99701F1044AED0498B395EF768C85CB85
                                                              Function 01944F98 Relevance: .1, Instructions: 68COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c8f8bd12e754d9aa66d5ddbc96e0f500815b37e677b86f61f439e00b832b99c3
                                                              • Instruction ID: f18eb6790c2f9cd8910695f48aa211c3ff7a18db92dd5b781c5a764a76de8ee8
                                                              • Opcode Fuzzy Hash: c8f8bd12e754d9aa66d5ddbc96e0f500815b37e677b86f61f439e00b832b99c3
                                                              • Instruction Fuzzy Hash: 5F211678700204CFDB64DF79D558AAE77F5AB89705F1104A8E50AEB3A0DB369D00CB91
                                                              Function 01941498 Relevance: .1, Instructions: 53COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 81d0a099b706e16f27efdb03495e93e48bca786fcf8481852c09011024f5912d
                                                              • Instruction ID: 4e2af7c4fc1d048fc09dc43fb1be6a49edb2f300db415201c1222bd0650b7ad1
                                                              • Opcode Fuzzy Hash: 81d0a099b706e16f27efdb03495e93e48bca786fcf8481852c09011024f5912d
                                                              • Instruction Fuzzy Hash: E0018031E002158BCB61EFB884509EE7BF9EB88211B5804BAD909E7341E635E882CB91
                                                              Function 014BD11F Relevance: .1, Instructions: 53COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584137543.00000000014BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014BD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_14bd000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                              • Instruction ID: d73b3f0e9f7dfd7f4b93af535a6abaa9fcf867897ef8505dd0c65a08126a85ab
                                                              • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                              • Instruction Fuzzy Hash: DD11BE75904280CFDB06CF54C9C0B56BF61FB44218F24C6AAD8494B762C33AD44ACB61
                                                              Function 0194A6D2 Relevance: .1, Instructions: 51COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 04869fc008a4efd19312f135f379dc65efe24cfa14b927857febdd50d0bc4a53
                                                              • Instruction ID: 0c90b89107b1273f4482bd885f36fccdb1774b360c43a065e024c2687c1e1c8d
                                                              • Opcode Fuzzy Hash: 04869fc008a4efd19312f135f379dc65efe24cfa14b927857febdd50d0bc4a53
                                                              • Instruction Fuzzy Hash: 4A01C430A002058FDB14DF59D984B9ABBB9FF94311F54C169C90C5F296EBB49D05CBA1
                                                              Function 01948F28 Relevance: .0, Instructions: 42COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8b83c8544577fc6038ceb747e4772ac7934406d8b4a5cda0a084d7a8e3f37be1
                                                              • Instruction ID: 8e9e7fd05f6821a75a22a0f47092e0240873cca04c7550635fbfc36ab18dfeb9
                                                              • Opcode Fuzzy Hash: 8b83c8544577fc6038ceb747e4772ac7934406d8b4a5cda0a084d7a8e3f37be1
                                                              • Instruction Fuzzy Hash: 39017CB0A0124BDFDB45EFB4F9405AD7BB1EF94300F1062AEC405AB261EE791E058FA0
                                                              Function 0194099B Relevance: .0, Instructions: 40COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9fd516620a468673b895f6741446378640cf0e031c28328b8805daef6c3cbe2c
                                                              • Instruction ID: 5a31828a9d1e45f63ce44448340a5f94f4b3fa65bcce3e0f2e970b9435f074b4
                                                              • Opcode Fuzzy Hash: 9fd516620a468673b895f6741446378640cf0e031c28328b8805daef6c3cbe2c
                                                              • Instruction Fuzzy Hash: 23F02B2764D788CBFB36A56C45246EC3B494B81278B4C15AEE3DC9F353E1028C55A392
                                                              Function 01947EB0 Relevance: .0, Instructions: 38COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 945e2f1d37fd08af1538d4ea835924c6244e91d89ff3fad27e1478a1bed0998c
                                                              • Instruction ID: b8a5fc8605e8dc1b3d0edc64d895f192b1cbc45e510e639a4121755dfb1002a6
                                                              • Opcode Fuzzy Hash: 945e2f1d37fd08af1538d4ea835924c6244e91d89ff3fad27e1478a1bed0998c
                                                              • Instruction Fuzzy Hash: 9E01E835B001589FD728DBB8D598B6D77B2EF88315F5440A8E5069B3A8CB35AD42CB41
                                                              Function 01941524 Relevance: .0, Instructions: 36COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6fd95f206c654e21bb29359b64fe99d74dc67d0589af1908196e43ffeef3a1de
                                                              • Instruction ID: b882e0b95a9dc958f5d9a284995af66b481ad96112f5f5a4bcc22769f5dc21ee
                                                              • Opcode Fuzzy Hash: 6fd95f206c654e21bb29359b64fe99d74dc67d0589af1908196e43ffeef3a1de
                                                              • Instruction Fuzzy Hash: 5BF0F633A04210CFDB228BE888909ECBFB4EAA411175C00F7D90ADB251D635E482C751
                                                              Function 01948F38 Relevance: .0, Instructions: 33COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6b9696217964b0a4d7fd6f1a659b7a38e0baaba1c9cd94b700e00bc7e516ff07
                                                              • Instruction ID: b8f33721ddb2f7eda4734802a57da139fd1f6f7c566b24c909d03d60bbab27c5
                                                              • Opcode Fuzzy Hash: 6b9696217964b0a4d7fd6f1a659b7a38e0baaba1c9cd94b700e00bc7e516ff07
                                                              • Instruction Fuzzy Hash: 07F04F70A0114BDFDB55EFB8F9405AD7BB5EB84300F60626DC509A7250EE7A2E148BD1
                                                              Function 0194A968 Relevance: .0, Instructions: 9COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.4584970985.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_1940000_JuIZye2xKX.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8f98515c7b6ee9ea332499bb8700ab9e77266ffa36f4ce2116bfc4a467a95131
                                                              • Instruction ID: 93784a68fbbc186525e5d9c8220f15e4e51ddce3f921e1f2efecad190c0de71a
                                                              • Opcode Fuzzy Hash: 8f98515c7b6ee9ea332499bb8700ab9e77266ffa36f4ce2116bfc4a467a95131
                                                              • Instruction Fuzzy Hash: DAB092F2C4A384CFC7430F204D504A03FA45E13120B1B00DA90808F6B2F2388D02CB21