Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ReanProject.exe

Overview

General Information

Sample name:ReanProject.exe
Analysis ID:1589993
MD5:40a341513f036e4d5a356f70db6afb15
SHA1:2bde15455a425f52fa221577c22db34f217a69a5
SHA256:6858bca15eed33e61fdc4be3f87a0dfe63ccab54a659de551fcb5df52af060f4
Tags:DCRatexeNyashTeamuser-MalHunter3
Infos:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Machine Learning detection for sample
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • ReanProject.exe (PID: 6408 cmdline: "C:\Users\user\Desktop\ReanProject.exe" MD5: 40A341513F036E4D5A356F70DB6AFB15)
    • WerFault.exe (PID: 5876 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 2476 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
ReanProject.exeJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.2496998478.0000000006250000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      00000000.00000000.2320877273.0000000000BE2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        00000000.00000002.2492069435.0000000003041000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          Process Memory Space: ReanProject.exe PID: 6408JoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.0.ReanProject.exe.be0000.0.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              0.2.ReanProject.exe.6250000.13.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                0.2.ReanProject.exe.42a1af8.11.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                  0.2.ReanProject.exe.4521b18.6.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

                    Sigma Signatures

                    No Sigma rule has matched

                    Suricata Signatures

                    No Suricata rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: ReanProject.exeAvira: detected
                    Antivirus detection for URL or domain
                    Source: http://antiloxss.usite.proAvira URL Cloud: Label: malware
                    Source: https://antiloxss.usite.proAvira URL Cloud: Label: malware
                    Source: https://antiloxss.usite.pro/STLprograms/NEW/kitty_mapper/ReanProject/z-Closing.txtAvira URL Cloud: Label: malware
                    Multi AV Scanner detection for submitted file
                    Source: ReanProject.exeVirustotal: Detection: 59%Perma Link
                    Source: ReanProject.exeReversingLabs: Detection: 57%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                    Machine Learning detection for sample
                    Source: ReanProject.exeJoe Sandbox ML: detected
                    Source: ReanProject.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 193.109.246.100:443 -> 192.168.2.12:49713 version: TLS 1.2
                    Source: ReanProject.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: PresentationFramework.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: Accessibility.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: PresentationCore.pdbC source: ReanProject.exe, 00000000.00000002.2496328798.0000000005AA4000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: costura.costura.pdb.compressed source: ReanProject.exe
                    Source: Binary string: Siticone.UI.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: C:\Users\Ilham-PC\Documents\Visual Studio 2015\Projects\Siticone.UI\Build\Release\Siticone.UI.WinForms\Siticone.UI.pdb source: ReanProject.exe, 00000000.00000002.2496998478.0000000006250000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004297000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004521000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: System.Xml.ni.pdbRSDS# source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: System.Core.ni.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed#fontawesome.sharpQcostura.fontawesome.sharp.dll.compressed source: ReanProject.exe
                    Source: Binary string: PresentationFramework.ni.pdbRSDS source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: System.Xaml.ni.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: WindowsBase.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: C:\projects\fontawesome-sharp\FontAwesome.Sharp\obj\Release\net472\FontAwesome.Sharp.pdb source: ReanProject.exe, 00000000.00000002.2492069435.00000000030FA000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2497489514.00000000063A0000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004041000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004161000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: System.ni.pdbRSDSw source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: mscorlib.ni.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: WindowsBase.ni.pdbRSDS! source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: costura.costura.pdb.compressed|||Costura.pdb|6C6000A5EAF8579850AB82A89BD6268776EB51AD|2608 source: ReanProject.exe
                    Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: PresentationCore.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: PresentationFramework.pdb0 source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: System.Xml.ni.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: System.Windows.Forms.pdbH source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: WindowsBase.ni.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: O8o,C:\Windows\System.pdb source: ReanProject.exe, 00000000.00000002.2489881647.00000000010F4000.00000004.00000010.00020000.00000000.sdmp
                    Source: Binary string: FontAwesome.Sharp.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: System.Configuration.ni.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: mscorlib.ni.pdbRSDS source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: FontAwesome.Sharp.pdbHt source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: System.Configuration.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: costura.costura.pdb.compressed\B source: ReanProject.exe, 00000000.00000002.2492069435.0000000003041000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: System.Xml.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: System.pdb source: ReanProject.exe, 00000000.00000002.2492069435.0000000003305000.00000004.00000800.00020000.00000000.sdmp, WER5724.tmp.dmp.5.dr
                    Source: Binary string: tem.pdb source: ReanProject.exe, 00000000.00000002.2496328798.0000000005A61000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: System.pdbF source: ReanProject.exe, 00000000.00000002.2492069435.0000000003305000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: System.Windows.Forms.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: PresentationCore.ni.pdbRSDS source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: C:\Users\Ilham-PC\Documents\Visual Studio 2015\Projects\Siticone.UI\Build\Release\Siticone.UI.WinForms\Siticone.UI.pdbBSJB source: ReanProject.exe, 00000000.00000002.2496998478.0000000006250000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004297000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004521000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: System.Xml.pdbH source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: System.Xaml.pdb< source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: mscorlib.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: PresentationCore.ni.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: System.Xaml.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: System.Drawing.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: ReanProject.exe, 00000000.00000002.2496328798.0000000005AA4000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: System.Xaml.ni.pdbRSDS\Y source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: System.Core.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: PresentationFramework.ni.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: System.ni.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: System.Core.ni.pdbRSDS source: WER5724.tmp.dmp.5.dr
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 4x nop then jmp 0A834805h0_2_0A831110
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]0_2_0A83785A
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]0_2_0A837868

                    Networking

                    barindex
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 0.2.ReanProject.exe.6250000.13.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.ReanProject.exe.42a1af8.11.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.ReanProject.exe.4521b18.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2496998478.0000000006250000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: global trafficHTTP traffic detected: GET /STLprograms/NEW/kitty_mapper/ReanProject/z-Closing.txt HTTP/1.1Host: antiloxss.usite.proConnection: Keep-Alive
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /STLprograms/NEW/kitty_mapper/ReanProject/z-Closing.txt HTTP/1.1Host: antiloxss.usite.proConnection: Keep-Alive
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000032F2000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000032F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <li><a href="https://www.facebook.com/ucoz.web.builder" target="_blank">Facebook</a></li> equals www.facebook.com (Facebook)
                    Source: ReanProject.exe, 00000000.00000002.2496138699.00000000059F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: CLIENT_VERSIONthttp://gdata.youtube.com/feeds/api/videos/{0}?v=2&alt=jsonDFailed to get youtube video data: Lhttp://vimeo.com/api/v2/video/{0}.json@Failed to get vimeo video data: ork Manager.<br><br> <b>LICENSE MODULE</b><br> The license module enables you to work without interruptions. Issues with the module can be caused by:<br><br> (i) <i>Framework Manager is not installed</i><br>(ii) <i>HDD formatting</i><br>(iii) <i>OS reintallation</i>,<br>(iv) <i>Siticone Files Deletion</i>, or<br>(v) <i>Any other issues</i>.<br><br> For assistance, please contact our support centre at: <i>support@siticoneframework.com</i>PMissing Manager or the Module is corrupt4Download Framework Manager4Contact Our Support CentreHmailto:support@siticoneframework.comDhttps://www.siticoneframework.com/ equals www.youtube.com (Youtube)
                    Source: global trafficDNS traffic detected: DNS query: antiloxss.usite.pro
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 12:07:05 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: close
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000032D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://antiloxss.usite.pro
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000032D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://antiloxss.usite.pro&C
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000032D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://antiloxss.usite.prol
                    Source: ReanProject.exe, 00000000.00000002.2496998478.0000000006250000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004297000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.0000000003041000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004521000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
                    Source: ReanProject.exe, 00000000.00000002.2496998478.0000000006250000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004297000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.0000000003041000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004521000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                    Source: ReanProject.exe, 00000000.00000002.2499499330.000000000A8E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m
                    Source: ReanProject.exe, 00000000.00000002.2499499330.000000000A8E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m8
                    Source: ReanProject.exe, 00000000.00000002.2499499330.000000000A8E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microO
                    Source: ReanProject.exe, 00000000.00000002.2496998478.0000000006250000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004297000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.0000000003041000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004521000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
                    Source: ReanProject.exe, 00000000.00000002.2496998478.0000000006250000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004297000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.0000000003041000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004521000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
                    Source: ReanProject.exe, 00000000.00000002.2496998478.0000000006250000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004297000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.0000000003041000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004521000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
                    Source: ReanProject.exe, 00000000.00000002.2496998478.0000000006250000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004297000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.0000000003041000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004521000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000031CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/FontAwesome.Sharp;component/fonts/XP
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000031CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/FontAwesome.Sharp;component/fonts/Xl
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000031CF000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-brands-400.ttfP
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000031CF000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-brands-400.ttfl
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000031CF000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-regular-400.ttfP
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000031CF000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-regular-400.ttfl
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000031CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-solid-900.ttfP
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000031CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-solid-900.ttfl
                    Source: ReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/fonts/fa-brands-400.ttf
                    Source: ReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/fonts/fa-brands-400.ttfP
                    Source: ReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/fonts/fa-brands-400.ttfl
                    Source: ReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/fonts/fa-regular-400.ttf
                    Source: ReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/fonts/fa-regular-400.ttfP
                    Source: ReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/fonts/fa-regular-400.ttfl
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000031CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/fonts/fa-solid-900.ttf
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000031CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/fonts/fa-solid-900.ttfP
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000031CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/fonts/fa-solid-900.ttfl
                    Source: ReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/fonts/fa-brands-400.ttfP
                    Source: ReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/fonts/fa-brands-400.ttfl
                    Source: ReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/fonts/fa-regular-400.ttfP
                    Source: ReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/fonts/fa-regular-400.ttfl
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000031CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/fonts/fa-solid-900.ttfP
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000031CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/fonts/fa-solid-900.ttfl
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000030FA000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000030CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://gdata.youtube.com/feeds/api/videos/
                    Source: ReanProject.exe, 00000000.00000002.2496998478.0000000006250000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004297000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.0000000003041000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004521000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                    Source: ReanProject.exe, 00000000.00000002.2496998478.0000000006250000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004297000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.0000000003041000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004521000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000030FA000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2497489514.00000000063A0000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004041000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004161000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.awesome.incremented/wpf/xaml/fontawesome.sharp
                    Source: ReanProject.exe, 00000000.00000002.2492069435.0000000003041000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: Amcache.hve.5.drString found in binary or memory: http://upx.sf.net
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000030FA000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000030CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://vimeo.com/api/v2/video/
                    Source: ReanProject.exe, 00000000.00000002.2496998478.0000000006250000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004297000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.0000000003041000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004521000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000032C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://antiloxss.usite.pro
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000031CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://antiloxss.usite.pro/STLprograms/NEW/kitty_mapper/ReanProject/z-Closing.txt
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000032F2000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000032F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://book.ucoz.com
                    Source: ReanProject.exeString found in binary or memory: https://communitykeyv1.000webhostapp.com/Decoder4.php?string=
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000032F2000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000032F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://counter.yadro.ru/hit;counter1?r
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000032F2000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000032F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://faq.ucoz.com/
                    Source: ReanProject.exe, 00000000.00000002.2493215777.00000000041FF000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000030FA000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2498766850.0000000007C32000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000031CF000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2497489514.00000000063A0000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004041000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2491625605.00000000016C8000.00000004.00000020.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2498256564.0000000007740000.00000004.00000020.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004161000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2497997578.00000000065F3000.00000004.00000020.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.00000000041D6000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004521000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fontawesome.com
                    Source: ReanProject.exe, 00000000.00000002.2493215777.0000000004161000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.00000000041D6000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004521000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fontawesome.comhttps://fontawesome.comFont
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000032F2000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000032F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://forum.ucoz.com/
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000032F2000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000032F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/search
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000030FA000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000030CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/516730/what-does-the-visual-studio-any-cpu-target-mean&
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000032F2000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000032F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://top.ucoz.com/
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000032F2000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000032F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/#
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000032F2000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000032F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ucoz.com
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000032F2000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000032F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ucoz.com/register/
                    Source: ReanProject.exe, 00000000.00000002.2496998478.0000000006250000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004297000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.0000000003041000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004521000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                    Source: ReanProject.exe, 00000000.00000002.2496138699.00000000059F0000.00000004.00000020.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000030FA000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000030CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.siticoneframework.com/
                    Source: ReanProject.exe, 00000000.00000002.2496138699.00000000059F0000.00000004.00000020.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000030FA000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000030CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.siticoneframework.com/pricing.htmlFSoftware
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000032F2000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000032F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ucoz.com/pricing/
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000032F2000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000032F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ucoz.com/privacy/
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000032F2000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000032F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ucoz.com/terms/
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000032F2000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000032F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ucoz.com/tour/
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                    Source: unknownHTTPS traffic detected: 193.109.246.100:443 -> 192.168.2.12:49713 version: TLS 1.2
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_0A8366280_2_0A836628
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_0A839DC70_2_0A839DC7
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_0A831D170_2_0A831D17
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_0A831D280_2_0A831D28
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_0A83661F0_2_0A83661F
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 2476
                    Source: ReanProject.exe, 00000000.00000002.2496138699.00000000059F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs ReanProject.exe
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000030FA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs ReanProject.exe
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000030FA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFontAwesome.Sharp.dllD vs ReanProject.exe
                    Source: ReanProject.exe, 00000000.00000002.2490241443.000000000141E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs ReanProject.exe
                    Source: ReanProject.exe, 00000000.00000002.2497489514.00000000063A0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameFontAwesome.Sharp.dllD vs ReanProject.exe
                    Source: ReanProject.exe, 00000000.00000002.2496998478.0000000006250000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSiticone.UI.dll8 vs ReanProject.exe
                    Source: ReanProject.exe, 00000000.00000002.2493215777.0000000004041000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFontAwesome.Sharp.dllD vs ReanProject.exe
                    Source: ReanProject.exe, 00000000.00000002.2493215777.0000000004161000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFontAwesome.Sharp.dllD vs ReanProject.exe
                    Source: ReanProject.exe, 00000000.00000002.2493215777.0000000004297000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSiticone.UI.dll8 vs ReanProject.exe
                    Source: ReanProject.exe, 00000000.00000002.2496720531.0000000005C30000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs ReanProject.exe
                    Source: ReanProject.exe, 00000000.00000002.2492069435.00000000030CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs ReanProject.exe
                    Source: ReanProject.exe, 00000000.00000002.2492069435.0000000003041000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSiticone.UI.dll8 vs ReanProject.exe
                    Source: ReanProject.exe, 00000000.00000002.2493215777.0000000004521000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSiticone.UI.dll8 vs ReanProject.exe
                    Source: ReanProject.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                    Source: ReanProject.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: classification engineClassification label: mal80.troj.evad.winEXE@2/5@1/1
                    Source: C:\Users\user\Desktop\ReanProject.exeMutant created: NULL
                    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6408
                    Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\b69e4f4d-011b-43f0-98c5-9fdf0601a42bJump to behavior
                    Source: ReanProject.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: ReanProject.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                    Source: C:\Users\user\Desktop\ReanProject.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: ReanProject.exeVirustotal: Detection: 59%
                    Source: ReanProject.exeReversingLabs: Detection: 57%
                    Source: C:\Users\user\Desktop\ReanProject.exeFile read: C:\Users\user\Desktop\ReanProject.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\ReanProject.exe "C:\Users\user\Desktop\ReanProject.exe"
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 2476
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: iconcodecservice.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\ReanProject.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: ReanProject.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: ReanProject.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                    Source: ReanProject.exeStatic file information: File size 1593856 > 1048576
                    Source: ReanProject.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x184800
                    Source: ReanProject.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: PresentationFramework.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: Accessibility.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: PresentationCore.pdbC source: ReanProject.exe, 00000000.00000002.2496328798.0000000005AA4000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: costura.costura.pdb.compressed source: ReanProject.exe
                    Source: Binary string: Siticone.UI.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: C:\Users\Ilham-PC\Documents\Visual Studio 2015\Projects\Siticone.UI\Build\Release\Siticone.UI.WinForms\Siticone.UI.pdb source: ReanProject.exe, 00000000.00000002.2496998478.0000000006250000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004297000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004521000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: System.Xml.ni.pdbRSDS# source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: System.Core.ni.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed#fontawesome.sharpQcostura.fontawesome.sharp.dll.compressed source: ReanProject.exe
                    Source: Binary string: PresentationFramework.ni.pdbRSDS source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: System.Xaml.ni.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: WindowsBase.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: C:\projects\fontawesome-sharp\FontAwesome.Sharp\obj\Release\net472\FontAwesome.Sharp.pdb source: ReanProject.exe, 00000000.00000002.2492069435.00000000030FA000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2497489514.00000000063A0000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004041000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004161000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: System.ni.pdbRSDSw source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: mscorlib.ni.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: WindowsBase.ni.pdbRSDS! source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: costura.costura.pdb.compressed|||Costura.pdb|6C6000A5EAF8579850AB82A89BD6268776EB51AD|2608 source: ReanProject.exe
                    Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: PresentationCore.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: PresentationFramework.pdb0 source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: System.Xml.ni.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: System.Windows.Forms.pdbH source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: WindowsBase.ni.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: O8o,C:\Windows\System.pdb source: ReanProject.exe, 00000000.00000002.2489881647.00000000010F4000.00000004.00000010.00020000.00000000.sdmp
                    Source: Binary string: FontAwesome.Sharp.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: System.Configuration.ni.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: mscorlib.ni.pdbRSDS source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: FontAwesome.Sharp.pdbHt source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: System.Configuration.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: costura.costura.pdb.compressed\B source: ReanProject.exe, 00000000.00000002.2492069435.0000000003041000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: System.Xml.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: System.pdb source: ReanProject.exe, 00000000.00000002.2492069435.0000000003305000.00000004.00000800.00020000.00000000.sdmp, WER5724.tmp.dmp.5.dr
                    Source: Binary string: tem.pdb source: ReanProject.exe, 00000000.00000002.2496328798.0000000005A61000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: System.pdbF source: ReanProject.exe, 00000000.00000002.2492069435.0000000003305000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: System.Windows.Forms.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: PresentationCore.ni.pdbRSDS source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: C:\Users\Ilham-PC\Documents\Visual Studio 2015\Projects\Siticone.UI\Build\Release\Siticone.UI.WinForms\Siticone.UI.pdbBSJB source: ReanProject.exe, 00000000.00000002.2496998478.0000000006250000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004297000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004521000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: System.Xml.pdbH source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: System.Xaml.pdb< source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: mscorlib.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: PresentationCore.ni.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: System.Xaml.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: System.Drawing.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: ReanProject.exe, 00000000.00000002.2496328798.0000000005AA4000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: System.Xaml.ni.pdbRSDS\Y source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: System.Core.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: PresentationFramework.ni.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: System.ni.pdb source: WER5724.tmp.dmp.5.dr
                    Source: Binary string: System.Core.ni.pdbRSDS source: WER5724.tmp.dmp.5.dr

                    Data Obfuscation

                    barindex
                    Yara detected Costura Assembly Loader
                    Source: Yara matchFile source: ReanProject.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.ReanProject.exe.be0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.2320877273.0000000000BE2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2492069435.0000000003041000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: ReanProject.exe PID: 6408, type: MEMORYSTR
                    Source: ReanProject.exeStatic PE information: 0xC2C59935 [Wed Jul 19 22:41:57 2073 UTC]
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_05C991CB push esp; ret 0_2_05C991D1
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_05C9C35A push esp; retf 0_2_05C9C379
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_05C9BD9B push eax; mov dword ptr [esp], ecx0_2_05C9BDA1
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_05C95AA8 push es; ret 0_2_05C95AC0
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_090BCE00 push eax; mov dword ptr [esp], edx0_2_090BCE14
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_090B967A push C0335005h; mov dword ptr [esp], eax0_2_090B968B
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_0A831968 push esp; ret 0_2_0A831969
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_0A8332E8 push eax; iretd 0_2_0A8332E9
                    Source: ReanProject.exeStatic PE information: section name: .text entropy: 7.91471800797033
                    Source: C:\Users\user\Desktop\ReanProject.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeMemory allocated: 1690000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeMemory allocated: 3040000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeMemory allocated: 5040000 memory reserve | memory write watchJump to behavior
                    Source: Amcache.hve.5.drBinary or memory string: VMware
                    Source: Amcache.hve.5.drBinary or memory string: VMware Virtual USB Mouse
                    Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin
                    Source: Amcache.hve.5.drBinary or memory string: VMware, Inc.
                    Source: Amcache.hve.5.drBinary or memory string: VMware20,1hbin@
                    Source: Amcache.hve.5.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                    Source: Amcache.hve.5.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                    Source: Amcache.hve.5.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                    Source: Amcache.hve.5.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                    Source: Amcache.hve.5.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                    Source: Amcache.hve.5.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                    Source: Amcache.hve.5.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                    Source: ReanProject.exe, 00000000.00000002.2496328798.0000000005A93000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: Amcache.hve.5.drBinary or memory string: vmci.sys
                    Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin`
                    Source: Amcache.hve.5.drBinary or memory string: \driver\vmci,\driver\pci
                    Source: Amcache.hve.5.drBinary or memory string: VMware-42 27 6e d0 59 6b 97 52-b4 9a 7f 42 1f 0e 66 9c
                    Source: Amcache.hve.5.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                    Source: Amcache.hve.5.drBinary or memory string: VMware20,1
                    Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Generation Counter
                    Source: Amcache.hve.5.drBinary or memory string: NECVMWar VMware SATA CD00
                    Source: Amcache.hve.5.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                    Source: Amcache.hve.5.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                    Source: Amcache.hve.5.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                    Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                    Source: Amcache.hve.5.drBinary or memory string: VMware PCI VMCI Bus Device
                    Source: Amcache.hve.5.drBinary or memory string: VMware VMCI Bus Device
                    Source: Amcache.hve.5.drBinary or memory string: VMware Virtual RAM
                    Source: Amcache.hve.5.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                    Source: Amcache.hve.5.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeMemory allocated: page read and write | page guardJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeQueries volume information: C:\Users\user\Desktop\ReanProject.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                    Source: Amcache.hve.5.drBinary or memory string: msmpeng.exe
                    Source: Amcache.hve.5.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                    Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                    Source: Amcache.hve.5.drBinary or memory string: MsMpEng.exe

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                    DLL Side-Loading                    		1
                    Process Injection                    		2
                    Virtualization/Sandbox Evasion                    		OS Credential Dumping1
                    Query Registry                    		Remote Services1
                    Archive Collected Data                    		11
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		LSASS Memory21
                    Security Software Discovery                    		Remote Desktop ProtocolData from Removable Media3
                    Ingress Tool Transfer                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                    Process Injection                    		Security Account Manager2
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin SharesData from Network Shared Drive3
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
                    Obfuscated Files or Information                    		NTDS12
                    System Information Discovery                    		Distributed Component Object ModelInput Capture4
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
                    Software Packing                    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Timestomp                    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    DLL Side-Loading                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    ReanProject.exe60%VirustotalBrowse
                    ReanProject.exe58%ReversingLabsByteCode-MSIL.Trojan.Zilla
                    ReanProject.exe100%AviraTR/Dropper.MSIL.Gen
                    ReanProject.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-brands-400.ttfP0%Avira URL Cloudsafe
                    http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-solid-900.ttfP0%Avira URL Cloudsafe
                    http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-brands-400.ttfl0%Avira URL Cloudsafe
                    https://www.ucoz.com/tour/0%Avira URL Cloudsafe
                    http://foo/bar/fonts/fa-regular-400.ttf0%Avira URL Cloudsafe
                    https://fontawesome.comhttps://fontawesome.comFont0%Avira URL Cloudsafe
                    http://foo/fonts/fa-brands-400.ttfP0%Avira URL Cloudsafe
                    http://foo/fonts/fa-solid-900.ttfl0%Avira URL Cloudsafe
                    http://foo/fonts/fa-solid-900.ttfP0%Avira URL Cloudsafe
                    https://www.siticoneframework.com/0%Avira URL Cloudsafe
                    http://foo/bar/fonts/fa-regular-400.ttfP0%Avira URL Cloudsafe
                    http://foo/fonts/fa-brands-400.ttfl0%Avira URL Cloudsafe
                    http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-regular-400.ttfP0%Avira URL Cloudsafe
                    http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-regular-400.ttfl0%Avira URL Cloudsafe
                    http://foo/bar/fonts/fa-solid-900.ttfP0%Avira URL Cloudsafe
                    http://crl.m80%Avira URL Cloudsafe
                    https://www.ucoz.com/privacy/0%Avira URL Cloudsafe
                    http://antiloxss.usite.prol0%Avira URL Cloudsafe
                    http://defaultcontainer/FontAwesome.Sharp;component/fonts/Xl0%Avira URL Cloudsafe
                    https://www.ucoz.com/pricing/0%Avira URL Cloudsafe
                    http://foo/bar/fonts/fa-regular-400.ttfl0%Avira URL Cloudsafe
                    http://crl.microO0%Avira URL Cloudsafe
                    http://foo/bar/fonts/fa-brands-400.ttfP0%Avira URL Cloudsafe
                    http://antiloxss.usite.pro100%Avira URL Cloudmalware
                    https://faq.ucoz.com/0%Avira URL Cloudsafe
                    https://www.siticoneframework.com/pricing.htmlFSoftware0%Avira URL Cloudsafe
                    https://forum.ucoz.com/0%Avira URL Cloudsafe
                    http://schemas.awesome.incremented/wpf/xaml/fontawesome.sharp0%Avira URL Cloudsafe
                    https://antiloxss.usite.pro100%Avira URL Cloudmalware
                    https://top.ucoz.com/0%Avira URL Cloudsafe
                    https://book.ucoz.com0%Avira URL Cloudsafe
                    http://antiloxss.usite.pro&C0%Avira URL Cloudsafe
                    http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-solid-900.ttfl0%Avira URL Cloudsafe
                    http://foo/bar/fonts/fa-brands-400.ttf0%Avira URL Cloudsafe
                    https://www.ucoz.com/terms/0%Avira URL Cloudsafe
                    http://foo/fonts/fa-regular-400.ttfl0%Avira URL Cloudsafe
                    http://foo/bar/fonts/fa-brands-400.ttfl0%Avira URL Cloudsafe
                    https://communitykeyv1.000webhostapp.com/Decoder4.php?string=0%Avira URL Cloudsafe
                    https://antiloxss.usite.pro/STLprograms/NEW/kitty_mapper/ReanProject/z-Closing.txt100%Avira URL Cloudmalware
                    http://foo/bar/fonts/fa-solid-900.ttf0%Avira URL Cloudsafe
                    http://foo/fonts/fa-regular-400.ttfP0%Avira URL Cloudsafe
                    http://foo/bar/fonts/fa-solid-900.ttfl0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    antiloxss.usite.pro
                    		193.109.246.100
                    		truefalse
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://antiloxss.usite.pro/STLprograms/NEW/kitty_mapper/ReanProject/z-Closing.txtfalse
                      • Avira URL Cloud: malware
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://foo/fonts/fa-solid-900.ttfPReanProject.exe, 00000000.00000002.2492069435.00000000031CF000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://google.com/searchReanProject.exe, 00000000.00000002.2492069435.00000000032F2000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000032F7000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://twitter.com/#ReanProject.exe, 00000000.00000002.2492069435.00000000032F2000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000032F7000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-solid-900.ttfPReanProject.exe, 00000000.00000002.2492069435.00000000031CF000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://foo/bar/fonts/fa-regular-400.ttfReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://foo/fonts/fa-brands-400.ttfPReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://stackoverflow.com/questions/516730/what-does-the-visual-studio-any-cpu-target-mean&ReanProject.exe, 00000000.00000002.2492069435.00000000030FA000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000030CB000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-brands-400.ttflReanProject.exe, 00000000.00000002.2492069435.00000000031CF000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://ucoz.comReanProject.exe, 00000000.00000002.2492069435.00000000032F2000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000032F7000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://www.siticoneframework.com/ReanProject.exe, 00000000.00000002.2496138699.00000000059F0000.00000004.00000020.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000030FA000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000030CB000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://fontawesome.comhttps://fontawesome.comFontReanProject.exe, 00000000.00000002.2493215777.0000000004161000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.00000000041D6000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004521000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://fontawesome.comReanProject.exe, 00000000.00000002.2493215777.00000000041FF000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000030FA000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2498766850.0000000007C32000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000031CF000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2497489514.00000000063A0000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004041000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2491625605.00000000016C8000.00000004.00000020.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2498256564.0000000007740000.00000004.00000020.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004161000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2497997578.00000000065F3000.00000004.00000020.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.00000000041D6000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004521000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://www.ucoz.com/tour/ReanProject.exe, 00000000.00000002.2492069435.00000000032F2000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000032F7000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-brands-400.ttfPReanProject.exe, 00000000.00000002.2492069435.00000000031CF000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://foo/fonts/fa-solid-900.ttflReanProject.exe, 00000000.00000002.2492069435.00000000031CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://foo/bar/fonts/fa-regular-400.ttfPReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-regular-400.ttfPReanProject.exe, 00000000.00000002.2492069435.00000000031CF000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://foo/fonts/fa-brands-400.ttflReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://crl.m8ReanProject.exe, 00000000.00000002.2499499330.000000000A8E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.ucoz.com/pricing/ReanProject.exe, 00000000.00000002.2492069435.00000000032F2000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000032F7000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://ucoz.com/register/ReanProject.exe, 00000000.00000002.2492069435.00000000032F2000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000032F7000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://www.ucoz.com/privacy/ReanProject.exe, 00000000.00000002.2492069435.00000000032F2000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000032F7000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-regular-400.ttflReanProject.exe, 00000000.00000002.2492069435.00000000031CF000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameReanProject.exe, 00000000.00000002.2492069435.0000000003041000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://antiloxss.usite.prolReanProject.exe, 00000000.00000002.2492069435.00000000032D6000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://foo/bar/fonts/fa-solid-900.ttfPReanProject.exe, 00000000.00000002.2492069435.00000000031CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://defaultcontainer/FontAwesome.Sharp;component/fonts/XlReanProject.exe, 00000000.00000002.2492069435.00000000031CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://foo/bar/fonts/fa-regular-400.ttflReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://antiloxss.usite.proReanProject.exe, 00000000.00000002.2492069435.00000000032D6000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://crl.microOReanProject.exe, 00000000.00000002.2499499330.000000000A8E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://vimeo.com/api/v2/video/ReanProject.exe, 00000000.00000002.2492069435.00000000030FA000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000030CB000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://foo/bar/fonts/fa-brands-400.ttfPReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://faq.ucoz.com/ReanProject.exe, 00000000.00000002.2492069435.00000000032F2000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000032F7000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.siticoneframework.com/pricing.htmlFSoftwareReanProject.exe, 00000000.00000002.2496138699.00000000059F0000.00000004.00000020.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000030FA000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000030CB000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://antiloxss.usite.proReanProject.exe, 00000000.00000002.2492069435.00000000032C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://top.ucoz.com/ReanProject.exe, 00000000.00000002.2492069435.00000000032F2000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000032F7000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://gdata.youtube.com/feeds/api/videos/ReanProject.exe, 00000000.00000002.2492069435.00000000030FA000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000030CB000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://upx.sf.netAmcache.hve.5.drfalse
                                          		high
                                          https://forum.ucoz.com/ReanProject.exe, 00000000.00000002.2492069435.00000000032F2000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000032F7000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://schemas.awesome.incremented/wpf/xaml/fontawesome.sharpReanProject.exe, 00000000.00000002.2492069435.00000000030FA000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2497489514.00000000063A0000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004041000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2493215777.0000000004161000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://book.ucoz.comReanProject.exe, 00000000.00000002.2492069435.00000000032F2000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000032F7000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://antiloxss.usite.pro&CReanProject.exe, 00000000.00000002.2492069435.00000000032D6000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-solid-900.ttflReanProject.exe, 00000000.00000002.2492069435.00000000031CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://foo/bar/fonts/fa-brands-400.ttflReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://crl.mReanProject.exe, 00000000.00000002.2499499330.000000000A8E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://foo/fonts/fa-regular-400.ttflReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://foo/bar/fonts/fa-brands-400.ttfReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://communitykeyv1.000webhostapp.com/Decoder4.php?string=ReanProject.exefalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://www.ucoz.com/terms/ReanProject.exe, 00000000.00000002.2492069435.00000000032F2000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000032F7000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://foo/bar/fonts/fa-solid-900.ttfReanProject.exe, 00000000.00000002.2492069435.00000000031CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://counter.yadro.ru/hit;counter1?rReanProject.exe, 00000000.00000002.2492069435.00000000032F2000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.2492069435.00000000032F7000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://foo/bar/fonts/fa-solid-900.ttflReanProject.exe, 00000000.00000002.2492069435.00000000031CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://foo/fonts/fa-regular-400.ttfPReanProject.exe, 00000000.00000002.2492069435.000000000316D000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown

                                              World Map of Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public IPs

                                              IPDomainCountryFlagASNASN NameMalicious
                                              193.109.246.100
                                              		antiloxss.usite.proVirgin Islands (BRITISH)
                                              		204343COMPUBYTE-ASRUfalse

                                              General Information

                                              Joe Sandbox version:42.0.0 Malachite
                                              Analysis ID:1589993
                                              Start date and time:2025-01-13 13:06:07 +01:00
                                              Joe Sandbox product:CloudBasic
                                              Overall analysis duration:0h 5m 24s
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:default.jbs
                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                              Number of analysed new started processes analysed:9
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Sample name:ReanProject.exe
                                              Detection:MAL
                                              Classification:mal80.troj.evad.winEXE@2/5@1/1
                                              EGA Information:
                                              • Successful, ratio: 100%
                                              HCA Information:
                                              • Successful, ratio: 95%
                                              • Number of executed functions: 121
                                              • Number of non-executed functions: 4
                                              Cookbook Comments:
                                              • Found application associated with file extension: .exe

                                              Warnings

                                              • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                              • Excluded IPs from analysis (whitelisted): 20.189.173.22, 2.23.242.162, 40.126.31.71, 20.12.23.50
                                              • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                              • Report size getting too big, too many NtSetInformationFile calls found.

                                              Simulations

                                              Behavior and APIs

                                              TimeTypeDescription
                                              07:07:19API Interceptor1x Sleep call for process: WerFault.exe modified

                                              Joe Sandbox View / Context

                                              IPs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              193.109.246.100Iauncher.exeGet hashmaliciousRedLineBrowse
                                                Iauncher.exeGet hashmaliciousRedLineBrowse
                                                  Undetections.exeGet hashmaliciousVidarBrowse

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    antiloxss.usite.proIauncher.exeGet hashmaliciousRedLineBrowse
                                                    • 193.109.246.100
                                                    Iauncher.exeGet hashmaliciousRedLineBrowse
                                                    • 193.109.246.100

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    COMPUBYTE-ASRUhttps://u.to/W9rXIAGet hashmaliciousUnknownBrowse
                                                    • 193.109.246.12
                                                    https://u.to/SpzbIAGet hashmaliciousUnknownBrowse
                                                    • 193.109.246.12
                                                    LisectAVT_2403002B_38.exeGet hashmaliciousSalityBrowse
                                                    • 193.109.247.16
                                                    Iauncher.exeGet hashmaliciousRedLineBrowse
                                                    • 193.109.246.100
                                                    Iauncher.exeGet hashmaliciousRedLineBrowse
                                                    • 193.109.246.100
                                                    Undetections.exeGet hashmaliciousVidarBrowse
                                                    • 193.109.246.100
                                                    T4IoJqcAwY.exeGet hashmaliciousNymaim, SmokeLoader, Zealer Stealer, onlyLoggerBrowse
                                                    • 193.109.246.62
                                                    https://www.minstroy.saratov.gov.ru/communication/blog/admin-blg/1.php?pagen=12Get hashmaliciousUnknownBrowse
                                                    • 193.109.247.233
                                                    njw.exeGet hashmaliciousUnknownBrowse
                                                    • 193.109.247.229

                                                    JA3 Fingerprints

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    3b5074b1b5d032e5620f69f9f700ff0ehttps://email.mg.decisiontime.online/c/eJxszjFvszAQgOFfYzbQ-c4mMHj4pK_M3TqDOZdTjR1hJyj_vkqVMeujd3hXZxnHi2_Y6Qv1hohgaHifJbbhyHu75n2W5M7z7Fb2UiSnKjt3OUVJ_CqjpJ9WVoeoxwEvL62PKz9VN5szGsd5AQoLgV-oZ2_1oPuFgrWAvWnEIaAFDaM2ZGHoAsy0DGwY2VpNoAzs328fottqvRZF_xROCqeyFV_flQonDLPC6c6HhEfr8_q0v9vmcB9xlsTdl8SS0__8qQyUfKsbH6ket1K7rfgkXeLa3B3-BgAA__-9dmXGGet hashmaliciousUnknownBrowse
                                                    • 193.109.246.100
                                                    https://shortener.kountryboyzbailbonds.com/orVbdaZDUTFihPy?https://go.microsoft.com/ref=?ONSKE6784f8047cd90___store=ot&url=ONSKE6784f8047cd90&utm_source=follow-up-email&utm_medium=email&utm_campaign=abandoned%20helpful%20linkGet hashmaliciousUnknownBrowse
                                                    • 193.109.246.100
                                                    PDF-3093900299039 pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                    • 193.109.246.100
                                                    FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 193.109.246.100
                                                    rRef6010273.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 193.109.246.100
                                                    invnoIL438805.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 193.109.246.100
                                                    Shipping Docs Waybill No 2009 xxxx 351.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 193.109.246.100
                                                    wuknbFMdeq.exeGet hashmaliciousFunkLockerBrowse
                                                    • 193.109.246.100
                                                    rCHARTERREQUEST.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 193.109.246.100

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ReanProject.exe_63edd5b671cb1d54fc15e1b9fa29c74645d60_9ef8d206_378b68e1-2c1a-4c4d-8414-5d79acf0f061\Report.wer

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):65536
                                                    Entropy (8bit):1.4215982534298695
                                                    Encrypted:false
                                                    SSDEEP:192:53SZ5k5ZPf0BU/Ka2x4os6ZrG+FlRqCY5zuiFTZ24IO83:5SZ5k3kBU/KaeI+3ICY5zuiFTY4IO83
                                                    MD5:D5F29FCF165018B6DC31E66FA7CFB674
                                                    SHA1:367CBE7861239003F46DC1AA0597730DAEA0CD6A
                                                    SHA-256:30AF509B8999320CE5C3BD0178452FC8B06FE1C873A25FF087EA2ED291550868
                                                    SHA-512:E451F1D588C10B6E47286A49A950734F0CD3EE6C80AB6D3A2615ECD04FCD7B8C5B6B29703AC5CC8E07FE3978688AA71DD528586F6BC1D645A6157470D9DCDB06
                                                    Malicious:true
                                                    Reputation:low
                                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.1.2.4.3.6.3.2.5.1.0.2.1.7.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.1.2.4.3.6.3.4.1.3.5.1.9.9.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.7.8.b.6.8.e.1.-.2.c.1.a.-.4.c.4.d.-.8.4.1.4.-.5.d.7.9.a.c.f.0.f.0.6.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.a.0.9.2.f.5.e.-.7.f.c.2.-.4.4.b.2.-.9.9.1.8.-.3.4.7.7.0.b.4.e.0.7.1.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.R.e.a.n.P.r.o.j.e.c.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.e.a.n.P.r.o.j.e.c.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.0.8.-.0.0.0.1.-.0.0.1.4.-.e.b.4.4.-.1.9.a.8.b.3.6.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.5.2.f.7.4.2.a.6.4.a.a.4.d.c.d.a.0.1.a.2.e.1.8.c.8.d.6.6.e.b.9.6.0.0.0.0.0.0.0.0.!.0.0.0.0.2.b.d.e.1.5.4.5.5.a.4.2.5.f.5.2.f.a.2.2.1.5.7.7.c.2.2.d.b.3.4.f.

                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER5724.tmp.dmp

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:Mini DuMP crash report, 15 streams, Mon Jan 13 12:07:13 2025, 0x1205a4 type
                                                    Category:dropped
                                                    Size (bytes):415074
                                                    Entropy (8bit):4.114722258671907
                                                    Encrypted:false
                                                    SSDEEP:3072:sTfqJysDPWyL4WZcMUZbNJcusMKPBkvLj4cOlYGedAGN1uPsAUwTPbOUf31zRyDK:sOfLnisMTvL0hxihu0yo
                                                    MD5:56B08D9D696CE149BB60BEB0F552E831
                                                    SHA1:238A7CCC84F4AAD906ED7A709F452A36399B3720
                                                    SHA-256:06393A50F764FE2E327E55CE12ABC863D110A5DBCE25C555412CEA4747589B29
                                                    SHA-512:626916FBEE16D41B571C09601B940385E20F8EF60FC037B411065FBA19A62FAE9118880BDC46440278497B1E0AF7EBCC56EF6051ACBADB1F9903C1A9E0CFB709
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:MDMP..a..... ..........g.........................)..........<....3......d4...p..........`.......8...........T...........@a.."............3...........5..............................................................................eJ......p6......GenuineIntel............T..............g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER5C07.tmp.WERInternalMetadata.xml

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):8404
                                                    Entropy (8bit):3.694144816876441
                                                    Encrypted:false
                                                    SSDEEP:192:R6l7wVeJOjY6XW6Y+MSUNgmfZHtprR89bcjEsf0zS7m:R6lXJAY6G6YVSUNgmfZucj3f0ey
                                                    MD5:C92322E272115D6F43F650DE5223A6A5
                                                    SHA1:16681FE73FC0E9BA8B06B28F1B60F705FDD3EB63
                                                    SHA-256:018544DB6D1B0ACD1DF4CA342331BF2B00DE75A96BDA42AA7E05B516E3584BE6
                                                    SHA-512:A24C2B12E6E356D155C626BE74872CDC28B90C7EA2B105DED1AB12A21115A8040FB429C661E9432A2C2C559070B765E1827EC9F700CF35A203B5265027DAD1F0
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.4.0.8.<./.P.i.

                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER5C27.tmp.xml

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):4755
                                                    Entropy (8bit):4.4651413407659675
                                                    Encrypted:false
                                                    SSDEEP:48:cvIwWl8zshJg77aI98kSWpW8VYzYm8M4JXiYF8y+q8vaiXBVaeV/gd:uIjfzI7+kz7VDJBKLBtV/gd
                                                    MD5:162BA5F3CB54D9688F146367284FAC52
                                                    SHA1:89C9E89FF46A03B4C992D58E764714E378BE3501
                                                    SHA-256:369261E65E6DBEF2D56A38CD0BD26B3EF3D534D4580CAB469B48812080E85A77
                                                    SHA-512:5C361725E20EA8382A3E207D0CF7FB4D96EEE8119E4217E1606A83051241C0E923F66F72DF5BDAD044A66BAB5692671AE88DB0ECD1106FF5487B3E1FC920A084
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="674109" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                    C:\Windows\appcompat\Programs\Amcache.hve

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:MS Windows registry file, NT/2000 or above
                                                    Category:dropped
                                                    Size (bytes):1835008
                                                    Entropy (8bit):4.568631466528815
                                                    Encrypted:false
                                                    SSDEEP:6144:noPefZnQMa3tfL9bn90foomgsattlbSldrUHT7hSgkSNv0juQJYchUJvTGA9BsL6:oPZAooVJHnsg/d1THqG
                                                    MD5:9AAA1612C98A796070DB95AB5E333A9D
                                                    SHA1:F46F8D0DFC72838C0EC45FF1C1F58CC9E60B3FC1
                                                    SHA-256:4E6BC2B1CD61A73E32AC7678817A06F24F8F98458CC5C4E6CABA27CAEC21A23A
                                                    SHA-512:400AB63E1794B2E835C31A349B9D4FC595661CCA270979585AB247B60EAEEFB0873F816E02807DE64CC1CF7792598B7CE7920745BB321C28C09B47CCEDE1E076
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:regfJ...J....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm....e..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    Static File Info

                                                    General

                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Entropy (8bit):7.911562142988739
                                                    TrID:
                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                    • Win32 Executable (generic) a (10002005/4) 49.75%
                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                    • Windows Screen Saver (13104/52) 0.07%
                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                    File name:ReanProject.exe
                                                    File size:1'593'856 bytes
                                                    MD5:40a341513f036e4d5a356f70db6afb15
                                                    SHA1:2bde15455a425f52fa221577c22db34f217a69a5
                                                    SHA256:6858bca15eed33e61fdc4be3f87a0dfe63ccab54a659de551fcb5df52af060f4
                                                    SHA512:2610c45c2683f4773238a99e674aba88d64a45ba3f6bb97a13fc763d13d778519727bcf6087d552d40ad80de2e7cdf23379970fc3ee90bb969fe3c9a0216aa3e
                                                    SSDEEP:49152:CzS8CQJK7u2Bg76XDnjmj+e8PgnaADNAr:0SxQJK7XG6L8+e8PIaADNAr
                                                    TLSH:337512A8D7A40E27E1AA53B844770252F7B11312999AF74BFDD620F16421F9EE5003EF
                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5............."...0..H...........g... ........@.. ....................................`................................

                                                    File Icon

                                                    Icon Hash:00928e8e8686b000

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0x58672e
                                                    Entrypoint Section:.text
                                                    Digitally signed:false
                                                    Imagebase:0x400000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                    Time Stamp:0xC2C59935 [Wed Jul 19 22:41:57 2073 UTC]
                                                    TLS Callbacks:
                                                    CLR (.Net) Version:
                                                    OS Version Major:4
                                                    OS Version Minor:0
                                                    File Version Major:4
                                                    File Version Minor:0
                                                    Subsystem Version Major:4
                                                    Subsystem Version Minor:0
                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                    Entrypoint Preview

                                                    Instruction
                                                    jmp dword ptr [00402000h]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al

                                                    Data Directories

                                                    NameVirtual AddressVirtual Size Is in Section
                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x1866dc0x4f.text
                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x1880000x56e.rsrc
                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x18a0000xc.reloc
                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                    Sections

                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                    .text0x20000x1847340x18480016da32139df8f0bc62075ad52ce165afFalse0.9301525297619048data7.91471800797033IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                    .rsrc0x1880000x56e0x600a24c424d9394c472e75ea9b5bb5a35eeFalse0.4095052083333333data3.998760083873733IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                    .reloc0x18a0000xc0x200de13cd2fe2daff399d0027eff05c9df5False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                    Resources

                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                    RT_VERSION0x1880a00x2e4data0.4418918918918919
                                                    RT_MANIFEST0x1883840x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                    Imports

                                                    DLLImport
                                                    mscoree.dll_CorExeMain

                                                    Network Behavior

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Jan 13, 2025 13:07:05.534869909 CET49713443192.168.2.12193.109.246.100
                                                    Jan 13, 2025 13:07:05.534908056 CET44349713193.109.246.100192.168.2.12
                                                    Jan 13, 2025 13:07:05.535001993 CET49713443192.168.2.12193.109.246.100
                                                    Jan 13, 2025 13:07:05.805416107 CET49713443192.168.2.12193.109.246.100
                                                    Jan 13, 2025 13:07:05.805437088 CET44349713193.109.246.100192.168.2.12
                                                    Jan 13, 2025 13:07:06.854475021 CET44349713193.109.246.100192.168.2.12
                                                    Jan 13, 2025 13:07:06.854645967 CET49713443192.168.2.12193.109.246.100
                                                    Jan 13, 2025 13:07:06.858153105 CET49713443192.168.2.12193.109.246.100
                                                    Jan 13, 2025 13:07:06.858160019 CET44349713193.109.246.100192.168.2.12
                                                    Jan 13, 2025 13:07:06.858409882 CET44349713193.109.246.100192.168.2.12
                                                    Jan 13, 2025 13:07:06.898535967 CET49713443192.168.2.12193.109.246.100
                                                    Jan 13, 2025 13:07:06.996556044 CET49713443192.168.2.12193.109.246.100
                                                    Jan 13, 2025 13:07:07.039324045 CET44349713193.109.246.100192.168.2.12
                                                    Jan 13, 2025 13:07:07.239336014 CET44349713193.109.246.100192.168.2.12
                                                    Jan 13, 2025 13:07:07.239360094 CET44349713193.109.246.100192.168.2.12
                                                    Jan 13, 2025 13:07:07.239392042 CET44349713193.109.246.100192.168.2.12
                                                    Jan 13, 2025 13:07:07.239456892 CET49713443192.168.2.12193.109.246.100
                                                    Jan 13, 2025 13:07:07.239456892 CET49713443192.168.2.12193.109.246.100
                                                    Jan 13, 2025 13:07:07.239464998 CET44349713193.109.246.100192.168.2.12
                                                    Jan 13, 2025 13:07:07.239603996 CET49713443192.168.2.12193.109.246.100
                                                    Jan 13, 2025 13:07:07.425362110 CET49713443192.168.2.12193.109.246.100

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Jan 13, 2025 13:07:05.463963032 CET5730453192.168.2.121.1.1.1
                                                    Jan 13, 2025 13:07:05.480093956 CET53573041.1.1.1192.168.2.12

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                    Jan 13, 2025 13:07:05.463963032 CET192.168.2.121.1.1.10x7917Standard query (0)antiloxss.usite.proA (IP address)IN (0x0001)false

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                    Jan 13, 2025 13:07:05.480093956 CET1.1.1.1192.168.2.120x7917No error (0)antiloxss.usite.pro193.109.246.100A (IP address)IN (0x0001)false

                                                    HTTP Request Dependency Graph

                                                    • antiloxss.usite.pro

                                                    HTTPS Proxied Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    0192.168.2.1249713193.109.246.1004436408C:\Users\user\Desktop\ReanProject.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-13 12:07:06 UTC123OUTGET /STLprograms/NEW/kitty_mapper/ReanProject/z-Closing.txt HTTP/1.1
                                                    Host: antiloxss.usite.pro
                                                    Connection: Keep-Alive
                                                    2025-01-13 12:07:07 UTC165INHTTP/1.1 404 Not Found
                                                    Server: nginx
                                                    Date: Mon, 13 Jan 2025 12:07:05 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    2025-01-13 12:07:07 UTC3966INData Raw: 66 37 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 48 54 54 50 20 34 30 34 20 52 65 73 6f 75 72 63 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 20 7b 6d 61 72 67 69 6e 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 20 66 6f 6e 74 3a 20 31 32 70 78 2f 32 32 70 78 20 27 56 65 72 64 61 6e 61 27 3b 20 63
                                                    Data Ascii: f77<!DOCTYPE html><html><head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <title>HTTP 404 Resource not found</title><style type="text/css">body {margin: 0; padding: 0; background: #fff; font: 12px/22px 'Verdana'; c
                                                    2025-01-13 12:07:07 UTC3322INData Raw: 63 66 33 0d 0a 73 6f 72 3a 74 72 75 65 7d 29 3b 0a 20 20 20 20 20 20 20 20 7d 20 63 61 74 63 68 28 65 29 20 7b 7d 0a 20 20 20 20 7d 29 3b 0a 20 20 20 20 76 61 72 20 6e 20 3d 20 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 2c 0a 20 20 20 20 20 20 20 20 73 20 3d 20 64 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 2c 0a 20 20 20 20 20 20 20 20 66 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 6e 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 73 2c 20 6e 29 3b 20 7d 3b 0a 20 20 20 20 73 2e 74 79 70 65 20 3d 20 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3b 0a 20 20 20 20 73 2e 61 73 79 6e 63 20 3d 20 74 72 75 65 3b 0a 20 20 20 20 73 2e
                                                    Data Ascii: cf3sor:true}); } catch(e) {} }); var n = d.getElementsByTagName("script")[0], s = d.createElement("script"), f = function () { n.parentNode.insertBefore(s, n); }; s.type = "text/javascript"; s.async = true; s.
                                                    2025-01-13 12:07:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    General

                                                    Target ID:0
                                                    Start time:07:07:03
                                                    Start date:13/01/2025
                                                    Path:C:\Users\user\Desktop\ReanProject.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Users\user\Desktop\ReanProject.exe"
                                                    Imagebase:0xbe0000
                                                    File size:1'593'856 bytes
                                                    MD5 hash:40A341513F036E4D5A356F70DB6AFB15
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000000.00000002.2496998478.0000000006250000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000000.2320877273.0000000000BE2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2492069435.0000000003041000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    Reputation:low
                                                    Has exited:true

                                                    General

                                                    Target ID:5
                                                    Start time:07:07:09
                                                    Start date:13/01/2025
                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 2476
                                                    Imagebase:0x8a0000
                                                    File size:483'680 bytes
                                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    Disassembly

                                                    Reset < >

                                                      Execution Graph

                                                      Execution Coverage:9%
                                                      Dynamic/Decrypted Code Coverage:100%
                                                      Signature Coverage:5.7%
                                                      Total number of Nodes:53
                                                      Total number of Limit Nodes:4
                                                      execution_graph 44332 a8383c0 44333 a8383f6 44332->44333 44334 a8384b5 44333->44334 44336 a83e449 44333->44336 44337 a83e49b 44336->44337 44338 a83e4b9 MonitorFromPoint 44337->44338 44339 a83e4ea 44337->44339 44338->44339 44339->44334 44321 16bfce0 44322 16bfd28 GetModuleHandleW 44321->44322 44323 16bfd22 44321->44323 44324 16bfd55 44322->44324 44323->44322 44325 a835708 44326 a83571a 44325->44326 44328 a835760 44325->44328 44326->44328 44329 a834598 44326->44329 44330 a8358a0 SetTimer 44329->44330 44331 a83590c 44330->44331 44331->44328 44340 16b74a0 44341 16b74bc 44340->44341 44342 16b7531 44341->44342 44344 16b7741 44341->44344 44345 16b7765 44344->44345 44349 16b7841 44345->44349 44353 16b7850 44345->44353 44351 16b7850 44349->44351 44350 16b7954 44350->44350 44351->44350 44357 16b734c 44351->44357 44355 16b7877 44353->44355 44354 16b7954 44354->44354 44355->44354 44356 16b734c CreateActCtxA 44355->44356 44356->44354 44358 16b88e0 CreateActCtxA 44357->44358 44360 16b89a3 44358->44360 44361 a8398e8 44362 a839922 44361->44362 44363 a8399b3 44362->44363 44364 a83999e 44362->44364 44366 a836628 CreateIconFromResourceEx 44363->44366 44369 a836628 44364->44369 44368 a8399c2 44366->44368 44371 a836633 44369->44371 44370 a8399a9 44371->44370 44373 a83a6f7 44371->44373 44374 a83a722 44373->44374 44375 a83a72f 44374->44375 44376 a83a758 CreateIconFromResourceEx 44374->44376 44375->44370 44377 a83a7d6 44376->44377 44377->44370 44378 90ba2f0 44380 90ba311 44378->44380 44379 90ba329 44380->44379 44382 90ba96f 44380->44382 44383 90ba9bd DrawTextExW 44382->44383 44384 90ba973 44382->44384 44386 90baa5e 44383->44386 44384->44379 44386->44379

                                                      Executed Functions

                                                      Function 0A836628 Relevance: .6, Instructions: 623COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2499129011.000000000A830000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A830000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_a830000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e9b256244d7cfb874f450e79496ec335cf4c5a661b6c2759bb866f1c0c5b3a7c
                                                      • Instruction ID: b52d208d708798bfdb20f7949ce80bb5a4552fb90c43b4ac7d067c388394aadb
                                                      • Opcode Fuzzy Hash: e9b256244d7cfb874f450e79496ec335cf4c5a661b6c2759bb866f1c0c5b3a7c
                                                      • Instruction Fuzzy Hash: B4326B31A002188FDB58DFA9C8947AEBBF2BF88340F148569D44AEB395DB359C45CF91
                                                      Function 0A839DC7 Relevance: .3, Instructions: 288COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2499129011.000000000A830000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A830000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_a830000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c360af6e4bfbd97b5ce5fe9552715e4fad83ac19494bd9df8e2de6990271be32
                                                      • Instruction ID: dfe6db03f442cda0f5a01f19fa882b0d1641fcef9e593b92b2ab2d8b93f70b79
                                                      • Opcode Fuzzy Hash: c360af6e4bfbd97b5ce5fe9552715e4fad83ac19494bd9df8e2de6990271be32
                                                      • Instruction Fuzzy Hash: 47C19D72E042589FCF18CFA9C88079DBBB2BF84300F15C5A9D489EB255EB759985CF90
                                                      Function 0A83661F Relevance: .3, Instructions: 281COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2499129011.000000000A830000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A830000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_a830000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c10e8ebabaaf3eac5702a12cb29558457709018878ba4200daa227a28c2e3271
                                                      • Instruction ID: 6706fb6c9c4587487373ae3961cee049b63c6cad4784d1e21cecd7ca41e22e53
                                                      • Opcode Fuzzy Hash: c10e8ebabaaf3eac5702a12cb29558457709018878ba4200daa227a28c2e3271
                                                      • Instruction Fuzzy Hash: DEC18D72E042599FCF18CFA9C88079DBBB2BF88300F14C5A9D449EB251EB719985CF90
                                                      Function 0A831110 Relevance: .1, Instructions: 137COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2499129011.000000000A830000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A830000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_a830000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3e4d05dd8c76246cd40b40e45be7a448bef4223901f44f0bc43ae7054a9fd489
                                                      • Instruction ID: b15ea5d0808f6ed7c2b1c674ba717ddf7b75b7907a7dbb81bbc5b47db85be259
                                                      • Opcode Fuzzy Hash: 3e4d05dd8c76246cd40b40e45be7a448bef4223901f44f0bc43ae7054a9fd489
                                                      • Instruction Fuzzy Hash: 3351AFB9D05248DFCB14DFE5E8889EDBBB2FF89301F20902AE406AB254DB306845CF45
                                                      Function 016B734C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 0 16b734c-16b89a1 CreateActCtxA 3 16b89aa-16b8a04 0->3 4 16b89a3-16b89a9 0->4 11 16b8a13-16b8a17 3->11 12 16b8a06-16b8a09 3->12 4->3 13 16b8a19-16b8a25 11->13 14 16b8a28 11->14 12->11 13->14
                                                      APIs
                                                      • CreateActCtxA.KERNEL32(?), ref: 016B8991
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2491555435.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_16b0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID: Create
                                                      • String ID:
                                                      • API String ID: 2289755597-0
                                                      • Opcode ID: 8c5b2b12a76c494d3be6277974f4d9f1345c04b1b50952e440b9ff224e9e044e
                                                      • Instruction ID: 554a9336ff366f6ba21fbfb1c7485ef41dcab11cd4ed245018c104ab576e6779
                                                      • Opcode Fuzzy Hash: 8c5b2b12a76c494d3be6277974f4d9f1345c04b1b50952e440b9ff224e9e044e
                                                      • Instruction Fuzzy Hash: 3441CF70C0061DCBDB24DFAAC884BCDBBF9BF88304F208169D509AB251DB756946CF91
                                                      Function 0A83A6F7 Relevance: 1.6, APIs: 1, Instructions: 89windowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 16 a83a6f7-a83a72d call a836654 19 a83a742-a83a7d4 CreateIconFromResourceEx 16->19 20 a83a72f-a83a73f 16->20 24 a83a7d6-a83a7dc 19->24 25 a83a7dd-a83a7fa 19->25 24->25
                                                      APIs
                                                      • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?), ref: 0A83A7C7
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2499129011.000000000A830000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A830000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_a830000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID: CreateFromIconResource
                                                      • String ID:
                                                      • API String ID: 3668623891-0
                                                      • Opcode ID: 0fd110c0a1be84167310a06a954c75fc84e9f053801d723a3c6d13bf53efdf29
                                                      • Instruction ID: a40454d91c359492ecd9ea2f05ba06271f1b7022416fc85d10f59a6e2a29c0d2
                                                      • Opcode Fuzzy Hash: 0fd110c0a1be84167310a06a954c75fc84e9f053801d723a3c6d13bf53efdf29
                                                      • Instruction Fuzzy Hash: 7131C1729083899FCB12CFA9C840ADEBFF4EF0A350F14849AE594E7261C3359854DFA1
                                                      Function 090BA96F Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 28 90ba96f-90ba971 29 90ba9bd-90baa04 28->29 30 90ba973-90ba996 28->30 33 90baa0f-90baa1e 29->33 34 90baa06-90baa0c 29->34 31 90ba99d-90ba99f 30->31 32 90ba998 call 90b9cdc 30->32 32->31 35 90baa23-90baa5c DrawTextExW 33->35 36 90baa20 33->36 34->33 37 90baa5e-90baa64 35->37 38 90baa65-90baa82 35->38 36->35 37->38
                                                      APIs
                                                      • DrawTextExW.USER32(?,?,?,?,?,?), ref: 090BAA4F
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2498853886.00000000090B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_90b0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID: DrawText
                                                      • String ID:
                                                      • API String ID: 2175133113-0
                                                      • Opcode ID: d3565c68064531e6a13fc6480db9e1eea116a3f943ee130583af9fb1ca27ba94
                                                      • Instruction ID: 1639b6d662b83cdbeded08869e7ca7b7a379f978f2d0d1c7a706c9c185e5059b
                                                      • Opcode Fuzzy Hash: d3565c68064531e6a13fc6480db9e1eea116a3f943ee130583af9fb1ca27ba94
                                                      • Instruction Fuzzy Hash: 803128B6900349AFCF10CF99D880AEEBBF5FF48320F14841AE919A7210D335A955CFA0
                                                      Function 090BA9B2 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 41 90ba9b2-90baa04 43 90baa0f-90baa1e 41->43 44 90baa06-90baa0c 41->44 45 90baa23-90baa5c DrawTextExW 43->45 46 90baa20 43->46 44->43 47 90baa5e-90baa64 45->47 48 90baa65-90baa82 45->48 46->45 47->48
                                                      APIs
                                                      • DrawTextExW.USER32(?,?,?,?,?,?), ref: 090BAA4F
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2498853886.00000000090B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_90b0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID: DrawText
                                                      • String ID:
                                                      • API String ID: 2175133113-0
                                                      • Opcode ID: 213334abf4ab4e2b8b4dfc3a63b41dbbcc9eab8bfb24ef48fae206a04d834e1b
                                                      • Instruction ID: 054390d8b7323c334768bb7cc029840b555db406c95f440da779159e50ba28b3
                                                      • Opcode Fuzzy Hash: 213334abf4ab4e2b8b4dfc3a63b41dbbcc9eab8bfb24ef48fae206a04d834e1b
                                                      • Instruction Fuzzy Hash: F931F1B1D003499FDB10CF9AD884AEEFBF4EF48320F14842AE819A7210D375A944CFA0
                                                      Function 090BA9B8 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 51 90ba9b8-90baa04 53 90baa0f-90baa1e 51->53 54 90baa06-90baa0c 51->54 55 90baa23-90baa5c DrawTextExW 53->55 56 90baa20 53->56 54->53 57 90baa5e-90baa64 55->57 58 90baa65-90baa82 55->58 56->55 57->58
                                                      APIs
                                                      • DrawTextExW.USER32(?,?,?,?,?,?), ref: 090BAA4F
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2498853886.00000000090B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_90b0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID: DrawText
                                                      • String ID:
                                                      • API String ID: 2175133113-0
                                                      • Opcode ID: 7bf2ac550f6f783b2648f7cdd8cf003bc20832371b992b0ebd68612ebbc0d2d1
                                                      • Instruction ID: 33586b1b6188d7628d204c8896d35f76821fed72e029ec9fb420c0d8de872450
                                                      • Opcode Fuzzy Hash: 7bf2ac550f6f783b2648f7cdd8cf003bc20832371b992b0ebd68612ebbc0d2d1
                                                      • Instruction Fuzzy Hash: 2A21EEB59003099FDB10CF9AD884AEEFBF5EB48320F14842AE919A7210D774A944CFA0
                                                      Function 0A83E449 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 61 a83e449-a83e4a4 63 a83e4a6-a83e4e8 MonitorFromPoint 61->63 64 a83e50a-a83e525 61->64 67 a83e4f1-a83e4fc 63->67 68 a83e4ea-a83e4f0 63->68 70 a83e527-a83e534 64->70 73 a83e4ff call a83e620 67->73 74 a83e4ff call a83e60f 67->74 68->67 72 a83e505-a83e508 72->70 73->72 74->72
                                                      APIs
                                                      • MonitorFromPoint.USER32(?,?,00000002), ref: 0A83E4D7
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2499129011.000000000A830000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A830000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_a830000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID: FromMonitorPoint
                                                      • String ID:
                                                      • API String ID: 1566494148-0
                                                      • Opcode ID: e2eef2b4c42345b460a4722780674549ff76dd563ca9d928acc5653b959968c2
                                                      • Instruction ID: a1b17a29f94bcbda7e9c642594aa053c0800a5d2ebd47c45184fbc86d52385b5
                                                      • Opcode Fuzzy Hash: e2eef2b4c42345b460a4722780674549ff76dd563ca9d928acc5653b959968c2
                                                      • Instruction Fuzzy Hash: D92168719002499FCB20DFA9D409BAEBBF5EF88320F108459E995A7380CB386945CFA5
                                                      Function 0A83A758 Relevance: 1.6, APIs: 1, Instructions: 53windowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 75 a83a758-a83a7d4 CreateIconFromResourceEx 76 a83a7d6-a83a7dc 75->76 77 a83a7dd-a83a7fa 75->77 76->77
                                                      APIs
                                                      • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?), ref: 0A83A7C7
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2499129011.000000000A830000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A830000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_a830000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID: CreateFromIconResource
                                                      • String ID:
                                                      • API String ID: 3668623891-0
                                                      • Opcode ID: b03406ae6a771c39ac4172647e67282892666d5330b481c06d62b412fd553ba1
                                                      • Instruction ID: ea023686b2e67f109d8a9e6f13701e04b12618a3e289103d7ce8ca85786f69ac
                                                      • Opcode Fuzzy Hash: b03406ae6a771c39ac4172647e67282892666d5330b481c06d62b412fd553ba1
                                                      • Instruction Fuzzy Hash: BB1126B6800249DFDB10CF9AD884BEEBFF8EB48320F14841AE555A3210C379A954CFA5
                                                      Function 0A834598 Relevance: 1.5, APIs: 1, Instructions: 47timeCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 86 a834598-a83590a SetTimer 88 a835913-a835927 86->88 89 a83590c-a835912 86->89 89->88
                                                      APIs
                                                      • SetTimer.USER32(?,0302AF30,?,?), ref: 0A8358FD
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2499129011.000000000A830000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A830000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_a830000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID: Timer
                                                      • String ID:
                                                      • API String ID: 2870079774-0
                                                      • Opcode ID: 460f9b20b97517e9df6141964d34bf503894331975fb16767a8e2ac702d848c5
                                                      • Instruction ID: eb76af941051fdf3e04595be203da12d311c304b730b2f78feeffd23915c70d5
                                                      • Opcode Fuzzy Hash: 460f9b20b97517e9df6141964d34bf503894331975fb16767a8e2ac702d848c5
                                                      • Instruction Fuzzy Hash: 8A11F2B6804349DFDB20DF9AD885BDEBBF8EB48320F108419E919A7210C375A954CFA5
                                                      Function 016BFCE0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 80 16bfce0-16bfd20 81 16bfd28-16bfd53 GetModuleHandleW 80->81 82 16bfd22-16bfd25 80->82 83 16bfd5c-16bfd70 81->83 84 16bfd55-16bfd5b 81->84 82->81 84->83
                                                      APIs
                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 016BFD46
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2491555435.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_16b0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID: HandleModule
                                                      • String ID:
                                                      • API String ID: 4139908857-0
                                                      • Opcode ID: 5bbd34b79c151a6ee025006548faf80fd0e5af20a2ef26d3d81ef4b1bf14fd61
                                                      • Instruction ID: 7c0f13e9346cca5517e3835a6e99905bcaa187c4d2d5965647115affb91f0c1c
                                                      • Opcode Fuzzy Hash: 5bbd34b79c151a6ee025006548faf80fd0e5af20a2ef26d3d81ef4b1bf14fd61
                                                      • Instruction Fuzzy Hash: 8C110FB6D003498FDB20DF9AD884ADEFBF4EF88320F10855AC529A7210C379A545CFA1
                                                      Function 05C977A4 Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 212 5c977a4-5c9c0f8 call 5c9b4d4 220 5c9c11a-5c9c13e 212->220 221 5c9c0fa-5c9c0fc 212->221 223 5c9c145-5c9c1a2 call 5c9b4f4 220->223 222 5c9c0fe-5c9c10d call 5c9b4e4 221->222 221->223 229 5c9c112-5c9c119 222->229 237 5c9c1a7-5c9c1b7 223->237
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: #
                                                      • API String ID: 0-1885708031
                                                      • Opcode ID: ec62ba119d1a3b15083f44f8ddbc87cb477b07dbb58bf842aa0db807325eb445
                                                      • Instruction ID: dbb82768034839c97f76d835bc522fb19bd75f455dcc42f03ea873729687b05d
                                                      • Opcode Fuzzy Hash: ec62ba119d1a3b15083f44f8ddbc87cb477b07dbb58bf842aa0db807325eb445
                                                      • Instruction Fuzzy Hash: 3F3101353042148BCB08AB79946436E7BE6EFC9610F1488AED50ADB391EF758D06C7A6
                                                      Function 05C97790 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 284 5c97790-5c9c0b9 288 5c9c0c1-5c9c0dd call 5c9b4d4 284->288 290 5c9c0e2-5c9c0f8 288->290 293 5c9c11a-5c9c13e 290->293 294 5c9c0fa-5c9c0fc 290->294 296 5c9c145-5c9c193 293->296 295 5c9c0fe-5c9c101 294->295 294->296 299 5c9c10b-5c9c10d call 5c9b4e4 295->299 308 5c9c195-5c9c1a2 call 5c9b4f4 296->308 302 5c9c112-5c9c119 299->302 310 5c9c1a7-5c9c1b7 308->310
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: #
                                                      • API String ID: 0-1885708031
                                                      • Opcode ID: dc1817d264d2a2ff935410c8fb6c0ab22755e5fbe39dbfadc9a9a8bdb0b20464
                                                      • Instruction ID: d6c1f447b3b133c7db893aed855bc9d9c57a4a38391e0a69cda2bfc4f144015a
                                                      • Opcode Fuzzy Hash: dc1817d264d2a2ff935410c8fb6c0ab22755e5fbe39dbfadc9a9a8bdb0b20464
                                                      • Instruction Fuzzy Hash: 611134316042508BCB04DFBDC4646AFBBF5EFC5714B10859ED5098B262EB328D06C7D5
                                                      Function 05C9C078 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: #
                                                      • API String ID: 0-1885708031
                                                      • Opcode ID: cd2f0c42cbd7ba70cc7b4617152af1b967ebe6237ba157b2f14eda1d7fe4a1f2
                                                      • Instruction ID: 864b8fcdf1e75f15a549e23747c374463c31e967051bf7f9f85836abdf5cfdb5
                                                      • Opcode Fuzzy Hash: cd2f0c42cbd7ba70cc7b4617152af1b967ebe6237ba157b2f14eda1d7fe4a1f2
                                                      • Instruction Fuzzy Hash: 7411E1717002048BCB08DFA9D4446AFB7F6FF84704F10886ED40ADB361EB768A02C791
                                                      Function 05C9A830 Relevance: 1.3, Strings: 1, Instructions: 39COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID: 0-76226702
                                                      • Opcode ID: c8628b8ff7712a94ac71c1a53593f2e13349e97111b8b7c257a2e7f334530c15
                                                      • Instruction ID: e6539587e0113a55711e1352974a793a8bdd6db9983ae95c2d1f1c0b58ba5486
                                                      • Opcode Fuzzy Hash: c8628b8ff7712a94ac71c1a53593f2e13349e97111b8b7c257a2e7f334530c15
                                                      • Instruction Fuzzy Hash: 93F0BB712007056BD305A76AD841AAFBB97EBC5220B10CD2EE10A8F750EF75BC4287F5
                                                      Function 05C9D448 Relevance: .8, Instructions: 758COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6fcaddb31d95314a1d075826dc45c344d5c9b72467d0755afd303e9226ea3213
                                                      • Instruction ID: dafb1bf1d83bd4e35b303d782c7ac784acc38f18839140a5f8603d7f94919249
                                                      • Opcode Fuzzy Hash: 6fcaddb31d95314a1d075826dc45c344d5c9b72467d0755afd303e9226ea3213
                                                      • Instruction Fuzzy Hash: F662DAB4F00B818ADF78DB74848D3AE7AA2BB95301F104D5FD1ABEB241DB749581CB19
                                                      Function 05C9D3E8 Relevance: .5, Instructions: 481COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5c8c91b1bd3174a13990a03d669f45d46f3f5d444745405ee36a9b92b32149f4
                                                      • Instruction ID: 995069a5cec5b81d8b153b6270125ed715e6a8b662365bdd55e8f0f42bc14840
                                                      • Opcode Fuzzy Hash: 5c8c91b1bd3174a13990a03d669f45d46f3f5d444745405ee36a9b92b32149f4
                                                      • Instruction Fuzzy Hash: 6F227EB4A05B828ADF789F64848D39DB690BB46301F204D9BD0FBFB255C7749186CB4D
                                                      Function 05C97110 Relevance: .3, Instructions: 286COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8727a2b13e920b288718c5a895e4627fd543cc903a7c60029d1d4175e574c6fe
                                                      • Instruction ID: 4a8103028c951d3b52343ec0257d69abe6ab5f2e9a1171f1037a3d26d3a839dc
                                                      • Opcode Fuzzy Hash: 8727a2b13e920b288718c5a895e4627fd543cc903a7c60029d1d4175e574c6fe
                                                      • Instruction Fuzzy Hash: BC91BF70A11208DFDF18DFA9D848AAEBFF6FF89310F108869E445A7650DB359841CBA1
                                                      Function 05C99FBB Relevance: .3, Instructions: 256COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3cc4fad33a8e2a5338ebcb59d4dab31ff1eafe20a6145d86af229c220a82abc1
                                                      • Instruction ID: 695dc0556559489d991bdaead832b233a3f0ace8cefc779b5afa1829364fe90a
                                                      • Opcode Fuzzy Hash: 3cc4fad33a8e2a5338ebcb59d4dab31ff1eafe20a6145d86af229c220a82abc1
                                                      • Instruction Fuzzy Hash: BB814F30B04609CF9E6C9A7A8C1C63A76D7BFCA251B25486AC507CB358EF61CD45C762
                                                      Function 05C9C514 Relevance: .2, Instructions: 237COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: eb22dfd75e9ad7c9cd6c4e095337e9b667057557ddb40ea3d60e2444dc222fc7
                                                      • Instruction ID: a607945cbc2a9a68e6eeae026e8dc6b550db4319b5cecc15ae22287e51d3a791
                                                      • Opcode Fuzzy Hash: eb22dfd75e9ad7c9cd6c4e095337e9b667057557ddb40ea3d60e2444dc222fc7
                                                      • Instruction Fuzzy Hash: 7B91F276E00209DFCF05CFA9D884ADEBBF5FF88310F10852AE919A7254D730A955CB90
                                                      Function 05C993F0 Relevance: .2, Instructions: 231COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d6d1067acb2f11c1562c127f600f203c24acda51155ed0ca83fe7a0f6dfe0643
                                                      • Instruction ID: 2d63ee53ca92b88d9e42cbc8d8004d91c0909d3126ef7daa945f8a2a3f1e6b05
                                                      • Opcode Fuzzy Hash: d6d1067acb2f11c1562c127f600f203c24acda51155ed0ca83fe7a0f6dfe0643
                                                      • Instruction Fuzzy Hash: F281D375A042098FDB05EFB9D854AAE7BB3FFC9300F10456AD2069B395EB385D05CBA1
                                                      Function 05C9E694 Relevance: .2, Instructions: 214COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e603e5c07c07cd09cdde52dddbdd7b44499c6a405b1a591b719ded53d303b41a
                                                      • Instruction ID: 360afe68236eea09090a83ed37beb237d52519b47d6c90b36bb5712ea953869a
                                                      • Opcode Fuzzy Hash: e603e5c07c07cd09cdde52dddbdd7b44499c6a405b1a591b719ded53d303b41a
                                                      • Instruction Fuzzy Hash: 0E713471A01249DFDF15DFA9D884AEEBBF5FF88310F10882AE909A7250D7349911CFA5
                                                      Function 05C962A0 Relevance: .2, Instructions: 207COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a97faea278639b65164ce071eac6b558c5d46337e3dac4e0ad1ea354094c9cd2
                                                      • Instruction ID: 66643f68531dbb86ec197497a84a283b676f15a7d22c4ba30de2fdd3c8cae62a
                                                      • Opcode Fuzzy Hash: a97faea278639b65164ce071eac6b558c5d46337e3dac4e0ad1ea354094c9cd2
                                                      • Instruction Fuzzy Hash: 76813D75E003199FDF08DFA9C8946AEBBF2FF88310F24852AD405AB354DB745941CBA1
                                                      Function 05C9B4AC Relevance: .2, Instructions: 177COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f3d5ddb1c4b36bb3ad407ef9a03b977c7d5ba17c5836953bea2bb1fab86920e9
                                                      • Instruction ID: 22c0ffc2ce5c81ff1220aadb168317186b3144d78ecea7550141ed99e434525c
                                                      • Opcode Fuzzy Hash: f3d5ddb1c4b36bb3ad407ef9a03b977c7d5ba17c5836953bea2bb1fab86920e9
                                                      • Instruction Fuzzy Hash: 11617974E042089FCF18DFA9D888AAEBBB6BF48314F148459E816AB350DB749C04CF95
                                                      Function 05C9A3D0 Relevance: .2, Instructions: 171COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f1f0f78821d29de3c19a61fc06377e9f394b225855d7bef37a5113becf7149c0
                                                      • Instruction ID: 0e6fd4c4707e320a80ac4f08ee28176bbcc79560b94f1db3590eb362e342bd19
                                                      • Opcode Fuzzy Hash: f1f0f78821d29de3c19a61fc06377e9f394b225855d7bef37a5113becf7149c0
                                                      • Instruction Fuzzy Hash: 6961BC74B00A09DFCB18DF58C4849AEBBB2FF84310B218969C54A9B755DB31FD92CB90
                                                      Function 05C992E8 Relevance: .2, Instructions: 170COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 07781c756ee870bb5d8363d69cb35f798f5717c5083241cba67f7f01d2a5118a
                                                      • Instruction ID: 3b8a5a8b865470612df178908297800615d12d4d68ccd8ae0321bc11bd6974f4
                                                      • Opcode Fuzzy Hash: 07781c756ee870bb5d8363d69cb35f798f5717c5083241cba67f7f01d2a5118a
                                                      • Instruction Fuzzy Hash: 27614074A0021ACFDB04DFB5D944AAE7BB6FF88310F108539D606AB354EB399D45CB91
                                                      Function 05C98340 Relevance: .1, Instructions: 127COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 018a8618891ea31610bed2654283081084c306a6b476658992703cb53e6829d6
                                                      • Instruction ID: 21c651c420eabda5edc2164e039b90013ac27fa7bcce2dd3b1627d0b5e033705
                                                      • Opcode Fuzzy Hash: 018a8618891ea31610bed2654283081084c306a6b476658992703cb53e6829d6
                                                      • Instruction Fuzzy Hash: 75413C70B141588FDB18DB69D898EADBBF6FF8A700F1444A9E501EB361DB75D900CB50
                                                      Function 05C9AE27 Relevance: .1, Instructions: 115COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d0b1c01633b59ecf486e0d9ae6271339a9a38f8030bc7d302d4b88c1e56148df
                                                      • Instruction ID: 91f46d6bde0267507dbb6123b92cd368c1f9cbb2f86fffbf71dde44c57b5fe95
                                                      • Opcode Fuzzy Hash: d0b1c01633b59ecf486e0d9ae6271339a9a38f8030bc7d302d4b88c1e56148df
                                                      • Instruction Fuzzy Hash: 6341EE75300114CFDB08AB79D958B6E7BE7EBC8300F14886DE506EB7A9DE799C018B94
                                                      Function 05C9F860 Relevance: .1, Instructions: 114COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7124eb5b040ec8329dba97d9c42d3e24c1839fbd1a1535e29b991bc915579f7b
                                                      • Instruction ID: 4703676ce5f1724a6621de5050fe313f2c0ecc051a8076b1b37fe7021c75bf25
                                                      • Opcode Fuzzy Hash: 7124eb5b040ec8329dba97d9c42d3e24c1839fbd1a1535e29b991bc915579f7b
                                                      • Instruction Fuzzy Hash: B7419134E12248EFDB04EFA8E488AEEBBB2EF86300F250569E405B7350DB706D45CB51
                                                      Function 05C9B078 Relevance: .1, Instructions: 112COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d19e211e312511cd78a31c09c62c137c4d5e933874c70f6dd6b9e4fec1b02897
                                                      • Instruction ID: c6f71d2d325e1a502c980a772f90952c2ce0dbff26bf2d2f978915bcaec86b12
                                                      • Opcode Fuzzy Hash: d19e211e312511cd78a31c09c62c137c4d5e933874c70f6dd6b9e4fec1b02897
                                                      • Instruction Fuzzy Hash: F3417C75A00349DFCF14DFA9D848ADEBBF5FF89310F10852AE505A7210EB75A944CBA1
                                                      Function 05C9E890 Relevance: .1, Instructions: 109COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 322f659e56fe0c6688935c8e9e359c7b1a1350e20fbfef55ea72ac31bd20b520
                                                      • Instruction ID: 723246f81a7de1281833be5a8e789886e67718932597b5da9e50130a6d0db8a8
                                                      • Opcode Fuzzy Hash: 322f659e56fe0c6688935c8e9e359c7b1a1350e20fbfef55ea72ac31bd20b520
                                                      • Instruction Fuzzy Hash: CF413A35E12208EFDB04EFA8D589AEEBBB2EF86300F640969E50577350DB706D85CB45
                                                      Function 05C9A670 Relevance: .1, Instructions: 107COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 318f8a7a0014bc98a5f046cc81340b36f9f6686a90e65c04e4513a36cc37cc57
                                                      • Instruction ID: 580c9c8076c16694bd718f0ebfb2cba079c75ae8c65e6d4e1b4c7b53654e46fb
                                                      • Opcode Fuzzy Hash: 318f8a7a0014bc98a5f046cc81340b36f9f6686a90e65c04e4513a36cc37cc57
                                                      • Instruction Fuzzy Hash: 3C4183B8A0421A8FCF14CFA8C985AAEBBB2FF48310F148959D5159B255D774E942CBD0
                                                      Function 05C9CD78 Relevance: .1, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1d4832fe8fbcf6062decfc7262f215e8d666441d221da7a9e10f81467d2171d0
                                                      • Instruction ID: b73bff0c47e2fb989c2d6d041c0829c933272fc7663b359fc7af6b0c72bce6df
                                                      • Opcode Fuzzy Hash: 1d4832fe8fbcf6062decfc7262f215e8d666441d221da7a9e10f81467d2171d0
                                                      • Instruction Fuzzy Hash: 42316B7164824ADBCB09EE16D48C56ABFE1EB84210F408C5DE8E686284EB30DD35CB86
                                                      Function 05C99BA8 Relevance: .1, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ab1ddd6ac7070fa774a37de5ae80d57af69661762a2d5f590d7f8ed9390abc72
                                                      • Instruction ID: d2b0540c62bc72ef4e5a6af73cf1ea73a60add677936fb7ecb3c9cdb0238ece7
                                                      • Opcode Fuzzy Hash: ab1ddd6ac7070fa774a37de5ae80d57af69661762a2d5f590d7f8ed9390abc72
                                                      • Instruction Fuzzy Hash: 5F410D75E002198BDF18DBA9CC586EEBBF2BB88711F149829D502BB354DB759840CBA4
                                                      Function 05C98B08 Relevance: .1, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b38a247c3f7879a7d7839e96f3289abff67b07ebfdc6e980cab020673631e676
                                                      • Instruction ID: 69970004ff3aea1f692cb8a0c77ea8f89702eeb6c6c2dc88622e6554bc896ca7
                                                      • Opcode Fuzzy Hash: b38a247c3f7879a7d7839e96f3289abff67b07ebfdc6e980cab020673631e676
                                                      • Instruction Fuzzy Hash: 5541E271A053488FDB14DF6AD80879EBFF5EF89310F04882AD155D7250DB78A845CFA1
                                                      Function 05C99D80 Relevance: .1, Instructions: 103COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ef08a6d08f1d952d253ea1f624ac96534b896ebbaa96b05c5232436d9b526f50
                                                      • Instruction ID: 2010ed1f525d59d0780ceeb5c924d0767d4f049b56fceb6c4efba516974afce6
                                                      • Opcode Fuzzy Hash: ef08a6d08f1d952d253ea1f624ac96534b896ebbaa96b05c5232436d9b526f50
                                                      • Instruction Fuzzy Hash: C041C775A00228CFDB14DFA8D958ADD7BF2BB4C311F110699E906AB3A1DB359D40CB64
                                                      Function 05C9D2C0 Relevance: .1, Instructions: 102COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 29a17091e01e5388c79a0657871f462033c68794e362d7ca535c9702518540bc
                                                      • Instruction ID: d4623d4822322c1ca89b1534128d65f933ca6113e6b9567165a7b5a8ce33a57e
                                                      • Opcode Fuzzy Hash: 29a17091e01e5388c79a0657871f462033c68794e362d7ca535c9702518540bc
                                                      • Instruction Fuzzy Hash: DE31BE35604619CBCF04DFA8E8854BFBBF6FF45612B18886BE809EB251E735C905C7A1
                                                      Function 05C952D0 Relevance: .1, Instructions: 95COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b7ccd67826e3117a7a615f15bafd4d5d55f6c78ce257487f9b5984b233ee58c0
                                                      • Instruction ID: bb65eb2a2cbfd94dc339eefbacc97e39fdb9f1d76f1bf7ba27bc1bf2ed6246b6
                                                      • Opcode Fuzzy Hash: b7ccd67826e3117a7a615f15bafd4d5d55f6c78ce257487f9b5984b233ee58c0
                                                      • Instruction Fuzzy Hash: 1341D2B0D00359DFDB14CF9AD888A9EFBB1FF48710F20852AE419AB254DB745945CF90
                                                      Function 05C9AE38 Relevance: .1, Instructions: 89COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 63f35d729a9037eb311169eb6216656caf590ec5f8e13d796b2b93655641693b
                                                      • Instruction ID: 1142f96812f8411df8e4a98303ba5d12970df93bbee5cfea8fd875daa26bbc35
                                                      • Opcode Fuzzy Hash: 63f35d729a9037eb311169eb6216656caf590ec5f8e13d796b2b93655641693b
                                                      • Instruction Fuzzy Hash: 6D31AE743002159FDB08AB79C818B6E7AE7EBC8700F10846DE506AB3A5DE799C018B95
                                                      Function 05C983C6 Relevance: .1, Instructions: 88COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6ba3d1318f662d1bcad90b5178b1e6b55f4b65331e7662aea5ae5fc0a641c703
                                                      • Instruction ID: bfe25eb830a48ad7a918e2a356dec75644566fd7c568954c80242800c37ce213
                                                      • Opcode Fuzzy Hash: 6ba3d1318f662d1bcad90b5178b1e6b55f4b65331e7662aea5ae5fc0a641c703
                                                      • Instruction Fuzzy Hash: 78314875B141148FDB04DB69C898EADBBF6FF4A700F5404A9E502EB2A2CB75DD40CB50
                                                      Function 05C9C940 Relevance: .1, Instructions: 87COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5dcf43494571642ef52889535fa413e9c0a31132531cab5d10d53be172d51310
                                                      • Instruction ID: 2966838ab2f12e8eaf8c64710078127906a20739883e4ea982b9e55c267e149e
                                                      • Opcode Fuzzy Hash: 5dcf43494571642ef52889535fa413e9c0a31132531cab5d10d53be172d51310
                                                      • Instruction Fuzzy Hash: A5318F75A00208ABDF049FA8D858AEE7BF6EB8C714F058519E902B7390CB715C00DF94
                                                      Function 05C98580 Relevance: .1, Instructions: 84COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 779d740bf9ad368e692797341b1e38c91b4f936adc2ccd51697dab6d13aa67d4
                                                      • Instruction ID: d7d0b7fdd46843e8222119396eb6dbcb8e9b91a848ca4d7dbf7a0383a0702f6f
                                                      • Opcode Fuzzy Hash: 779d740bf9ad368e692797341b1e38c91b4f936adc2ccd51697dab6d13aa67d4
                                                      • Instruction Fuzzy Hash: EC31B174600209DFDB049F71E918BAE7BB7FB84305F108428E606AB3A5DF394D40CBA1
                                                      Function 05C9C5DC Relevance: .1, Instructions: 79COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 27ce19e7b43896b70e8d223117995e4fec014d7dfdbf45c0ce02e1332d1bddf4
                                                      • Instruction ID: 5bb4949a67b196b90854d3134f924100e10858f47f642f7636614658c9f4395b
                                                      • Opcode Fuzzy Hash: 27ce19e7b43896b70e8d223117995e4fec014d7dfdbf45c0ce02e1332d1bddf4
                                                      • Instruction Fuzzy Hash: 0231D1B6901249DFCF14CF99D884ADEBBF5FB48320F10842AE919A7310D775A951CFA0
                                                      Function 05C9D29B Relevance: .1, Instructions: 78COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f83f4e870ce3e74990b2ffbc1b6ff46a31d81c73474af503b0510e5597a4b65a
                                                      • Instruction ID: 570e8fb6a314fd60047d4cc5f24ce1c144bfb6662865c4b3194510752badab97
                                                      • Opcode Fuzzy Hash: f83f4e870ce3e74990b2ffbc1b6ff46a31d81c73474af503b0510e5597a4b65a
                                                      • Instruction Fuzzy Hash: AC21A17050839A8FCF01CF69D8945AF7FB5FF46201B1888A7E805EB256E7389D05C762
                                                      Function 0162D6A0 Relevance: .1, Instructions: 77COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2490965218.000000000162D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0162D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_162d000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 339523368da95902cc9006cc1ddd279c08f0a85ab506e1a7bd55a328cf63e3e8
                                                      • Instruction ID: 56d8f0c603779acadecab5e2c6620bba36108cc57297d86f80ed40e69bd48fad
                                                      • Opcode Fuzzy Hash: 339523368da95902cc9006cc1ddd279c08f0a85ab506e1a7bd55a328cf63e3e8
                                                      • Instruction Fuzzy Hash: 96213676100690EFDF05DF44DDC0B26BFA2FB88314F248269E9090B256C33AD412CFA1
                                                      Function 05C9628C Relevance: .1, Instructions: 74COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2b980a443f312c923409ff3476ee8b90f8ecb89287f18b5308997d8b65efa310
                                                      • Instruction ID: 21416bca037de21fdb6a23038aa009a1910db435ccfe7f7bf3939e0c520c1c30
                                                      • Opcode Fuzzy Hash: 2b980a443f312c923409ff3476ee8b90f8ecb89287f18b5308997d8b65efa310
                                                      • Instruction Fuzzy Hash: C0219575A0021A8FDF09DBA888549FFBBB6BF89300B14452AD505E7250EB345A41CB61
                                                      Function 0163D104 Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2491024962.000000000163D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0163D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_163d000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: efdff289456c9b01de31436d792ce8b9edcfa35b4cec1b53ca26474ff93c5622
                                                      • Instruction ID: b784bdffb2ff1750358af6676e7337cd92ed1a24c2f3035a321c4d3e0eb2bf4a
                                                      • Opcode Fuzzy Hash: efdff289456c9b01de31436d792ce8b9edcfa35b4cec1b53ca26474ff93c5622
                                                      • Instruction Fuzzy Hash: 872122B1604244EFDB05CF58CDC0B26BBA1FBC8315F60C5ADE94A0B382C33AD846CA61
                                                      Function 0163D328 Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2491024962.000000000163D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0163D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_163d000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 87c97029c9056315529ef529b25212e3bf24db8f67016ed8288ff5aed12ed72f
                                                      • Instruction ID: df738c1144b5db158e198fcbdfd1fc8115271aa96d6ebea721cb42d36dc5a81e
                                                      • Opcode Fuzzy Hash: 87c97029c9056315529ef529b25212e3bf24db8f67016ed8288ff5aed12ed72f
                                                      • Instruction Fuzzy Hash: 9C2134B1604244EFEB05CF58D9C0B26BBA5FBC9314F64C56DD90A4B352C37ADC46CA61
                                                      Function 0163D01C Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2491024962.000000000163D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0163D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_163d000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 82fbe034f6c792d430dcfac4ece2f6b51401ecf9836fa6055efad7a01d06f761
                                                      • Instruction ID: bea3b6f348dbe1f4ac406d90a80bc12dcb08bf1ac943c13dc66a8adf6ca6da95
                                                      • Opcode Fuzzy Hash: 82fbe034f6c792d430dcfac4ece2f6b51401ecf9836fa6055efad7a01d06f761
                                                      • Instruction Fuzzy Hash: 682100B1604200DFDB15DF68D980B16FBA5FBC8B14F60C56DE94A0B392C33AD847CA61
                                                      Function 05C9E6B4 Relevance: .1, Instructions: 70COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dad5a4da926dc12ba1c1d2705791872c9920c742f08309ef71c46e457b67a6f8
                                                      • Instruction ID: ef6dcf7be15e6874f6ff3bcca1320b8a6be827c21eaae02b0753bafbef9439ee
                                                      • Opcode Fuzzy Hash: dad5a4da926dc12ba1c1d2705791872c9920c742f08309ef71c46e457b67a6f8
                                                      • Instruction Fuzzy Hash: A931DDB5D00249DFCB15CF9AD884ADEBBF4FB48320F14842AE929A7310D775A940CFA4
                                                      Function 05C9CD68 Relevance: .1, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 75058b3874da09b711a4391ffcbc39cbe158c93c83c5ba877dd0cfe113ce479c
                                                      • Instruction ID: 2ccd287f1b90e93c863304e9974bdf34782f1f4e45d752a8bdca3ed7b883236c
                                                      • Opcode Fuzzy Hash: 75058b3874da09b711a4391ffcbc39cbe158c93c83c5ba877dd0cfe113ce479c
                                                      • Instruction Fuzzy Hash: AE216A7164C246AFCB09AF16D59C56ABFF1EB84200F518C5DE4A692288E7318835CB86
                                                      Function 05C97F30 Relevance: .1, Instructions: 68COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6dda1762750799efef680b7ef99f70089c46f5eb9640ed3ff35cb97adcf0d0de
                                                      • Instruction ID: 225a4bc25b6b0216ddc6cb9f76fb7c8d71daf978c44217df4ec75b0d7601cb9d
                                                      • Opcode Fuzzy Hash: 6dda1762750799efef680b7ef99f70089c46f5eb9640ed3ff35cb97adcf0d0de
                                                      • Instruction Fuzzy Hash: 4B1108363145114B4F2EE67AA18C87E37E3EBC51A13184C6AE14ECB640FE24D8436350
                                                      Function 05C9E6F8 Relevance: .1, Instructions: 67COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c164d83f3ff268dbb706e6a2574eefecf2e4b701a7ee7683a1ea24730bfe293b
                                                      • Instruction ID: 9c009bfc6b570fccd5d4201c6f3c0aadc263066a127210a4af375fe4ff63bb3f
                                                      • Opcode Fuzzy Hash: c164d83f3ff268dbb706e6a2574eefecf2e4b701a7ee7683a1ea24730bfe293b
                                                      • Instruction Fuzzy Hash: 8B11083230460587EB159A6EEC8876AB3E7FBC8310F548C3DD119CB659CA78984587A4
                                                      Function 05C9E8F0 Relevance: .1, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 16a0a1cc7149ec2d3d38a046e293c5d2c6e4bab36fa52d864750484952cc5711
                                                      • Instruction ID: 7f17039e2722039e99aa95b45de948fa4763a298968eaf94704e5c88ecc6b5c5
                                                      • Opcode Fuzzy Hash: 16a0a1cc7149ec2d3d38a046e293c5d2c6e4bab36fa52d864750484952cc5711
                                                      • Instruction Fuzzy Hash: 7011BE71B11159DBDF05AFA4D40DAAF7F7AEBD4700F210C2AE48563249EA318930CBE2
                                                      Function 05C9E900 Relevance: .1, Instructions: 60COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ce1752d29b1942b32fce260178e5459a778980b48b2873f1792e98be92bf0665
                                                      • Instruction ID: 4c2cc208a7cb103ed834fe09956201d9054ce49912988352d67031fd86ad315d
                                                      • Opcode Fuzzy Hash: ce1752d29b1942b32fce260178e5459a778980b48b2873f1792e98be92bf0665
                                                      • Instruction Fuzzy Hash: B9116D71B11119DBDF04AFA8D40D6AFBFBAEBD4710F210C29E44562245EB318931CBE2
                                                      Function 05C9B495 Relevance: .1, Instructions: 59COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 81877be17285a952f2ab244912d5b26f4c2e30aa63c311fdad1e6bc478430d9b
                                                      • Instruction ID: 33f61a74c22a0a7a73a685c4761182e438f2900295c009bb6cbc145d4f9995b6
                                                      • Opcode Fuzzy Hash: 81877be17285a952f2ab244912d5b26f4c2e30aa63c311fdad1e6bc478430d9b
                                                      • Instruction Fuzzy Hash: 0F1106303443129BEB056669986479A7B9AEF95318F10885FD1858F2C2CEFA5C8647B2
                                                      Function 0162D69B Relevance: .1, Instructions: 58COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2490965218.000000000162D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0162D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_162d000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 463381744946a27950a76635d9dc25d9426975556cca9b202a53a64aa02aee6e
                                                      • Instruction ID: b0bf86ceab9febf117bb2a9f20a2da9d4f3954ea856c5b023021c0ca8ae65130
                                                      • Opcode Fuzzy Hash: 463381744946a27950a76635d9dc25d9426975556cca9b202a53a64aa02aee6e
                                                      • Instruction Fuzzy Hash: 9821AC76404280DFCB06CF44D9C4B26BFB2FB88314F2486A9D9480B256C33AD426CFA2
                                                      Function 05C9B062 Relevance: .1, Instructions: 55COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4194c95634ec10922daa32f4fa63bbd931ecb2f6a980938f93dc07409e64a788
                                                      • Instruction ID: bed1527fe6097b590417731199b5b84f38dc1bdb504b972f7a8d316165e2e8ce
                                                      • Opcode Fuzzy Hash: 4194c95634ec10922daa32f4fa63bbd931ecb2f6a980938f93dc07409e64a788
                                                      • Instruction Fuzzy Hash: 8111C636A0025A9FCF05CBA0C8509DABB76FF89300F454566E2017B210EB359555CBA1
                                                      Function 05C9B8E8 Relevance: .1, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 809c7dd6f072409c5f969bdb1c38fa2327a805d8a019aa753cda05ee92912c3f
                                                      • Instruction ID: 4a15383fa5c1845742bbfe16b1f3403f1dde9c800523ec4b83b28e28583194fb
                                                      • Opcode Fuzzy Hash: 809c7dd6f072409c5f969bdb1c38fa2327a805d8a019aa753cda05ee92912c3f
                                                      • Instruction Fuzzy Hash: 2A019B7531450A9FD7059B25F444A7973E7EBC4654704893AD109CB740EB34ED058BE1
                                                      Function 0163D323 Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2491024962.000000000163D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0163D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_163d000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2ccfe305154e95a536d18b49939e535c9c69fd109e9eb5688aea898868e671a0
                                                      • Instruction ID: 833d0ab0eb3e9d1b100aebb46e48ca7d4f87572bffb7b25fe533b9b9fb106de7
                                                      • Opcode Fuzzy Hash: 2ccfe305154e95a536d18b49939e535c9c69fd109e9eb5688aea898868e671a0
                                                      • Instruction Fuzzy Hash: 5411BB75504284CFDB02CF58D9C4B15BBA1FB85314F24C6AAD8094B757C33AD80ACF61
                                                      Function 0163D017 Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2491024962.000000000163D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0163D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_163d000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2ccfe305154e95a536d18b49939e535c9c69fd109e9eb5688aea898868e671a0
                                                      • Instruction ID: c9409e8c3497b7625c2228a7b213d574d18f800efbc3f781ef60dc5f2b5090df
                                                      • Opcode Fuzzy Hash: 2ccfe305154e95a536d18b49939e535c9c69fd109e9eb5688aea898868e671a0
                                                      • Instruction Fuzzy Hash: 0F11DD75504280CFCB12CF58D9C4B15FFA2FB88714F24C6AAD8494B796C33AD40ACBA2
                                                      Function 0163D0FF Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2491024962.000000000163D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0163D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_163d000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2ccfe305154e95a536d18b49939e535c9c69fd109e9eb5688aea898868e671a0
                                                      • Instruction ID: 72cbbb514375d460907d5906fd383b8ce96a30824cad0f80f3e2261a7ca9b5cc
                                                      • Opcode Fuzzy Hash: 2ccfe305154e95a536d18b49939e535c9c69fd109e9eb5688aea898868e671a0
                                                      • Instruction Fuzzy Hash: C611BB75504284CFDB06CF14C9C4B15BBA2FB88214F24C6A9DC494B796C33AD44ACB61
                                                      Function 05C9B4E4 Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a270524c11cc2daea871875d44dd7c6a92f3e0b791b3cfccf9c9c02704da46f6
                                                      • Instruction ID: bd4ee489fc0a85015af9d26d2d7737eddf50a665c99c8243b42d6592d25e9372
                                                      • Opcode Fuzzy Hash: a270524c11cc2daea871875d44dd7c6a92f3e0b791b3cfccf9c9c02704da46f6
                                                      • Instruction Fuzzy Hash: C4111974A00615DFCB00DFA8D884AAFBBF6FF88310F148559E959A7314D734A915CBA1
                                                      Function 05C9AFB0 Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2cf5a51d261c6ff642d5aaff4e3bef6fcf6f0e94b596eb11c44568ec6fc71a3d
                                                      • Instruction ID: 96f807f3cab9a8df8f3682fda39cd023cddd3727786957474fd747b3d6396d89
                                                      • Opcode Fuzzy Hash: 2cf5a51d261c6ff642d5aaff4e3bef6fcf6f0e94b596eb11c44568ec6fc71a3d
                                                      • Instruction Fuzzy Hash: 49117C71B00155DFCF08DB69D8586EDB7F6AF88305F1408AAD506EB7A0CBB18D01CBA1
                                                      Function 05C9C890 Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 054c0aa68a0e68e0cd1e85e6743b992e8b715ef50df90b0f39dd40a9fdedf813
                                                      • Instruction ID: 072e88c07dab542be4340571d181c4657240bce8a6d0ba6d4565d6a13573d779
                                                      • Opcode Fuzzy Hash: 054c0aa68a0e68e0cd1e85e6743b992e8b715ef50df90b0f39dd40a9fdedf813
                                                      • Instruction Fuzzy Hash: 69114974A00618DFCB00DFA4D884AAFFBF9FF48310F148559E999A7314D734A815CBA1
                                                      Function 05C9B4F4 Relevance: .1, Instructions: 51COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e781e062a76b25c3b588e91bf6cff878be4faaa03b46280d4fb74725925204c4
                                                      • Instruction ID: d7243abc996eca11223b15fb94517fb46a968432897030f0ca254a504d6aa50c
                                                      • Opcode Fuzzy Hash: e781e062a76b25c3b588e91bf6cff878be4faaa03b46280d4fb74725925204c4
                                                      • Instruction Fuzzy Hash: A711D6303403129BEB04AA69D85479A76CAEF94715F10891ED1998F3C2CEFA5C864BA5
                                                      Function 05C99710 Relevance: .1, Instructions: 51COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9e448ceaad6da4361a94216133b417456c0576d0477cc979ae024322d04f3197
                                                      • Instruction ID: 999d1a18ef98b3a595c77b2228a46770ed4752f2804a184239fa0a558b6e8772
                                                      • Opcode Fuzzy Hash: 9e448ceaad6da4361a94216133b417456c0576d0477cc979ae024322d04f3197
                                                      • Instruction Fuzzy Hash: 45018031E1021E8FDF44EFB998152EE7BB6FF86211F204529D605BB244EB301A56CBD1
                                                      Function 05C95314 Relevance: .1, Instructions: 51COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 02f859bfe0e3d6e649d0848f34baf174382c12b64cc967a2966e0326cb3f6eb0
                                                      • Instruction ID: 1c3b6b45380492bc6dbf1ea818b15852f90f888190b706f0fca0a5c79c3f4332
                                                      • Opcode Fuzzy Hash: 02f859bfe0e3d6e649d0848f34baf174382c12b64cc967a2966e0326cb3f6eb0
                                                      • Instruction Fuzzy Hash: 1F1123B1D00608CFCB10DF9AC448ADEFBF4EB88320F10842AD419A7310D774A945CFA5
                                                      Function 05C96E80 Relevance: .0, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 17f75ddc86547411d7dfb7a8231f1bd9f08fa252d0aa61405a3e166b43eca07d
                                                      • Instruction ID: d919e27b7d516de8c90a9f60841e86be11f3b6bb6fda681aa16bcc42c48e0d3c
                                                      • Opcode Fuzzy Hash: 17f75ddc86547411d7dfb7a8231f1bd9f08fa252d0aa61405a3e166b43eca07d
                                                      • Instruction Fuzzy Hash: C80126317193186FDB08DB7998084AE7FEADB86220F0088AAE408C3241ED745D4147E5
                                                      Function 05C99B50 Relevance: .0, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c596007831a205f3edfab891545a6b05592b16b06fcb3a02a72d2ed454c81742
                                                      • Instruction ID: 9713396b9fc4068e7e0307cee99f0f64ac6e70647b80db8ac37179c07a539ebc
                                                      • Opcode Fuzzy Hash: c596007831a205f3edfab891545a6b05592b16b06fcb3a02a72d2ed454c81742
                                                      • Instruction Fuzzy Hash: EE1128B5904348DFDB20DF9AD489BDEBBF4EB48324F10841AD519A7300D374A940CFA5
                                                      Function 05C9F6E0 Relevance: .0, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 32f9604169be3db658f82c692da0a9cdaf3e8fee41b2d5ed62d5b3812ee5b2f4
                                                      • Instruction ID: fcd9f2a4605bb56dd0e6d46d17dd9bbf4dae46b2c1608b1ac672f2c770c50ad2
                                                      • Opcode Fuzzy Hash: 32f9604169be3db658f82c692da0a9cdaf3e8fee41b2d5ed62d5b3812ee5b2f4
                                                      • Instruction Fuzzy Hash: E101DB393051559FCF1EDB3AA85897A7BBA6F8161130944DEE406CB262DB60DC43C360
                                                      Function 05C9C1B8 Relevance: .0, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c640d415f79e755dc461ea76ee69d614444049c4018997174bfbe956c6a95a9d
                                                      • Instruction ID: 89982db6f383fcdbab1258b2974978940102a796254609c0efcae40bdf45aa0b
                                                      • Opcode Fuzzy Hash: c640d415f79e755dc461ea76ee69d614444049c4018997174bfbe956c6a95a9d
                                                      • Instruction Fuzzy Hash: EE114E703403119BE7006B28D81479A76CBDF94315F10C91ED1998F3C2CFFA5C864BA1
                                                      Function 05C96803 Relevance: .0, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 898a9a1a8c628ae7cbd75e9c9c1a871ed670b6e85c00c9c5d606d0264256ce8f
                                                      • Instruction ID: 2295c82aa3a04624bd0e98d9df7ae8ae609231f2ec671714a06d4339e358ba0a
                                                      • Opcode Fuzzy Hash: 898a9a1a8c628ae7cbd75e9c9c1a871ed670b6e85c00c9c5d606d0264256ce8f
                                                      • Instruction Fuzzy Hash: 9C11F0B1C006488FCB10DFAAD848A9EFBF8EB88320F14841AD419A7310D778A945CFA5
                                                      Function 05C97714 Relevance: .0, Instructions: 47COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a3f292a299cb4b45e98c525e5feffe51335473a449ed2376386898c213fef1f6
                                                      • Instruction ID: de92a755e90bbf5d540b6cf73a88daabc46b875e7181495bd0499b1f981bbe5e
                                                      • Opcode Fuzzy Hash: a3f292a299cb4b45e98c525e5feffe51335473a449ed2376386898c213fef1f6
                                                      • Instruction Fuzzy Hash: D91136B1900348CFCB20DF9AC448B9EFBF4EB48320F10841AD519A7300C774A944CFA5
                                                      Function 05C976E8 Relevance: .0, Instructions: 47COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1a06afa9a0f2cd7e694fca763dc463b9cfcfde0e2600a6abe210507d3b98494f
                                                      • Instruction ID: cc5eba6b47ecbb232f1f40f0eaf5193508faa314aea9639871622d8531852f8b
                                                      • Opcode Fuzzy Hash: 1a06afa9a0f2cd7e694fca763dc463b9cfcfde0e2600a6abe210507d3b98494f
                                                      • Instruction Fuzzy Hash: 0C1133B1900348CFCB20DF9AC489B9EFBF4EB48320F10881AD919A7300C378A944CFA5
                                                      Function 05C97C91 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fafdf3a0ec0505930dd50c08b64aac30720ae1eff5ea78c2e1d78501c940212b
                                                      • Instruction ID: 6ccab85d1fc2255543c17c7fd62fc91aefd206c0ec38d2c21a44477aa3828e3c
                                                      • Opcode Fuzzy Hash: fafdf3a0ec0505930dd50c08b64aac30720ae1eff5ea78c2e1d78501c940212b
                                                      • Instruction Fuzzy Hash: 9C11F2B6900248CFCB20DF9AD489B9EBBF4EB48320F10841AD959A7300D779A944CFA5
                                                      Function 05C9F3C0 Relevance: .0, Instructions: 45COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e2fd71968720a280707a2368af4c6ffaea16b1fe2b5a4dc9888f1f4fae57794b
                                                      • Instruction ID: 4e3f1106f21065e5668852c75b3c0bcc19b725155ca0f62c93cfd99c92128803
                                                      • Opcode Fuzzy Hash: e2fd71968720a280707a2368af4c6ffaea16b1fe2b5a4dc9888f1f4fae57794b
                                                      • Instruction Fuzzy Hash: 26017B323086054BDB259B6EDC8475AB7E7FFC5210F18887DD058CB2AAC97888058760
                                                      Function 05C99357 Relevance: .0, Instructions: 45COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 331578b568f31ba368a4dd3242b019a108411df1a2faaec3307619c2361b3d04
                                                      • Instruction ID: ae3738346d35e92dbc895540d04bf2e496603ea0ad04612d7a22ca8d702f1f24
                                                      • Opcode Fuzzy Hash: 331578b568f31ba368a4dd3242b019a108411df1a2faaec3307619c2361b3d04
                                                      • Instruction Fuzzy Hash: 97015A35A012189FCF54DF69D9487AEBBF6FF88610F14893A951AE3240EB318A15CB90
                                                      Function 0162D845 Relevance: .0, Instructions: 45COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2490965218.000000000162D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0162D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_162d000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 29321278c20a8071a0a3aca16d5726cf703daa752a9227d55f1746d1911af838
                                                      • Instruction ID: 8df7c6e44b872fb335f5334a7a83f9b9803d0171d284da9476cfb048f6333abf
                                                      • Opcode Fuzzy Hash: 29321278c20a8071a0a3aca16d5726cf703daa752a9227d55f1746d1911af838
                                                      • Instruction Fuzzy Hash: 22014731508750DAE7108F5ACC84726FF98DF81330F08C15AEE0D0A286C3BC9801CEB2
                                                      Function 05C9E728 Relevance: .0, Instructions: 44COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5765ecd69d2ba0dbd29abdee5c6bb16a3b20dae1a3cfc39c8b3488c4fa90b3cf
                                                      • Instruction ID: f10d68e3caf9fb771ef0c6a08ff01a75c4e910b4e188341b9c56b189ee607eb0
                                                      • Opcode Fuzzy Hash: 5765ecd69d2ba0dbd29abdee5c6bb16a3b20dae1a3cfc39c8b3488c4fa90b3cf
                                                      • Instruction Fuzzy Hash: 30F0C2383151259BDB1DEA3A989C93A37EEAF84A10304086DE406CB271DFA0DC828364
                                                      Function 05C9B990 Relevance: .0, Instructions: 44COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2e17dbc220935f1a60c6b08737bd1ef77d844d4486dc7d394ba21b17dc207b5d
                                                      • Instruction ID: 4dc80338db79f12969d099e807d47c4cbf9ea54d38985ef0b600dff011e7f603
                                                      • Opcode Fuzzy Hash: 2e17dbc220935f1a60c6b08737bd1ef77d844d4486dc7d394ba21b17dc207b5d
                                                      • Instruction Fuzzy Hash: AFF03136B101199B8B01DBA9F8049EE77F9EB88266B044477E619D3200EB349A158BD1
                                                      Function 05C98330 Relevance: .0, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9d734a21ab349f4fe5877455702861088f536db47d399d11a6d47a89eea03a95
                                                      • Instruction ID: c45416e97b291ef3caf7ed97daa5e8ff89d1d98c83812ba159ed63c097df1314
                                                      • Opcode Fuzzy Hash: 9d734a21ab349f4fe5877455702861088f536db47d399d11a6d47a89eea03a95
                                                      • Instruction Fuzzy Hash: 3A015A70A18258AFCB18DA69D884EDEBFF5FF4A210F148469E511E7351E67599008B50
                                                      Function 05C99E7A Relevance: .0, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e3743aca6bbc703ad6a4018b4173ddbdc2a47e885bc0285583d789982541e668
                                                      • Instruction ID: 972d6a7e0f865ff55d1eede66c2c62d9d0eb648d2bbacaab904b2853dcca291e
                                                      • Opcode Fuzzy Hash: e3743aca6bbc703ad6a4018b4173ddbdc2a47e885bc0285583d789982541e668
                                                      • Instruction Fuzzy Hash: 19015E75A05219CFDF14CFA4D919BE9BBB1FB08715F14085DE906AB241D7759A80CB80
                                                      Function 05C9BE20 Relevance: .0, Instructions: 42COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b111aa15c55a0af9cb143cafd9fdcc6748dd1cdf7e63a7947b486b30daa79829
                                                      • Instruction ID: 5cf7a303ffe43ec4dd08d9869656fcb3bb3983db5470fb30a14f390eddc7d786
                                                      • Opcode Fuzzy Hash: b111aa15c55a0af9cb143cafd9fdcc6748dd1cdf7e63a7947b486b30daa79829
                                                      • Instruction Fuzzy Hash: 32F096713041116FDB189A19BC48F7B77ABFBC9514F10496DF109D7394DB649C018764
                                                      Function 05C96EE3 Relevance: .0, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f0ade1d6a2ca5974d20291bc91c184aff1b71218979da7f109e4621c4eaa534c
                                                      • Instruction ID: ecac15c93ce7a4b6aa8f710a5b7590f26f2da8577a128342d82293be7881acdf
                                                      • Opcode Fuzzy Hash: f0ade1d6a2ca5974d20291bc91c184aff1b71218979da7f109e4621c4eaa534c
                                                      • Instruction Fuzzy Hash: 4AF0FC75B001149BCF0AEBA8A8596BEB7B6FF88510F100828D605AB380CF700A11D7D6
                                                      Function 05C98C50 Relevance: .0, Instructions: 39COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d8cdc0d27df41b41d37a2b2bff441651bb8315696106e667894bfac2c3cd83a3
                                                      • Instruction ID: bf1d0f0976361e5eff8fb47bfbc613c871e3381bf704812390adf7f756d08150
                                                      • Opcode Fuzzy Hash: d8cdc0d27df41b41d37a2b2bff441651bb8315696106e667894bfac2c3cd83a3
                                                      • Instruction Fuzzy Hash: B901627490124EDFCB04EFB8ED4959D7FB2FB89200B1045A9D505D7340EB395E05CB66
                                                      Function 0162D844 Relevance: .0, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2490965218.000000000162D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0162D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_162d000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 150a2279cb6a45d8a1fea226b8259cab6ba2277c3ddf7d8a4ed2b17657367cbd
                                                      • Instruction ID: 94c8554b7e7fef2b79b45c59d82447e009ff14eda0f0e958c096f8f99254b4fc
                                                      • Opcode Fuzzy Hash: 150a2279cb6a45d8a1fea226b8259cab6ba2277c3ddf7d8a4ed2b17657367cbd
                                                      • Instruction Fuzzy Hash: 35F0C2724083549AE7108F0ACC84B62FF98EB81734F18C05AEE085B287C3799844CAB1
                                                      Function 05C9EF2B Relevance: .0, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0c6a312648aceee9b5e44b7a149d0a1d73bfd6aa11a1c07788452cf835b4ea2c
                                                      • Instruction ID: d2ccba099db76341cb68cd96b0f6996e957873e9ef5e1f4badd74abb69dd7d23
                                                      • Opcode Fuzzy Hash: 0c6a312648aceee9b5e44b7a149d0a1d73bfd6aa11a1c07788452cf835b4ea2c
                                                      • Instruction Fuzzy Hash: 58F0373151B248AFD7013E64A94596B7F74EB41300F054DDAFCC11A05ADA709539D7B7
                                                      Function 05C98E40 Relevance: .0, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ba4ac37c49ef49acd2acf4dffa01533c7e955de93b48525f9c69e86ddf846219
                                                      • Instruction ID: d8717fe3ab18b56e59f75181ec1249fb1425bbea207947679412e1199fbfd630
                                                      • Opcode Fuzzy Hash: ba4ac37c49ef49acd2acf4dffa01533c7e955de93b48525f9c69e86ddf846219
                                                      • Instruction Fuzzy Hash: 6EF054353002059FC714EF28E844D9A3FAAEBC53957114469F6049F221DF759C45CB90
                                                      Function 05C984B0 Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 690e58ef6b6bbd39841e3412b185309be92e4bc5543a559e09a9da662d111719
                                                      • Instruction ID: 8c1c078a273e15621127cd05902297ccc6608a6a4d21586e5ff743545d8536f9
                                                      • Opcode Fuzzy Hash: 690e58ef6b6bbd39841e3412b185309be92e4bc5543a559e09a9da662d111719
                                                      • Instruction Fuzzy Hash: 9BF030363145549FCB15DB2DC848D597BE9EF8AA2171640FAF109CB372DA71DC01CB50
                                                      Function 05C98C60 Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4145d265c09a265cb9c928f2f0715705699132c731da549d00512e899a9f057d
                                                      • Instruction ID: 78da61206d0007916b67e67d3e446002a85b83c4556e0a6cbedec261942561ad
                                                      • Opcode Fuzzy Hash: 4145d265c09a265cb9c928f2f0715705699132c731da549d00512e899a9f057d
                                                      • Instruction Fuzzy Hash: 23F04F74A0120ADFCB00EFB9E94945DBFB2FB89200B5045BDD506A7344EF395E04DB65
                                                      Function 05C9C2C0 Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 669b8ba61bcd3b99dba8c026d8dcd95cd3089d96cab7d1ceeac68f4055e94e31
                                                      • Instruction ID: 79c831ca3795637395eb92b1d09a0ac1fb19ad143fe5cc502c3103bd6014f4c4
                                                      • Opcode Fuzzy Hash: 669b8ba61bcd3b99dba8c026d8dcd95cd3089d96cab7d1ceeac68f4055e94e31
                                                      • Instruction Fuzzy Hash: 35F0F8B16147458FEF18CF2DD4829A57BE6FB042587240D6EE41ACF302E762ED038B94
                                                      Function 05C9A8A8 Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b97629fcb8f8491138e4c646b327a778d263f9b4009617f186ebb269b9b4cacb
                                                      • Instruction ID: 90d3d2b3f16e380aece545f856e58d6cfd4f96f12cf6261a476c764eb421bb93
                                                      • Opcode Fuzzy Hash: b97629fcb8f8491138e4c646b327a778d263f9b4009617f186ebb269b9b4cacb
                                                      • Instruction Fuzzy Hash: 54E0D83930022427D7105269AC16B6EB7EEDBCAA51F14446EF605DB3C1DEA5EC0747E4
                                                      Function 05C98E50 Relevance: .0, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0e9986b2662d8f48e852dee93369bd89c739e1d71be21a3391f263094dc93036
                                                      • Instruction ID: 47b976473eb1ded95263c9d176e7a04ae853f04d2635a4fcdaa3a71e1dbacf86
                                                      • Opcode Fuzzy Hash: 0e9986b2662d8f48e852dee93369bd89c739e1d71be21a3391f263094dc93036
                                                      • Instruction Fuzzy Hash: F0F03039300216DBC714AF69D854CAE3BAAEFC63953104479F6089B220DAB99C41CB90
                                                      Function 05C9BE47 Relevance: .0, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 907e89d4d7685b773e144f23da2096c368ffd342ad02f287a8f3ecc05ee6ace0
                                                      • Instruction ID: b37739573b7095975ebc2580efdafc2691af1fab4dd39df8f81135f8effb5604
                                                      • Opcode Fuzzy Hash: 907e89d4d7685b773e144f23da2096c368ffd342ad02f287a8f3ecc05ee6ace0
                                                      • Instruction Fuzzy Hash: F6E0DF703042106BEE089629FC4CF3B33AFEBC4919F10486DF60ACB3A0DE60EC008690
                                                      Function 05C984C0 Relevance: .0, Instructions: 27COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ab9667396a62f5ec7388eac8ad916d32927dae2263cf5ad9d22d4e997f3e3306
                                                      • Instruction ID: dffa2bccec095f4847998b01f266d3036b9872ada58d2db793d8c11c9c1d0365
                                                      • Opcode Fuzzy Hash: ab9667396a62f5ec7388eac8ad916d32927dae2263cf5ad9d22d4e997f3e3306
                                                      • Instruction Fuzzy Hash: 83E0E5353604148FCB58DB2ED848D55B7E9EF8AA2131640BAF209CB372DE61EC01CB90
                                                      Function 05C9A8B8 Relevance: .0, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 29b87b7d31b745a2911ca4ad4e1daced4a951c3978f16fc1c0f4062fce186352
                                                      • Instruction ID: 9781b7b6346efa65451d46390af1f69a2a382b7df1dcdfdde544112f3df6191c
                                                      • Opcode Fuzzy Hash: 29b87b7d31b745a2911ca4ad4e1daced4a951c3978f16fc1c0f4062fce186352
                                                      • Instruction Fuzzy Hash: 28E0863570012027C71051699C11B6A77DED7CAA51F24406AE609DF3C0DDA6EC0247E8
                                                      Function 05C9F820 Relevance: .0, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3c3c2f3274b34198997b8221a1c4b45ee729ecc59deacc1ef4f1fd507e57aa59
                                                      • Instruction ID: b53067235ac9cc0e4e95c41d595ec695d02c76e943b329a78e70e1d1bd73408b
                                                      • Opcode Fuzzy Hash: 3c3c2f3274b34198997b8221a1c4b45ee729ecc59deacc1ef4f1fd507e57aa59
                                                      • Instruction Fuzzy Hash: CCE0CD30956244DFC74ADB54D4557F9BF34EF43200F501ECAD04597151C6341F55D759
                                                      Function 05C9E530 Relevance: .0, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5db92bc66514dee4bf3068eb8de6ddbdbeb796e662da7c91afd0ab0479539c94
                                                      • Instruction ID: df6ad90d9aceb15b7c794a0e1dedc21154592600c8802aa64e1b3c2331b2bee9
                                                      • Opcode Fuzzy Hash: 5db92bc66514dee4bf3068eb8de6ddbdbeb796e662da7c91afd0ab0479539c94
                                                      • Instruction Fuzzy Hash: 75E04F7151A10CDFDB007EADA54956A7F74EB00310F044CA5F8C52514CD670D038EAAB
                                                      Function 05C9C2B0 Relevance: .0, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2f330d12f2d771639d5e783b79aba4bdcba94dcf6e5146ae187f6397eeee23c5
                                                      • Instruction ID: 6d43bc390f5093cf8f2cb89a6fb5b58a13784ff2c979e3a6360d09547127763c
                                                      • Opcode Fuzzy Hash: 2f330d12f2d771639d5e783b79aba4bdcba94dcf6e5146ae187f6397eeee23c5
                                                      • Instruction Fuzzy Hash: 01E0DF702002058FDF18CF6DE9866AA3BE2FB04318B140A2EE006DF700E761DD038B80
                                                      Function 05C98DF8 Relevance: .0, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fe1fab5ede905d40f7561cfa30d44c42371d6efc3760e3a5d1416587be5d1f14
                                                      • Instruction ID: 8616177f67689983e67a238ef349ae34880d46533f9d0182d1f458e7c16aae6b
                                                      • Opcode Fuzzy Hash: fe1fab5ede905d40f7561cfa30d44c42371d6efc3760e3a5d1416587be5d1f14
                                                      • Instruction Fuzzy Hash: E9F01535D0420CAFCB01DBA4D8488DDBFB9FB09200B1041EAE805E3241EA311B49CF91
                                                      Function 05C97246 Relevance: .0, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8349874d36095c81f40cdeb22bb1a5d6e99eb254e7c4e64e4d5c91c2dedb649a
                                                      • Instruction ID: 68ed0e6ebd0a963eba77addcf2625c425e978b40bc7b48e7d7e7518bf0dd7ee9
                                                      • Opcode Fuzzy Hash: 8349874d36095c81f40cdeb22bb1a5d6e99eb254e7c4e64e4d5c91c2dedb649a
                                                      • Instruction Fuzzy Hash: 72E04F7597121DDBDF199B81E60CBFDFBF1FB8A25AF200822E126B1940C7710650CBA0
                                                      Function 05C99F67 Relevance: .0, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d2f10db640c3a693252cc0e6e095437c5aa4706702ad2da3bd3d91c674678637
                                                      • Instruction ID: 10dc294346f2ade3b8ede2ce44d179a95413a54fd1a5bc5455a3052501a7e466
                                                      • Opcode Fuzzy Hash: d2f10db640c3a693252cc0e6e095437c5aa4706702ad2da3bd3d91c674678637
                                                      • Instruction Fuzzy Hash: B9E0C2F69047138BCF248E39F8463857362DFA0360F044B3882568E6E0EB75D6038AC1
                                                      Function 05C9B4D4 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1571872ddb9d08c461b3dac1d364b0405eb111a6e46dad47d2dc59f5d487f060
                                                      • Instruction ID: 2a9e30fa1072a3a8a4f99a796d293dbe876309b76873a229710cdb4bb37cf00a
                                                      • Opcode Fuzzy Hash: 1571872ddb9d08c461b3dac1d364b0405eb111a6e46dad47d2dc59f5d487f060
                                                      • Instruction Fuzzy Hash: CDE0C23134821467D70D6A1E64547EA76CECFC9300F04846FE5098B341CDA18C0002D9
                                                      Function 05C9C4F4 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 14cea12e876e3aecbbc1216a736d612bee409dcfc80ebfbb4b95b3f174ab303d
                                                      • Instruction ID: bde4cf3b7eedbc8c328adbb035010832ba29d8bab3b488e0f3e9fea4afd22de4
                                                      • Opcode Fuzzy Hash: 14cea12e876e3aecbbc1216a736d612bee409dcfc80ebfbb4b95b3f174ab303d
                                                      • Instruction Fuzzy Hash: EAE07232380209B3CB01AA0ADC44FCA7B86DB88324F10CC08F2081E091D2B3A80683CA
                                                      Function 05C9430C Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4c48b140b4ecabf512700a3d5b38d00cfee2c1dd70350e61fdd1c6f95d878252
                                                      • Instruction ID: 7ac609b8c6d279f23fa475e5a5c4586569f66f4330819d0542f387c83e87eb5e
                                                      • Opcode Fuzzy Hash: 4c48b140b4ecabf512700a3d5b38d00cfee2c1dd70350e61fdd1c6f95d878252
                                                      • Instruction Fuzzy Hash: 6BE012713551159FCB08BB3DE85842E37D9DF896153100D69A106CB321DD36EC0187D5
                                                      Function 05C9BDE0 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 96cbe69e0ffa124e56732c27c1b802cf545196c9c5c04dc3546e416ab239b720
                                                      • Instruction ID: f8c3d71657e062c5e4dccd185b5c5a5a0e2828dd4fec241ffb1841eedae7e4be
                                                      • Opcode Fuzzy Hash: 96cbe69e0ffa124e56732c27c1b802cf545196c9c5c04dc3546e416ab239b720
                                                      • Instruction Fuzzy Hash: 2AE0ECB13411258FCB59AF78E81866A3BE6AB9922572105A9E105CB371DF26CC428B80
                                                      Function 05C9CEC7 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1147357588bb72fe8fb405e9c1b6028cd1e797b3cf59d6cc53b8e50995d7e87d
                                                      • Instruction ID: 3098770669748f817884ddf2ae81723877631cd34b95c072a510b1f6e27ffee8
                                                      • Opcode Fuzzy Hash: 1147357588bb72fe8fb405e9c1b6028cd1e797b3cf59d6cc53b8e50995d7e87d
                                                      • Instruction Fuzzy Hash: 64E0CD73241115BBEB019B48EC41FC47B91EB54374F18C555F1085F5A1C3BB9857C784
                                                      Function 05C9856F Relevance: .0, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c904826f0918ff8765cf0580ea300464fd92d68d4ba7de0177f0a7d6a3333bbf
                                                      • Instruction ID: ec2b439f3713adeb272f8debab3432b2482cb678d74c431069ef44b56d93d52f
                                                      • Opcode Fuzzy Hash: c904826f0918ff8765cf0580ea300464fd92d68d4ba7de0177f0a7d6a3333bbf
                                                      • Instruction Fuzzy Hash: 43E0DF3900030ACFE701AF25E808A493BA6FB80305F81C9A4D6040F1A2EB3D9E85CFB1
                                                      Function 05C9CF08 Relevance: .0, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c140f6da55d9331324001247c7539d7b3b037dd8c01e740e86c31636311d2f22
                                                      • Instruction ID: 431f51423462b654457b7b71befe3882623893dc0b9ac2cfba3eb5d07387f64f
                                                      • Opcode Fuzzy Hash: c140f6da55d9331324001247c7539d7b3b037dd8c01e740e86c31636311d2f22
                                                      • Instruction Fuzzy Hash: A2D05B71505108A9D7017FB5D40FB557F64A700250F005559F48516551E7719638D7F7
                                                      Function 05C9BDB0 Relevance: .0, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d4625d05e346c318527010b5011b589a69506a20a9d02a59005a9d0a725d7841
                                                      • Instruction ID: dfe55cb2b58dd4b57bd53b2688d341415ebf8825e9ac12f05716103ab9fd8be5
                                                      • Opcode Fuzzy Hash: d4625d05e346c318527010b5011b589a69506a20a9d02a59005a9d0a725d7841
                                                      • Instruction Fuzzy Hash: 91D02E713052A0ABCB0D6BB828183697B9D6B83248F5888AEE0000B302CA2398428395
                                                      Function 05C9C504 Relevance: .0, Instructions: 18COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ef7a42ffe3c52b59d706e06647d7339e6a479ed309a95663ff02bdc014640202
                                                      • Instruction ID: 1166714fbf5a11bed6d7579fcb1007cdf137b33a900e6d73cf6a70ab3c7a2864
                                                      • Opcode Fuzzy Hash: ef7a42ffe3c52b59d706e06647d7339e6a479ed309a95663ff02bdc014640202
                                                      • Instruction Fuzzy Hash: A0D0A731549008FACF003EA9544D9297F65EB04300F009C56F5852A0409B70DA38E7F7
                                                      Function 05C9F830 Relevance: .0, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b435ecbe98d8a8abef4850930124d97994b2c4eeddc029b0e8eb60777db8bdae
                                                      • Instruction ID: 1f4bd45e61df150df3f9a64b2f75dbf166b00a1e160b053af5a312da2929b8ba
                                                      • Opcode Fuzzy Hash: b435ecbe98d8a8abef4850930124d97994b2c4eeddc029b0e8eb60777db8bdae
                                                      • Instruction Fuzzy Hash: 71D0C730D6510CDBC644EA94945976DB76CEB02614F501C59940567140D9715A44D559
                                                      Function 05C9BDC0 Relevance: .0, Instructions: 15COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 546370f1c3e50b6decd71cca56bdc4547a71c42e1f0e09f9d5cfff1c60c3c67f
                                                      • Instruction ID: a62ce6a2bd9157c5fe64ecd197de10392c88a62b17e38358eb73d3cf331b1ce8
                                                      • Opcode Fuzzy Hash: 546370f1c3e50b6decd71cca56bdc4547a71c42e1f0e09f9d5cfff1c60c3c67f
                                                      • Instruction Fuzzy Hash: 27D022303012206BCB0D2274141022D77896BC2210F1448AED4040B342C8239C4253C4
                                                      Function 05C9853F Relevance: .0, Instructions: 14COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8643ecacb4cc2d8a216b1fc9280df5921bf2b187aba9d70e52675c27a518c336
                                                      • Instruction ID: fe99f2546cdb32e9cbf69afc8845199b613063918069eaf54714b81e94a0cdcc
                                                      • Opcode Fuzzy Hash: 8643ecacb4cc2d8a216b1fc9280df5921bf2b187aba9d70e52675c27a518c336
                                                      • Instruction Fuzzy Hash: 5ED022A7B0000003FB1C19E8E9883AC66C3CF94305F0C007EC20CC3780DD2A0805CB00
                                                      Function 05C9BBC8 Relevance: .0, Instructions: 14COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 06e7c8be7a04d3367f76a68a1e762f8b4e37df64f298cb9260ffe29b81c93963
                                                      • Instruction ID: 98ba34a4b3944e34a1703fd404f7ccd815d3373e1ca724cc5d3945f4dfd82278
                                                      • Opcode Fuzzy Hash: 06e7c8be7a04d3367f76a68a1e762f8b4e37df64f298cb9260ffe29b81c93963
                                                      • Instruction Fuzzy Hash: 50D01275344A155ACB0EAB55B4187ED77DA9F88745F00846ED10D8F392CB7088514785
                                                      Function 05C98550 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 745d6913083628adf7c1eebbc01851505e39e5e17d0e16b905cbd5e9e2fa7980
                                                      • Instruction ID: 6c3ffdc818ab1e73651d1fefb35ceae796209667081d8f12fb7ee1ae8ac15326
                                                      • Opcode Fuzzy Hash: 745d6913083628adf7c1eebbc01851505e39e5e17d0e16b905cbd5e9e2fa7980
                                                      • Instruction Fuzzy Hash: EFC02B31310024038B0C31DCB40827D72DECBC9320704007BEB0DC3381CC510C0002D5
                                                      Function 05C99F90 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ea7dc2c27310c91a5dfa8b8408da07ac9cb43be7de390bc6406d23932af70bb3
                                                      • Instruction ID: 0cc7afe614f544308fe935ecba9ed51108f072fe3f42f37fe08be46c7011fb7a
                                                      • Opcode Fuzzy Hash: ea7dc2c27310c91a5dfa8b8408da07ac9cb43be7de390bc6406d23932af70bb3
                                                      • Instruction Fuzzy Hash: 26C08CF2C0060A4BC7005636F8163403A98EBB0222F044631E20A4D101E59969008295
                                                      Function 05C99FA0 Relevance: .0, Instructions: 7COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2496954217.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5c90000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4bb542c60c1d56909204b950378961eab99dddb565b191e636c31b46a971a164
                                                      • Instruction ID: 80993452b10b04a53958722c0e3498a1ad5ef523f018ca1e5fa1ec8c9382f845
                                                      • Opcode Fuzzy Hash: 4bb542c60c1d56909204b950378961eab99dddb565b191e636c31b46a971a164
                                                      • Instruction Fuzzy Hash: 8EB0127400020F8FCB006B77F5195453B2DF5803047404631E30E0A001E96C3C0086C9

                                                      Non-executed Functions

                                                      Function 0A831D17 Relevance: .3, Instructions: 272COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2499129011.000000000A830000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A830000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_a830000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c005e3c8219fde58fb40e82bc47622964b1ff5ecaf2d9053f9023d77e725fffc
                                                      • Instruction ID: 596e3ae24c155b9e401ccf830b6ea36448a7baf05e81d1bdd5d05bad240311c7
                                                      • Opcode Fuzzy Hash: c005e3c8219fde58fb40e82bc47622964b1ff5ecaf2d9053f9023d77e725fffc
                                                      • Instruction Fuzzy Hash: 21D1F57581075A8ACB01EFB4C950699B7B1FFA9300F508B9AE4497B260FB746AC4CF91
                                                      Function 0A831D28 Relevance: .3, Instructions: 264COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2499129011.000000000A830000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A830000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_a830000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ec406429e5d0314f861af31c84158340fd16632e835737997ced536a3a3a983b
                                                      • Instruction ID: 106ab578bcd602d22db198ad489061e16739708da315a6c33e17002a78d45974
                                                      • Opcode Fuzzy Hash: ec406429e5d0314f861af31c84158340fd16632e835737997ced536a3a3a983b
                                                      • Instruction Fuzzy Hash: FAD1F47581075A8ACB00EFB4C950699B3B1FFE9300F508B9AE4497B260FB746AC4CF91
                                                      Function 0A83785A Relevance: .1, Instructions: 107COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2499129011.000000000A830000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A830000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_a830000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d3e066340c9ee9b17dcc6b575ec8f0fd7d8b103586c13006c95dfe1f6764677b
                                                      • Instruction ID: d6651408a727dab2d614bce21ff220cb551c7133f107e886722d46358b27585d
                                                      • Opcode Fuzzy Hash: d3e066340c9ee9b17dcc6b575ec8f0fd7d8b103586c13006c95dfe1f6764677b
                                                      • Instruction Fuzzy Hash: EC4147B5E0421A9FDB04DFA9D444BEEBBB2EB49301F118469E811F7280C778DA45CFA5
                                                      Function 0A837868 Relevance: .1, Instructions: 100COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2499129011.000000000A830000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A830000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_a830000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f0e8c3a89f223e00a5daf79551bbff57df8c87b28bd78df30d21a2b5237cdb81
                                                      • Instruction ID: d54f380c8a82996c24dc1647711c37458eeceb30fe7113ee41a54dbf2af157d9
                                                      • Opcode Fuzzy Hash: f0e8c3a89f223e00a5daf79551bbff57df8c87b28bd78df30d21a2b5237cdb81
                                                      • Instruction Fuzzy Hash: 3F3117B5E0021A8FDB04DFA9D444BEEB7B1EB49301F108469D411B7280C778EA44CFA5