Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ReanProject.exe

Overview

General Information

Sample name:ReanProject.exe
Analysis ID:1589993
MD5:40a341513f036e4d5a356f70db6afb15
SHA1:2bde15455a425f52fa221577c22db34f217a69a5
SHA256:6858bca15eed33e61fdc4be3f87a0dfe63ccab54a659de551fcb5df52af060f4
Tags:DCRatexeNyashTeamuser-MalHunter3
Infos:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Machine Learning detection for sample
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Detected non-DNS traffic on DNS port
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • ReanProject.exe (PID: 2104 cmdline: "C:\Users\user\Desktop\ReanProject.exe" MD5: 40A341513F036E4D5A356F70DB6AFB15)
    • WerFault.exe (PID: 7276 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 2484 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
ReanProject.exeJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.1766438654.00000000061A0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      00000000.00000000.1245418469.0000000000BC2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        00000000.00000002.1763191544.00000000030F1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          Process Memory Space: ReanProject.exe PID: 2104JoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.ReanProject.exe.61a0000.13.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
              0.2.ReanProject.exe.43519f0.8.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                0.2.ReanProject.exe.45d1a10.9.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                  0.0.ReanProject.exe.bc0000.0.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

                    Sigma Signatures

                    No Sigma rule has matched

                    Suricata Signatures

                    No Suricata rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: ReanProject.exeAvira: detected
                    Antivirus detection for URL or domain
                    Source: http://antiloxss.usite.proAvira URL Cloud: Label: malware
                    Source: https://antiloxss.usite.proAvira URL Cloud: Label: malware
                    Source: https://antiloxss.usite.pro/STLprograms/NEW/kitty_mapper/ReanProject/z-Closing.txtAvira URL Cloud: Label: malware
                    Multi AV Scanner detection for submitted file
                    Source: ReanProject.exeReversingLabs: Detection: 57%
                    Source: ReanProject.exeVirustotal: Detection: 59%Perma Link
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                    Machine Learning detection for sample
                    Source: ReanProject.exeJoe Sandbox ML: detected
                    Source: ReanProject.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 193.109.246.100:443 -> 192.168.2.7:49701 version: TLS 1.2
                    Source: ReanProject.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: PresentationFramework.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.Xml.ni.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: WindowsBase.ni.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: Accessibility.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.ni.pdbRSDS source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: ReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: costura.costura.pdb.compressedlB source: ReanProject.exe, 00000000.00000002.1763191544.00000000030F1000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: costura.costura.pdb.compressed source: ReanProject.exe
                    Source: Binary string: WindowsBase.ni.pdbRSDS source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: Siticone.UI.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: FontAwesome.Sharp.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.Configuration.ni.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: mscorlib.ni.pdbRSDS source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: mscorlib.pdbp source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.Configuration.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: C:\Users\Ilham-PC\Documents\Visual Studio 2015\Projects\Siticone.UI\Build\Release\Siticone.UI.WinForms\Siticone.UI.pdb source: ReanProject.exe, 00000000.00000002.1766438654.00000000061A0000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.0000000004347000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.00000000045D1000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: System.Xml.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.pdb source: ReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.Xml.ni.pdbRSDS# source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.Core.ni.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: PresentationFramework.ni.pdbRSDS source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed#fontawesome.sharpQcostura.fontawesome.sharp.dll.compressed source: ReanProject.exe
                    Source: Binary string: System.Windows.Forms.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: C:\Users\Ilham-PC\Documents\Visual Studio 2015\Projects\Siticone.UI\Build\Release\Siticone.UI.WinForms\Siticone.UI.pdbBSJB source: ReanProject.exe, 00000000.00000002.1766438654.00000000061A0000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.0000000004347000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.00000000045D1000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: PresentationCore.ni.pdbRSDS source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: WindowsBase.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.Xaml.ni.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: mscorlib.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.Xaml.ni.pdbRSDSDg{V source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: C:\projects\fontawesome-sharp\FontAwesome.Sharp\obj\Release\net472\FontAwesome.Sharp.pdb source: ReanProject.exe, ReanProject.exe, 00000000.00000002.1767047389.0000000006340000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.0000000004211000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000031AA000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.00000000040F1000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: PresentationCore.ni.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.Drawing.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.Xaml.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: Siticone.UI.pdb(h! source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: ReanProject.exe, 00000000.00000002.1761687707.00000000011B3000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: mscorlib.ni.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.Core.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: tem.pdbD source: ReanProject.exe, 00000000.00000002.1766047841.0000000005B49000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: System.Xml.pdb0vV source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: costura.costura.pdb.compressed|||Costura.pdb|6C6000A5EAF8579850AB82A89BD6268776EB51AD|2608 source: ReanProject.exe
                    Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: HPzo,C:\Windows\System.pdb source: ReanProject.exe, 00000000.00000002.1761587480.00000000010F4000.00000004.00000010.00020000.00000000.sdmp
                    Source: Binary string: PresentationFramework.ni.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: PresentationCore.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.ni.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.Core.ni.pdbRSDS source: WERA1DC.tmp.dmp.11.dr
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 4x nop then jmp 0A814805h0_2_0A811110
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]0_2_0A81785B
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]0_2_0A817868

                    Networking

                    barindex
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 0.2.ReanProject.exe.61a0000.13.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.ReanProject.exe.43519f0.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.ReanProject.exe.45d1a10.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1766438654.00000000061A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: global trafficTCP traffic: 192.168.2.7:59598 -> 162.159.36.2:53
                    Source: global trafficHTTP traffic detected: GET /STLprograms/NEW/kitty_mapper/ReanProject/z-Closing.txt HTTP/1.1Host: antiloxss.usite.proConnection: Keep-Alive
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                    Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                    Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                    Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /STLprograms/NEW/kitty_mapper/ReanProject/z-Closing.txt HTTP/1.1Host: antiloxss.usite.proConnection: Keep-Alive
                    Source: ReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000033A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <li><a href="https://www.facebook.com/ucoz.web.builder" target="_blank">Facebook</a></li> equals www.facebook.com (Facebook)
                    Source: ReanProject.exe, 00000000.00000002.1765856388.0000000005AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: CLIENT_VERSIONthttp://gdata.youtube.com/feeds/api/videos/{0}?v=2&alt=jsonDFailed to get youtube video data: Lhttp://vimeo.com/api/v2/video/{0}.json@Failed to get vimeo video data: ork Manager.<br><br> <b>LICENSE MODULE</b><br> The license module enables you to work without interruptions. Issues with the module can be caused by:<br><br> (i) <i>Framework Manager is not installed</i><br>(ii) <i>HDD formatting</i><br>(iii) <i>OS reintallation</i>,<br>(iv) <i>Siticone Files Deletion</i>, or<br>(v) <i>Any other issues</i>.<br><br> For assistance, please contact our support centre at: <i>support@siticoneframework.com</i>PMissing Manager or the Module is corrupt4Download Framework Manager4Contact Our Support CentreHmailto:support@siticoneframework.comDhttps://www.siticoneframework.com/ equals www.youtube.com (Youtube)
                    Source: global trafficDNS traffic detected: DNS query: antiloxss.usite.pro
                    Source: global trafficDNS traffic detected: DNS query: 171.39.242.20.in-addr.arpa
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 12:13:04 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: close
                    Source: ReanProject.exe, 00000000.00000002.1763191544.0000000003383000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://antiloxss.usite.pro
                    Source: ReanProject.exe, 00000000.00000002.1763191544.0000000003383000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://antiloxss.usite.prod
                    Source: ReanProject.exe, 00000000.00000002.1766438654.00000000061A0000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.0000000004347000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.00000000045D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
                    Source: ReanProject.exe, 00000000.00000002.1766438654.00000000061A0000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.0000000004347000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.00000000045D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                    Source: ReanProject.exe, 00000000.00000002.1766438654.00000000061A0000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.0000000004347000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.00000000045D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
                    Source: ReanProject.exe, 00000000.00000002.1766438654.00000000061A0000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.0000000004347000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.00000000045D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
                    Source: ReanProject.exe, 00000000.00000002.1766438654.00000000061A0000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.0000000004347000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.00000000045D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
                    Source: ReanProject.exe, 00000000.00000002.1766438654.00000000061A0000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.0000000004347000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.00000000045D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
                    Source: ReanProject.exe, 00000000.00000002.1763191544.000000000327F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/FontAwesome.Sharp;component/fonts/X
                    Source: ReanProject.exe, 00000000.00000002.1763191544.000000000327F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/FontAwesome.Sharp;component/fonts/Xd
                    Source: ReanProject.exe, 00000000.00000002.1763191544.000000000321D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-brands-400.ttf
                    Source: ReanProject.exe, 00000000.00000002.1763191544.000000000327F000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.000000000321D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-brands-400.ttfd
                    Source: ReanProject.exe, 00000000.00000002.1763191544.000000000327F000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.000000000321D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-regular-400.ttf
                    Source: ReanProject.exe, 00000000.00000002.1763191544.000000000327F000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.000000000321D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-regular-400.ttfd
                    Source: ReanProject.exe, 00000000.00000002.1763191544.000000000327F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-solid-900.ttf
                    Source: ReanProject.exe, 00000000.00000002.1763191544.000000000327F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-solid-900.ttfd
                    Source: ReanProject.exe, 00000000.00000002.1763191544.000000000321D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/fonts/fa-brands-400.ttf
                    Source: ReanProject.exe, 00000000.00000002.1763191544.000000000321D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/fonts/fa-brands-400.ttfd
                    Source: ReanProject.exe, 00000000.00000002.1763191544.000000000321D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/fonts/fa-regular-400.ttf
                    Source: ReanProject.exe, 00000000.00000002.1763191544.000000000321D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/fonts/fa-regular-400.ttfd
                    Source: ReanProject.exe, 00000000.00000002.1763191544.000000000327F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/fonts/fa-solid-900.ttf
                    Source: ReanProject.exe, 00000000.00000002.1763191544.000000000327F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/fonts/fa-solid-900.ttfd
                    Source: ReanProject.exe, 00000000.00000002.1763191544.000000000321D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/fonts/fa-brands-400.ttf
                    Source: ReanProject.exe, 00000000.00000002.1763191544.000000000321D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/fonts/fa-brands-400.ttfd
                    Source: ReanProject.exe, 00000000.00000002.1763191544.000000000321D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/fonts/fa-regular-400.ttf
                    Source: ReanProject.exe, 00000000.00000002.1763191544.000000000321D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/fonts/fa-regular-400.ttfd
                    Source: ReanProject.exe, 00000000.00000002.1763191544.000000000327F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/fonts/fa-solid-900.ttf
                    Source: ReanProject.exe, 00000000.00000002.1763191544.000000000327F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/fonts/fa-solid-900.ttfd
                    Source: ReanProject.exe, 00000000.00000002.1763191544.00000000031AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://gdata.youtube.com/feeds/api/videos/
                    Source: ReanProject.exe, 00000000.00000002.1766438654.00000000061A0000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.0000000004347000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.00000000045D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                    Source: ReanProject.exe, 00000000.00000002.1766438654.00000000061A0000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.0000000004347000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.00000000045D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                    Source: ReanProject.exe, 00000000.00000002.1767047389.0000000006340000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.0000000004211000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000031AA000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.00000000040F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.awesome.incremented/wpf/xaml/fontawesome.sharp
                    Source: ReanProject.exe, 00000000.00000002.1763191544.00000000030F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: Amcache.hve.11.drString found in binary or memory: http://upx.sf.net
                    Source: ReanProject.exe, 00000000.00000002.1763191544.00000000031AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://vimeo.com/api/v2/video/
                    Source: ReanProject.exe, 00000000.00000002.1766438654.00000000061A0000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.0000000004347000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.00000000045D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                    Source: ReanProject.exe, 00000000.00000002.1763191544.0000000003370000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.000000000337C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://antiloxss.usite.pro
                    Source: ReanProject.exe, 00000000.00000002.1763191544.000000000327F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://antiloxss.usite.pro/STLprograms/NEW/kitty_mapper/ReanProject/z-Closing.txt
                    Source: ReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000033A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://book.ucoz.com
                    Source: ReanProject.exeString found in binary or memory: https://communitykeyv1.000webhostapp.com/Decoder4.php?string=
                    Source: ReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000033A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://counter.yadro.ru/hit;counter1?r
                    Source: ReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000033A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://faq.ucoz.com/
                    Source: ReanProject.exe, ReanProject.exe, 00000000.00000002.1763191544.000000000327F000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1768256956.0000000007C12000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1767047389.0000000006340000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.00000000042AF000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1767738716.000000000771E000.00000004.00000020.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1767588715.00000000065BF000.00000004.00000020.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.0000000004211000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.000000000326B000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1768256956.0000000007C3A000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000031AA000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.00000000045D1000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.0000000004285000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.00000000040F1000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.000000000321D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fontawesome.com
                    Source: ReanProject.exe, 00000000.00000002.1763887635.00000000040F1000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.000000000321D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fontawesome.comhttps://fontawesome.comFont
                    Source: ReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000033A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://forum.ucoz.com/
                    Source: ReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000033A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/search
                    Source: ReanProject.exe, 00000000.00000002.1763191544.000000000317B000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000031AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/516730/what-does-the-visual-studio-any-cpu-target-mean&
                    Source: ReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000033A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://top.ucoz.com/
                    Source: ReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000033A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/#
                    Source: ReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000033A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ucoz.com
                    Source: ReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000033A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ucoz.com/register/
                    Source: ReanProject.exe, 00000000.00000002.1766438654.00000000061A0000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.0000000004347000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.00000000045D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                    Source: ReanProject.exe, 00000000.00000002.1765856388.0000000005AF0000.00000004.00000020.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.000000000317B000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000031AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.siticoneframework.com/
                    Source: ReanProject.exe, 00000000.00000002.1765856388.0000000005AF0000.00000004.00000020.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.000000000317B000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000031AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.siticoneframework.com/pricing.htmlFSoftware
                    Source: ReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000033A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ucoz.com/pricing/
                    Source: ReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000033A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ucoz.com/privacy/
                    Source: ReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000033A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ucoz.com/terms/
                    Source: ReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000033A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ucoz.com/tour/
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
                    Source: unknownHTTPS traffic detected: 193.109.246.100:443 -> 192.168.2.7:49701 version: TLS 1.2
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_06346A0D0_2_06346A0D
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_06343E850_2_06343E85
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_063446870_2_06344687
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_06343CFF0_2_06343CFF
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_063441550_2_06344155
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_06343BAF0_2_06343BAF
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_0A8166280_2_0A816628
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_0A819DC70_2_0A819DC7
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_0A811D170_2_0A811D17
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_0A811D280_2_0A811D28
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_0A81661F0_2_0A81661F
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_063409C80_2_063409C8
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 2484
                    Source: ReanProject.exeBinary or memory string: OriginalFilename vs ReanProject.exe
                    Source: ReanProject.exe, 00000000.00000002.1765856388.0000000005AF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs ReanProject.exe
                    Source: ReanProject.exe, 00000000.00000002.1766438654.00000000061A0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSiticone.UI.dll8 vs ReanProject.exe
                    Source: ReanProject.exe, 00000000.00000002.1767047389.0000000006340000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameFontAwesome.Sharp.dllD vs ReanProject.exe
                    Source: ReanProject.exe, 00000000.00000002.1761687707.000000000117E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs ReanProject.exe
                    Source: ReanProject.exe, 00000000.00000002.1763191544.000000000317B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs ReanProject.exe
                    Source: ReanProject.exe, 00000000.00000002.1763887635.0000000004211000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFontAwesome.Sharp.dllD vs ReanProject.exe
                    Source: ReanProject.exe, 00000000.00000002.1763191544.00000000030F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSiticone.UI.dll8 vs ReanProject.exe
                    Source: ReanProject.exe, 00000000.00000002.1763887635.0000000004347000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSiticone.UI.dll8 vs ReanProject.exe
                    Source: ReanProject.exe, 00000000.00000002.1763191544.00000000031AA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs ReanProject.exe
                    Source: ReanProject.exe, 00000000.00000002.1763191544.00000000031AA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFontAwesome.Sharp.dllD vs ReanProject.exe
                    Source: ReanProject.exe, 00000000.00000002.1763887635.00000000045D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSiticone.UI.dll8 vs ReanProject.exe
                    Source: ReanProject.exe, 00000000.00000002.1766963780.0000000006310000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs ReanProject.exe
                    Source: ReanProject.exe, 00000000.00000002.1763887635.00000000040F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFontAwesome.Sharp.dllD vs ReanProject.exe
                    Source: ReanProject.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                    Source: ReanProject.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: classification engineClassification label: mal80.troj.evad.winEXE@2/5@2/1
                    Source: C:\Users\user\Desktop\ReanProject.exeMutant created: NULL
                    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2104
                    Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\04335eed-3981-4e00-b4c6-0723161f74aeJump to behavior
                    Source: ReanProject.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: ReanProject.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                    Source: C:\Users\user\Desktop\ReanProject.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: ReanProject.exeReversingLabs: Detection: 57%
                    Source: ReanProject.exeVirustotal: Detection: 59%
                    Source: C:\Users\user\Desktop\ReanProject.exeFile read: C:\Users\user\Desktop\ReanProject.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\ReanProject.exe "C:\Users\user\Desktop\ReanProject.exe"
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 2484
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: iconcodecservice.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\ReanProject.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: ReanProject.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: ReanProject.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                    Source: ReanProject.exeStatic file information: File size 1593856 > 1048576
                    Source: ReanProject.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x184800
                    Source: ReanProject.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: PresentationFramework.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.Xml.ni.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: WindowsBase.ni.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: Accessibility.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.ni.pdbRSDS source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: ReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: costura.costura.pdb.compressedlB source: ReanProject.exe, 00000000.00000002.1763191544.00000000030F1000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: costura.costura.pdb.compressed source: ReanProject.exe
                    Source: Binary string: WindowsBase.ni.pdbRSDS source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: Siticone.UI.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: FontAwesome.Sharp.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.Configuration.ni.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: mscorlib.ni.pdbRSDS source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: mscorlib.pdbp source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.Configuration.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: C:\Users\Ilham-PC\Documents\Visual Studio 2015\Projects\Siticone.UI\Build\Release\Siticone.UI.WinForms\Siticone.UI.pdb source: ReanProject.exe, 00000000.00000002.1766438654.00000000061A0000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.0000000004347000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.00000000045D1000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: System.Xml.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.pdb source: ReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.Xml.ni.pdbRSDS# source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.Core.ni.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: PresentationFramework.ni.pdbRSDS source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed#fontawesome.sharpQcostura.fontawesome.sharp.dll.compressed source: ReanProject.exe
                    Source: Binary string: System.Windows.Forms.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: C:\Users\Ilham-PC\Documents\Visual Studio 2015\Projects\Siticone.UI\Build\Release\Siticone.UI.WinForms\Siticone.UI.pdbBSJB source: ReanProject.exe, 00000000.00000002.1766438654.00000000061A0000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.0000000004347000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.00000000045D1000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: PresentationCore.ni.pdbRSDS source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: WindowsBase.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.Xaml.ni.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: mscorlib.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.Xaml.ni.pdbRSDSDg{V source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: C:\projects\fontawesome-sharp\FontAwesome.Sharp\obj\Release\net472\FontAwesome.Sharp.pdb source: ReanProject.exe, ReanProject.exe, 00000000.00000002.1767047389.0000000006340000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.0000000004211000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000031AA000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.00000000040F1000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: PresentationCore.ni.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.Drawing.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.Xaml.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: Siticone.UI.pdb(h! source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: ReanProject.exe, 00000000.00000002.1761687707.00000000011B3000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: mscorlib.ni.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.Core.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: tem.pdbD source: ReanProject.exe, 00000000.00000002.1766047841.0000000005B49000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: System.Xml.pdb0vV source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: costura.costura.pdb.compressed|||Costura.pdb|6C6000A5EAF8579850AB82A89BD6268776EB51AD|2608 source: ReanProject.exe
                    Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: HPzo,C:\Windows\System.pdb source: ReanProject.exe, 00000000.00000002.1761587480.00000000010F4000.00000004.00000010.00020000.00000000.sdmp
                    Source: Binary string: PresentationFramework.ni.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: PresentationCore.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.ni.pdb source: WERA1DC.tmp.dmp.11.dr
                    Source: Binary string: System.Core.ni.pdbRSDS source: WERA1DC.tmp.dmp.11.dr

                    Data Obfuscation

                    barindex
                    Yara detected Costura Assembly Loader
                    Source: Yara matchFile source: ReanProject.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.ReanProject.exe.bc0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.1245418469.0000000000BC2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1763191544.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: ReanProject.exe PID: 2104, type: MEMORYSTR
                    Source: ReanProject.exeStatic PE information: 0xC2C59935 [Wed Jul 19 22:41:57 2073 UTC]
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_06345620 push ss; iretd 0_2_06345624
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_063EA320 push es; ret 0_2_063EA330
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_063E91CA push esp; ret 0_2_063E91D1
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_063EBD9B push eax; mov dword ptr [esp], ecx0_2_063EBDA1
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_063E5AA8 push es; ret 0_2_063E5AC0
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_0909CE00 push eax; mov dword ptr [esp], edx0_2_0909CE14
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_0A811968 push esp; ret 0_2_0A811969
                    Source: C:\Users\user\Desktop\ReanProject.exeCode function: 0_2_0A8132E8 push eax; iretd 0_2_0A8132E9
                    Source: ReanProject.exeStatic PE information: section name: .text entropy: 7.91471800797033
                    Source: C:\Users\user\Desktop\ReanProject.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeMemory allocated: 2E60000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeMemory allocated: 30F0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeMemory allocated: 2E60000 memory reserve | memory write watchJump to behavior
                    Source: Amcache.hve.11.drBinary or memory string: VMware
                    Source: Amcache.hve.11.drBinary or memory string: VMware Virtual USB Mouse
                    Source: Amcache.hve.11.drBinary or memory string: vmci.syshbin
                    Source: Amcache.hve.11.drBinary or memory string: VMware, Inc.
                    Source: Amcache.hve.11.drBinary or memory string: VMware20,1hbin@
                    Source: Amcache.hve.11.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                    Source: Amcache.hve.11.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                    Source: Amcache.hve.11.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                    Source: Amcache.hve.11.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                    Source: Amcache.hve.11.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                    Source: Amcache.hve.11.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                    Source: Amcache.hve.11.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                    Source: ReanProject.exe, 00000000.00000002.1766047841.0000000005B49000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: Amcache.hve.11.drBinary or memory string: vmci.sys
                    Source: Amcache.hve.11.drBinary or memory string: vmci.syshbin`
                    Source: Amcache.hve.11.drBinary or memory string: \driver\vmci,\driver\pci
                    Source: Amcache.hve.11.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                    Source: Amcache.hve.11.drBinary or memory string: VMware20,1
                    Source: Amcache.hve.11.drBinary or memory string: Microsoft Hyper-V Generation Counter
                    Source: Amcache.hve.11.drBinary or memory string: NECVMWar VMware SATA CD00
                    Source: Amcache.hve.11.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                    Source: Amcache.hve.11.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                    Source: Amcache.hve.11.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                    Source: Amcache.hve.11.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                    Source: Amcache.hve.11.drBinary or memory string: VMware PCI VMCI Bus Device
                    Source: Amcache.hve.11.drBinary or memory string: VMware VMCI Bus Device
                    Source: Amcache.hve.11.drBinary or memory string: VMware Virtual RAM
                    Source: Amcache.hve.11.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                    Source: Amcache.hve.11.drBinary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
                    Source: Amcache.hve.11.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeMemory allocated: page read and write | page guardJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeQueries volume information: C:\Users\user\Desktop\ReanProject.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\ReanProject.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: Amcache.hve.11.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                    Source: Amcache.hve.11.drBinary or memory string: msmpeng.exe
                    Source: Amcache.hve.11.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                    Source: Amcache.hve.11.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                    Source: Amcache.hve.11.drBinary or memory string: MsMpEng.exe

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                    DLL Side-Loading                    		1
                    Process Injection                    		2
                    Virtualization/Sandbox Evasion                    		OS Credential Dumping1
                    Query Registry                    		Remote Services1
                    Archive Collected Data                    		11
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		LSASS Memory21
                    Security Software Discovery                    		Remote Desktop ProtocolData from Removable Media3
                    Ingress Tool Transfer                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                    Process Injection                    		Security Account Manager2
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin SharesData from Network Shared Drive3
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
                    Obfuscated Files or Information                    		NTDS12
                    System Information Discovery                    		Distributed Component Object ModelInput Capture4
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
                    Software Packing                    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Timestomp                    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    DLL Side-Loading                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    ReanProject.exe58%ReversingLabsByteCode-MSIL.Trojan.Zilla
                    ReanProject.exe60%VirustotalBrowse
                    ReanProject.exe100%AviraTR/Dropper.MSIL.Gen
                    ReanProject.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://top.ucoz.com/0%Avira URL Cloudsafe
                    http://foo/bar/fonts/fa-regular-400.ttf0%Avira URL Cloudsafe
                    http://defaultcontainer/FontAwesome.Sharp;component/fonts/Xd0%Avira URL Cloudsafe
                    http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-brands-400.ttfd0%Avira URL Cloudsafe
                    http://antiloxss.usite.pro100%Avira URL Cloudmalware
                    https://antiloxss.usite.pro100%Avira URL Cloudmalware
                    https://forum.ucoz.com/0%Avira URL Cloudsafe
                    https://www.siticoneframework.com/pricing.htmlFSoftware0%Avira URL Cloudsafe
                    http://antiloxss.usite.prod0%Avira URL Cloudsafe
                    https://faq.ucoz.com/0%Avira URL Cloudsafe
                    http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-solid-900.ttf0%Avira URL Cloudsafe
                    http://schemas.awesome.incremented/wpf/xaml/fontawesome.sharp0%Avira URL Cloudsafe
                    https://book.ucoz.com0%Avira URL Cloudsafe
                    http://foo/fonts/fa-regular-400.ttf0%Avira URL Cloudsafe
                    https://www.siticoneframework.com/0%Avira URL Cloudsafe
                    http://foo/bar/fonts/fa-brands-400.ttf0%Avira URL Cloudsafe
                    http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-solid-900.ttfd0%Avira URL Cloudsafe
                    http://foo/fonts/fa-solid-900.ttf0%Avira URL Cloudsafe
                    https://fontawesome.comhttps://fontawesome.comFont0%Avira URL Cloudsafe
                    https://www.ucoz.com/tour/0%Avira URL Cloudsafe
                    http://foo/fonts/fa-solid-900.ttfd0%Avira URL Cloudsafe
                    http://foo/fonts/fa-regular-400.ttfd0%Avira URL Cloudsafe
                    https://www.ucoz.com/terms/0%Avira URL Cloudsafe
                    https://communitykeyv1.000webhostapp.com/Decoder4.php?string=0%Avira URL Cloudsafe
                    http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-brands-400.ttf0%Avira URL Cloudsafe
                    http://foo/bar/fonts/fa-solid-900.ttf0%Avira URL Cloudsafe
                    https://www.ucoz.com/pricing/0%Avira URL Cloudsafe
                    https://www.ucoz.com/privacy/0%Avira URL Cloudsafe
                    http://foo/bar/fonts/fa-solid-900.ttfd0%Avira URL Cloudsafe
                    http://foo/fonts/fa-brands-400.ttfd0%Avira URL Cloudsafe
                    http://defaultcontainer/FontAwesome.Sharp;component/fonts/X0%Avira URL Cloudsafe
                    https://antiloxss.usite.pro/STLprograms/NEW/kitty_mapper/ReanProject/z-Closing.txt100%Avira URL Cloudmalware
                    http://foo/bar/fonts/fa-brands-400.ttfd0%Avira URL Cloudsafe
                    http://foo/bar/fonts/fa-regular-400.ttfd0%Avira URL Cloudsafe
                    http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-regular-400.ttf0%Avira URL Cloudsafe
                    http://foo/fonts/fa-brands-400.ttf0%Avira URL Cloudsafe
                    http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-regular-400.ttfd0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    antiloxss.usite.pro
                    		193.109.246.100
                    		truefalse
                      		unknown
                      171.39.242.20.in-addr.arpa
                      		unknown
                      		unknownfalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://antiloxss.usite.pro/STLprograms/NEW/kitty_mapper/ReanProject/z-Closing.txtfalse
                        • Avira URL Cloud: malware
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://google.com/searchReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000033A0000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://antiloxss.usite.proReanProject.exe, 00000000.00000002.1763191544.0000000003383000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          http://vimeo.com/api/v2/video/ReanProject.exe, 00000000.00000002.1763191544.00000000031AA000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://twitter.com/#ReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000033A0000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://faq.ucoz.com/ReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000033A0000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://www.siticoneframework.com/pricing.htmlFSoftwareReanProject.exe, 00000000.00000002.1765856388.0000000005AF0000.00000004.00000020.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.000000000317B000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000031AA000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://foo/bar/fonts/fa-regular-400.ttfReanProject.exe, 00000000.00000002.1763191544.000000000321D000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://stackoverflow.com/questions/516730/what-does-the-visual-studio-any-cpu-target-mean&ReanProject.exe, 00000000.00000002.1763191544.000000000317B000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000031AA000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://antiloxss.usite.prodReanProject.exe, 00000000.00000002.1763191544.0000000003383000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://defaultcontainer/FontAwesome.Sharp;component/fonts/XdReanProject.exe, 00000000.00000002.1763191544.000000000327F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://antiloxss.usite.proReanProject.exe, 00000000.00000002.1763191544.0000000003370000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.000000000337C000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                https://top.ucoz.com/ReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000033A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://ucoz.comReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000033A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-brands-400.ttfdReanProject.exe, 00000000.00000002.1763191544.000000000327F000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.000000000321D000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://gdata.youtube.com/feeds/api/videos/ReanProject.exe, 00000000.00000002.1763191544.00000000031AA000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://upx.sf.netAmcache.hve.11.drfalse
                                      		high
                                      https://forum.ucoz.com/ReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000033A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-solid-900.ttfReanProject.exe, 00000000.00000002.1763191544.000000000327F000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://foo/fonts/fa-regular-400.ttfReanProject.exe, 00000000.00000002.1763191544.000000000321D000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.siticoneframework.com/ReanProject.exe, 00000000.00000002.1765856388.0000000005AF0000.00000004.00000020.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.000000000317B000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000031AA000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.awesome.incremented/wpf/xaml/fontawesome.sharpReanProject.exe, 00000000.00000002.1767047389.0000000006340000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.0000000004211000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000031AA000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.00000000040F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://fontawesome.comhttps://fontawesome.comFontReanProject.exe, 00000000.00000002.1763887635.00000000040F1000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.000000000321D000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://foo/fonts/fa-solid-900.ttfReanProject.exe, 00000000.00000002.1763191544.000000000327F000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://book.ucoz.comReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000033A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://fontawesome.comReanProject.exe, ReanProject.exe, 00000000.00000002.1763191544.000000000327F000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1768256956.0000000007C12000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1767047389.0000000006340000.00000004.08000000.00040000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.00000000042AF000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1767738716.000000000771E000.00000004.00000020.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1767588715.00000000065BF000.00000004.00000020.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.0000000004211000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.000000000326B000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1768256956.0000000007C3A000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000031AA000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.00000000045D1000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.0000000004285000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763887635.00000000040F1000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.000000000321D000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.ucoz.com/tour/ReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000033A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-solid-900.ttfdReanProject.exe, 00000000.00000002.1763191544.000000000327F000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://foo/bar/fonts/fa-brands-400.ttfReanProject.exe, 00000000.00000002.1763191544.000000000321D000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://foo/fonts/fa-regular-400.ttfdReanProject.exe, 00000000.00000002.1763191544.000000000321D000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://communitykeyv1.000webhostapp.com/Decoder4.php?string=ReanProject.exefalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://foo/fonts/fa-solid-900.ttfdReanProject.exe, 00000000.00000002.1763191544.000000000327F000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.ucoz.com/pricing/ReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000033A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.ucoz.com/terms/ReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000033A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://foo/bar/fonts/fa-solid-900.ttfReanProject.exe, 00000000.00000002.1763191544.000000000327F000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://counter.yadro.ru/hit;counter1?rReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000033A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://foo/fonts/fa-brands-400.ttfdReanProject.exe, 00000000.00000002.1763191544.000000000321D000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-brands-400.ttfReanProject.exe, 00000000.00000002.1763191544.000000000321D000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ucoz.com/register/ReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000033A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://foo/bar/fonts/fa-solid-900.ttfdReanProject.exe, 00000000.00000002.1763191544.000000000327F000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://www.ucoz.com/privacy/ReanProject.exe, 00000000.00000002.1763191544.00000000033A4000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.00000000033A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-regular-400.ttfReanProject.exe, 00000000.00000002.1763191544.000000000327F000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.000000000321D000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://defaultcontainer/FontAwesome.Sharp;component/fonts/XReanProject.exe, 00000000.00000002.1763191544.000000000327F000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://foo/bar/fonts/fa-brands-400.ttfdReanProject.exe, 00000000.00000002.1763191544.000000000321D000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://foo/fonts/fa-brands-400.ttfReanProject.exe, 00000000.00000002.1763191544.000000000321D000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameReanProject.exe, 00000000.00000002.1763191544.00000000030F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://foo/bar/fonts/fa-regular-400.ttfdReanProject.exe, 00000000.00000002.1763191544.000000000321D000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-regular-400.ttfdReanProject.exe, 00000000.00000002.1763191544.000000000327F000.00000004.00000800.00020000.00000000.sdmp, ReanProject.exe, 00000000.00000002.1763191544.000000000321D000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown

                                              World Map of Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public IPs

                                              IPDomainCountryFlagASNASN NameMalicious
                                              193.109.246.100
                                              		antiloxss.usite.proVirgin Islands (BRITISH)
                                              		204343COMPUBYTE-ASRUfalse

                                              General Information

                                              Joe Sandbox version:42.0.0 Malachite
                                              Analysis ID:1589993
                                              Start date and time:2025-01-13 13:12:08 +01:00
                                              Joe Sandbox product:CloudBasic
                                              Overall analysis duration:0h 6m 23s
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:default.jbs
                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                              Run name:Run with higher sleep bypass
                                              Number of analysed new started processes analysed:19
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Sample name:ReanProject.exe
                                              Detection:MAL
                                              Classification:mal80.troj.evad.winEXE@2/5@2/1
                                              EGA Information:
                                              • Successful, ratio: 100%
                                              HCA Information:
                                              • Successful, ratio: 92%
                                              • Number of executed functions: 175
                                              • Number of non-executed functions: 10
                                              Cookbook Comments:
                                              • Found application associated with file extension: .exe
                                              • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                              • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                              Warnings

                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                              • Excluded IPs from analysis (whitelisted): 20.189.173.22, 2.23.242.162, 40.126.31.73, 13.107.246.45, 4.245.163.56, 20.242.39.171, 52.149.20.212
                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, login.live.com, otelrules.azureedge.net, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                              • Not all processes where analyzed, report is missing behavior information
                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                              • Report size getting too big, too many NtSetInformationFile calls found.

                                              Simulations

                                              Behavior and APIs

                                              No simulations

                                              Joe Sandbox View / Context

                                              IPs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              193.109.246.100Iauncher.exeGet hashmaliciousRedLineBrowse
                                                Iauncher.exeGet hashmaliciousRedLineBrowse
                                                  Undetections.exeGet hashmaliciousVidarBrowse

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    antiloxss.usite.proIauncher.exeGet hashmaliciousRedLineBrowse
                                                    • 193.109.246.100
                                                    Iauncher.exeGet hashmaliciousRedLineBrowse
                                                    • 193.109.246.100

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    COMPUBYTE-ASRUhttps://u.to/W9rXIAGet hashmaliciousUnknownBrowse
                                                    • 193.109.246.12
                                                    https://u.to/SpzbIAGet hashmaliciousUnknownBrowse
                                                    • 193.109.246.12
                                                    LisectAVT_2403002B_38.exeGet hashmaliciousSalityBrowse
                                                    • 193.109.247.16
                                                    Iauncher.exeGet hashmaliciousRedLineBrowse
                                                    • 193.109.246.100
                                                    Iauncher.exeGet hashmaliciousRedLineBrowse
                                                    • 193.109.246.100
                                                    Undetections.exeGet hashmaliciousVidarBrowse
                                                    • 193.109.246.100
                                                    T4IoJqcAwY.exeGet hashmaliciousNymaim, SmokeLoader, Zealer Stealer, onlyLoggerBrowse
                                                    • 193.109.246.62
                                                    https://www.minstroy.saratov.gov.ru/communication/blog/admin-blg/1.php?pagen=12Get hashmaliciousUnknownBrowse
                                                    • 193.109.247.233
                                                    njw.exeGet hashmaliciousUnknownBrowse
                                                    • 193.109.247.229

                                                    JA3 Fingerprints

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    3b5074b1b5d032e5620f69f9f700ff0eQUOTATION REQUIRED_Enatel s.r.l..bat.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                    • 193.109.246.100
                                                    Remittance Advice.exeGet hashmaliciousMassLogger RATBrowse
                                                    • 193.109.246.100
                                                    https://email.mg.decisiontime.online/c/eJxszjFvszAQgOFfYzbQ-c4mMHj4pK_M3TqDOZdTjR1hJyj_vkqVMeujd3hXZxnHi2_Y6Qv1hohgaHifJbbhyHu75n2W5M7z7Fb2UiSnKjt3OUVJ_CqjpJ9WVoeoxwEvL62PKz9VN5szGsd5AQoLgV-oZ2_1oPuFgrWAvWnEIaAFDaM2ZGHoAsy0DGwY2VpNoAzs328fottqvRZF_xROCqeyFV_flQonDLPC6c6HhEfr8_q0v9vmcB9xlsTdl8SS0__8qQyUfKsbH6ket1K7rfgkXeLa3B3-BgAA__-9dmXGGet hashmaliciousUnknownBrowse
                                                    • 193.109.246.100
                                                    https://shortener.kountryboyzbailbonds.com/orVbdaZDUTFihPy?https://go.microsoft.com/ref=?ONSKE6784f8047cd90___store=ot&url=ONSKE6784f8047cd90&utm_source=follow-up-email&utm_medium=email&utm_campaign=abandoned%20helpful%20linkGet hashmaliciousUnknownBrowse
                                                    • 193.109.246.100
                                                    PDF-3093900299039 pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                    • 193.109.246.100
                                                    FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 193.109.246.100
                                                    rRef6010273.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 193.109.246.100
                                                    invnoIL438805.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 193.109.246.100

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ReanProject.exe_18f60645765c35ee0f394f04c966586fd22a638_9ef8d206_c0728593-4adf-4ded-b2de-7828e68cffa6\Report.wer

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):65536
                                                    Entropy (8bit):1.4236938781758652
                                                    Encrypted:false
                                                    SSDEEP:192:U9fVOf0BU/aauOJooG6ZrUFlReY5zuiF1Z24IO82:yfVlBU/aap23IY5zuiF1Y4IO82
                                                    MD5:085C5456BFFC9F3A3D0180F85C65D6BC
                                                    SHA1:DF9DDDFF5F32EFD4FF39198AC26DD97B339B18CC
                                                    SHA-256:61328E8CFB271A95A212AA61ED657B6EE4A60DB88E91F6922762C17D47327860
                                                    SHA-512:9CAF9BD754B6B81D61C64827E35D9AB786E2BDDAB1AFE3DE0FEB53898D8D2D9D4B5FA6DE3F00E675A3837ED16DE54F8E618302D87785E7DF13CB858353DB61A7
                                                    Malicious:true
                                                    Reputation:low
                                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.1.2.4.3.9.8.6.8.9.5.0.9.4.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.1.2.4.3.9.8.8.0.0.4.4.5.6.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.0.7.2.8.5.9.3.-.4.a.d.f.-.4.d.e.d.-.b.2.d.e.-.7.8.2.8.e.6.8.c.f.f.a.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.a.2.7.d.3.e.4.-.6.9.4.3.-.4.6.6.a.-.b.c.e.4.-.9.c.0.7.7.d.a.7.8.8.a.e.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.R.e.a.n.P.r.o.j.e.c.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.e.a.n.P.r.o.j.e.c.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.8.3.8.-.0.0.0.1.-.0.0.1.4.-.d.b.5.5.-.4.4.7.e.b.4.6.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.5.2.f.7.4.2.a.6.4.a.a.4.d.c.d.a.0.1.a.2.e.1.8.c.8.d.6.6.e.b.9.6.0.0.0.0.0.0.0.0.!.0.0.0.0.2.b.d.e.1.5.4.5.5.a.4.2.5.f.5.2.f.a.2.2.1.5.7.7.c.2.2.d.b.3.4.f.

                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERA1DC.tmp.dmp

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:Mini DuMP crash report, 15 streams, Mon Jan 13 12:13:07 2025, 0x1205a4 type
                                                    Category:dropped
                                                    Size (bytes):418414
                                                    Entropy (8bit):4.087591116730864
                                                    Encrypted:false
                                                    SSDEEP:6144:S8qyMJW72SWOe+x6Xb4zyoZV8va7CEyTgBYdYOB:Sf/JWSLOe+gXdTb
                                                    MD5:4332432A723386983AC42445330AE76D
                                                    SHA1:7A420A1B354205EAE81A652B7E31DB1B582BC10F
                                                    SHA-256:AD5CB1BC361AED1ED4A7F1A3132E2511483158C690D97BDED772C6A9DF03799F
                                                    SHA-512:475CB1AB88783FA53252C9DBC7BA09A74BD10EA2849A06CD766B76E57D4A68E2F364EB44F53FA08AD00A42654813EFEE44C5BAB8F52982135D3481530F8EF8DB
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:MDMP..a..... .......S..g.........................)..........<....3......d4...p..........`.......8...........T...........@a...............3...........5..............................................................................eJ......p6......GenuineIntel............T.......8...N..g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERA44E.tmp.WERInternalMetadata.xml

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):8400
                                                    Entropy (8bit):3.696000755948647
                                                    Encrypted:false
                                                    SSDEEP:192:R6l7wVeJpdUl6x6YNZSU9SGogmfZsGprw89bKDb9sfPoDjm:R6lXJg6x6YzSU9cgmfOe0b2fS6
                                                    MD5:50C476FD85CD320C653EC207FF1CAFF0
                                                    SHA1:E0583D2E17E5D0EC680EBEF759ADB76F1CFE8FA8
                                                    SHA-256:A71631FECF875B7991A1E18F5EADD5C0C892857D47A25BDD9F45B006FCF95271
                                                    SHA-512:7800D387689965F4DDD91A94E7244C6247193906C75F2B8867C539F567A7D2CB76F08B740981BA137FA667C5F73202BDB828362888E1E41CDA08AB1992EC8D5A
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.1.0.4.<./.P.i.

                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERA4CC.tmp.xml

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):4755
                                                    Entropy (8bit):4.463533287191648
                                                    Encrypted:false
                                                    SSDEEP:48:cvIwWl8zsOrJg77aI9eZWpW8VY4Ym8M4JXi3Fl+q8vaiwVaeV/8d:uIjfeI7Ao7V0JIK0tV/8d
                                                    MD5:A2DBAF4A2F2FEAEFDFB54DFF2F613F2D
                                                    SHA1:D890AD70BFE12A1C64277976BE99134DA295634B
                                                    SHA-256:BFD4CFC56D0D60E65C30DA3C5F27292DFEB77996CCB024E79A9DACC7AC89778D
                                                    SHA-512:8718951873A1E816894BC8674290EEE7BA691793D90C57BAF4F9265591103EC6407CA74621158935680109D5A1BE5C6ECF0412541CD626283E3B7EA03C5DBDF2
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="674115" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                    C:\Windows\appcompat\Programs\Amcache.hve

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:MS Windows registry file, NT/2000 or above
                                                    Category:dropped
                                                    Size (bytes):1835008
                                                    Entropy (8bit):4.416753887732901
                                                    Encrypted:false
                                                    SSDEEP:6144:Rcifpi6ceLPL9skLmb0moSWSPtaJG8nAgex285i2MMhA20X4WABlGuNB5+:ui58oSWIZBk2MM6AFBbo
                                                    MD5:19CAAF41D0F1CE55AABDCE2933735FB6
                                                    SHA1:9DCD419F4A01B49D1765A52F8401F8B131C68E7E
                                                    SHA-256:AB3901B8916578728636CEAF91599195587F6C753FC845A38C24E75ECF6E8F1F
                                                    SHA-512:2C7ACA40C922B9597B6EEB9EF542DC469BC4A311C53D52F85C58D11C389430983BC4358395A7C73F29DA628234A610699E46E74F6E08550F0723A8BDA8B15F4C
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:regfE...E....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm^....e..............................................................................................................................................................................................................................................................................................................................................L...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    Static File Info

                                                    General

                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Entropy (8bit):7.911562142988739
                                                    TrID:
                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                    • Win32 Executable (generic) a (10002005/4) 49.75%
                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                    • Windows Screen Saver (13104/52) 0.07%
                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                    File name:ReanProject.exe
                                                    File size:1'593'856 bytes
                                                    MD5:40a341513f036e4d5a356f70db6afb15
                                                    SHA1:2bde15455a425f52fa221577c22db34f217a69a5
                                                    SHA256:6858bca15eed33e61fdc4be3f87a0dfe63ccab54a659de551fcb5df52af060f4
                                                    SHA512:2610c45c2683f4773238a99e674aba88d64a45ba3f6bb97a13fc763d13d778519727bcf6087d552d40ad80de2e7cdf23379970fc3ee90bb969fe3c9a0216aa3e
                                                    SSDEEP:49152:CzS8CQJK7u2Bg76XDnjmj+e8PgnaADNAr:0SxQJK7XG6L8+e8PIaADNAr
                                                    TLSH:337512A8D7A40E27E1AA53B844770252F7B11312999AF74BFDD620F16421F9EE5003EF
                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5............."...0..H...........g... ........@.. ....................................`................................

                                                    File Icon

                                                    Icon Hash:00928e8e8686b000

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0x58672e
                                                    Entrypoint Section:.text
                                                    Digitally signed:false
                                                    Imagebase:0x400000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                    Time Stamp:0xC2C59935 [Wed Jul 19 22:41:57 2073 UTC]
                                                    TLS Callbacks:
                                                    CLR (.Net) Version:
                                                    OS Version Major:4
                                                    OS Version Minor:0
                                                    File Version Major:4
                                                    File Version Minor:0
                                                    Subsystem Version Major:4
                                                    Subsystem Version Minor:0
                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                    Entrypoint Preview

                                                    Instruction
                                                    jmp dword ptr [00402000h]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al

                                                    Data Directories

                                                    NameVirtual AddressVirtual Size Is in Section
                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x1866dc0x4f.text
                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x1880000x56e.rsrc
                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x18a0000xc.reloc
                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                    Sections

                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                    .text0x20000x1847340x18480016da32139df8f0bc62075ad52ce165afFalse0.9301525297619048data7.91471800797033IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                    .rsrc0x1880000x56e0x600a24c424d9394c472e75ea9b5bb5a35eeFalse0.4095052083333333data3.998760083873733IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                    .reloc0x18a0000xc0x200de13cd2fe2daff399d0027eff05c9df5False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                    Resources

                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                    RT_VERSION0x1880a00x2e4data0.4418918918918919
                                                    RT_MANIFEST0x1883840x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                    Imports

                                                    DLLImport
                                                    mscoree.dll_CorExeMain

                                                    Network Behavior

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Jan 13, 2025 13:13:05.517903090 CET49701443192.168.2.7193.109.246.100
                                                    Jan 13, 2025 13:13:05.517945051 CET44349701193.109.246.100192.168.2.7
                                                    Jan 13, 2025 13:13:05.518110991 CET49701443192.168.2.7193.109.246.100
                                                    Jan 13, 2025 13:13:05.576941013 CET49701443192.168.2.7193.109.246.100
                                                    Jan 13, 2025 13:13:05.576970100 CET44349701193.109.246.100192.168.2.7
                                                    Jan 13, 2025 13:13:06.588006020 CET44349701193.109.246.100192.168.2.7
                                                    Jan 13, 2025 13:13:06.588126898 CET49701443192.168.2.7193.109.246.100
                                                    Jan 13, 2025 13:13:06.591906071 CET49701443192.168.2.7193.109.246.100
                                                    Jan 13, 2025 13:13:06.591918945 CET44349701193.109.246.100192.168.2.7
                                                    Jan 13, 2025 13:13:06.592257977 CET44349701193.109.246.100192.168.2.7
                                                    Jan 13, 2025 13:13:06.643114090 CET49701443192.168.2.7193.109.246.100
                                                    Jan 13, 2025 13:13:06.649202108 CET49701443192.168.2.7193.109.246.100
                                                    Jan 13, 2025 13:13:06.691330910 CET44349701193.109.246.100192.168.2.7
                                                    Jan 13, 2025 13:13:07.066281080 CET44349701193.109.246.100192.168.2.7
                                                    Jan 13, 2025 13:13:07.066365004 CET44349701193.109.246.100192.168.2.7
                                                    Jan 13, 2025 13:13:07.066411972 CET44349701193.109.246.100192.168.2.7
                                                    Jan 13, 2025 13:13:07.066412926 CET49701443192.168.2.7193.109.246.100
                                                    Jan 13, 2025 13:13:07.066423893 CET44349701193.109.246.100192.168.2.7
                                                    Jan 13, 2025 13:13:07.066456079 CET44349701193.109.246.100192.168.2.7
                                                    Jan 13, 2025 13:13:07.066468000 CET49701443192.168.2.7193.109.246.100
                                                    Jan 13, 2025 13:13:07.066488028 CET49701443192.168.2.7193.109.246.100
                                                    Jan 13, 2025 13:13:07.066503048 CET44349701193.109.246.100192.168.2.7
                                                    Jan 13, 2025 13:13:07.066540003 CET44349701193.109.246.100192.168.2.7
                                                    Jan 13, 2025 13:13:07.066540956 CET49701443192.168.2.7193.109.246.100
                                                    Jan 13, 2025 13:13:07.066582918 CET49701443192.168.2.7193.109.246.100
                                                    Jan 13, 2025 13:13:07.077809095 CET49701443192.168.2.7193.109.246.100
                                                    Jan 13, 2025 13:13:33.604315042 CET5959853192.168.2.7162.159.36.2
                                                    Jan 13, 2025 13:13:33.609117031 CET5359598162.159.36.2192.168.2.7
                                                    Jan 13, 2025 13:13:33.609190941 CET5959853192.168.2.7162.159.36.2
                                                    Jan 13, 2025 13:13:33.613985062 CET5359598162.159.36.2192.168.2.7
                                                    Jan 13, 2025 13:13:34.062751055 CET5959853192.168.2.7162.159.36.2
                                                    Jan 13, 2025 13:13:34.067903996 CET5359598162.159.36.2192.168.2.7
                                                    Jan 13, 2025 13:13:34.067965031 CET5959853192.168.2.7162.159.36.2

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Jan 13, 2025 13:13:05.491065025 CET5590153192.168.2.71.1.1.1
                                                    Jan 13, 2025 13:13:05.509824038 CET53559011.1.1.1192.168.2.7
                                                    Jan 13, 2025 13:13:33.603760958 CET5355141162.159.36.2192.168.2.7
                                                    Jan 13, 2025 13:13:34.081356049 CET5769153192.168.2.71.1.1.1
                                                    Jan 13, 2025 13:13:34.090750933 CET53576911.1.1.1192.168.2.7

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                    Jan 13, 2025 13:13:05.491065025 CET192.168.2.71.1.1.10xc433Standard query (0)antiloxss.usite.proA (IP address)IN (0x0001)false
                                                    Jan 13, 2025 13:13:34.081356049 CET192.168.2.71.1.1.10x6eb3Standard query (0)171.39.242.20.in-addr.arpaPTR (Pointer record)IN (0x0001)false

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                    Jan 13, 2025 13:13:05.509824038 CET1.1.1.1192.168.2.70xc433No error (0)antiloxss.usite.pro193.109.246.100A (IP address)IN (0x0001)false
                                                    Jan 13, 2025 13:13:34.090750933 CET1.1.1.1192.168.2.70x6eb3Name error (3)171.39.242.20.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false

                                                    HTTP Request Dependency Graph

                                                    • antiloxss.usite.pro

                                                    HTTPS Proxied Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    0192.168.2.749701193.109.246.1004432104C:\Users\user\Desktop\ReanProject.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-13 12:13:06 UTC123OUTGET /STLprograms/NEW/kitty_mapper/ReanProject/z-Closing.txt HTTP/1.1
                                                    Host: antiloxss.usite.pro
                                                    Connection: Keep-Alive
                                                    2025-01-13 12:13:07 UTC165INHTTP/1.1 404 Not Found
                                                    Server: nginx
                                                    Date: Mon, 13 Jan 2025 12:13:04 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    2025-01-13 12:13:07 UTC4104INData Raw: 31 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 48 54 54 50 20 34 30 34 20 52 65 73 6f 75 72 63 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 20 7b 6d 61 72 67 69 6e 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 20 66 6f 6e 74 3a 20 31 32 70 78 2f 32 32 70 78 20 27 56 65 72 64 61 6e 61 27 3b 20
                                                    Data Ascii: 1000<!DOCTYPE html><html><head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <title>HTTP 404 Resource not found</title><style type="text/css">body {margin: 0; padding: 0; background: #fff; font: 12px/22px 'Verdana';
                                                    2025-01-13 12:13:07 UTC3185INData Raw: 63 36 61 0d 0a 20 66 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 6e 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 73 2c 20 6e 29 3b 20 7d 3b 0a 20 20 20 20 73 2e 74 79 70 65 20 3d 20 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3b 0a 20 20 20 20 73 2e 61 73 79 6e 63 20 3d 20 74 72 75 65 3b 0a 20 20 20 20 73 2e 73 72 63 20 3d 20 28 64 2e 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 20 3d 3d 20 22 68 74 74 70 73 3a 22 20 3f 20 22 68 74 74 70 73 3a 22 20 3a 20 22 68 74 74 70 3a 22 29 20 2b 20 22 2f 2f 6d 63 2e 79 61 6e 64 65 78 2e 72 75 2f 6d 65 74 72 69 6b 61 2f 77 61 74 63 68 2e 6a 73 22 3b 0a 20 20 20 20 69 66 20 28 77 2e 6f 70 65 72 61 20 3d 3d 20 22 5b 6f 62 6a 65 63 74 20 4f 70 65 72 61 5d 22 29 20 7b 0a
                                                    Data Ascii: c6a f = function () { n.parentNode.insertBefore(s, n); }; s.type = "text/javascript"; s.async = true; s.src = (d.location.protocol == "https:" ? "https:" : "http:") + "//mc.yandex.ru/metrika/watch.js"; if (w.opera == "[object Opera]") {
                                                    2025-01-13 12:13:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    General

                                                    Target ID:0
                                                    Start time:07:13:02
                                                    Start date:13/01/2025
                                                    Path:C:\Users\user\Desktop\ReanProject.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Users\user\Desktop\ReanProject.exe"
                                                    Imagebase:0xbc0000
                                                    File size:1'593'856 bytes
                                                    MD5 hash:40A341513F036E4D5A356F70DB6AFB15
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000000.00000002.1766438654.00000000061A0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000000.1245418469.0000000000BC2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1763191544.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    Reputation:low
                                                    Has exited:true

                                                    General

                                                    Target ID:11
                                                    Start time:07:13:06
                                                    Start date:13/01/2025
                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 2484
                                                    Imagebase:0xa0000
                                                    File size:483'680 bytes
                                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    Disassembly

                                                    Reset < >

                                                      Execution Graph

                                                      Execution Coverage:8.9%
                                                      Dynamic/Decrypted Code Coverage:100%
                                                      Signature Coverage:7.5%
                                                      Total number of Nodes:40
                                                      Total number of Limit Nodes:4
                                                      execution_graph 46004 2f0fce0 46005 2f0fd22 46004->46005 46006 2f0fd28 GetModuleHandleW 46004->46006 46005->46006 46007 2f0fd55 46006->46007 46008 2f07850 46009 2f07877 46008->46009 46010 2f07954 46009->46010 46012 2f0734c 46009->46012 46013 2f088e0 CreateActCtxA 46012->46013 46015 2f089a3 46013->46015 46016 909a9b8 46017 909aa06 DrawTextExW 46016->46017 46019 909aa5e 46017->46019 46020 a8183c0 46022 a8183f6 46020->46022 46021 a8184b5 46022->46021 46024 a81e449 46022->46024 46025 a81e49b 46024->46025 46026 a81e4b9 MonitorFromPoint 46025->46026 46027 a81e4ea 46025->46027 46026->46027 46027->46021 45996 a815708 45997 a81571a 45996->45997 45999 a815760 45996->45999 45997->45999 46000 a814598 45997->46000 46001 a81459f SetTimer 46000->46001 46003 a81590c 46001->46003 46003->45999 46028 a8198e8 46029 a819922 46028->46029 46030 a8199b3 46029->46030 46031 a81999e 46029->46031 46032 a816628 CreateIconFromResourceEx 46030->46032 46036 a816628 46031->46036 46034 a8199c2 46032->46034 46038 a816633 46036->46038 46037 a8199a9 46038->46037 46040 a81a6f7 46038->46040 46042 a81a722 46040->46042 46041 a81a72f 46041->46037 46042->46041 46043 a81a758 CreateIconFromResourceEx 46042->46043 46044 a81a7d6 46043->46044 46044->46037

                                                      Executed Functions

                                                      Function 0A816628 Relevance: 8.1, Strings: 6, Instructions: 623COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 294 a816628-a819e08 297 a81a2eb-a81a354 294->297 298 a819e0e-a819e13 294->298 305 a81a35b-a81a3e3 297->305 298->297 299 a819e19-a819e36 298->299 299->305 306 a819e3c-a819e40 299->306 348 a81a3ee-a81a46e 305->348 307 a819e42-a819e4c 306->307 308 a819e4f-a819e53 306->308 307->308 309 a819e62-a819e69 308->309 310 a819e55-a819e5f 308->310 313 a819f84-a819f89 309->313 314 a819e6f-a819e9f 309->314 310->309 318 a819f91-a819f96 313->318 319 a819f8b-a819f8f 313->319 327 a819ea5-a819f78 call a816638 * 2 314->327 328 a81a66e-a81a694 314->328 322 a819fa8-a819fd8 call a816644 * 3 318->322 319->318 321 a819f98-a819f9c 319->321 321->328 329 a819fa2-a819fa5 321->329 322->348 349 a819fde-a819fe1 322->349 327->313 356 a819f7a 327->356 336 a81a6a4 328->336 337 a81a696-a81a6a2 328->337 329->322 340 a81a6a7-a81a6ac 336->340 337->340 363 a81a475-a81a4f7 348->363 349->348 351 a819fe7-a819fe9 349->351 351->348 354 a819fef-a81a024 351->354 354->363 364 a81a02a-a81a033 354->364 356->313 370 a81a4ff-a81a581 363->370 365 a81a196-a81a19a 364->365 366 a81a039-a81a093 call a816644 * 2 call a8199d0 * 2 364->366 369 a81a1a0-a81a1a4 365->369 365->370 410 a81a0a5 366->410 411 a81a095-a81a09e 366->411 373 a81a589-a81a5b6 369->373 374 a81a1aa-a81a1b0 369->374 370->373 386 a81a5bd-a81a63d 373->386 377 a81a1b2 374->377 378 a81a1b4-a81a1e9 374->378 382 a81a1f0-a81a1f6 377->382 378->382 382->386 387 a81a1fc-a81a204 382->387 446 a81a644-a81a666 386->446 393 a81a206-a81a20a 387->393 394 a81a20b-a81a20d 387->394 393->394 400 a81a26f-a81a275 394->400 401 a81a20f-a81a233 394->401 406 a81a294-a81a2c2 400->406 407 a81a277-a81a292 400->407 431 a81a235-a81a23a 401->431 432 a81a23c-a81a240 401->432 425 a81a2ca-a81a2d6 406->425 407->425 418 a81a0a9-a81a0ab 410->418 417 a81a0a0-a81a0a3 411->417 411->418 417->418 426 a81a0b2-a81a0b6 418->426 427 a81a0ad 418->427 425->446 447 a81a2dc-a81a2e8 425->447 428 a81a0c4-a81a0ca 426->428 429 a81a0b8-a81a0bf 426->429 427->426 440 a81a0d4-a81a0d9 428->440 441 a81a0cc-a81a0d2 428->441 434 a81a161-a81a165 429->434 435 a81a24c-a81a25f call a81a6f7 431->435 432->328 437 a81a246-a81a249 432->437 443 a81a184-a81a190 434->443 444 a81a167-a81a181 434->444 452 a81a265-a81a26d 435->452 437->435 442 a81a0df-a81a0e5 440->442 441->442 449 a81a0e7-a81a0e9 442->449 450 a81a0eb-a81a0f0 442->450 443->365 443->366 444->443 446->328 455 a81a0f2-a81a104 449->455 450->455 452->425 462 a81a106-a81a10c 455->462 463 a81a10e-a81a113 455->463 464 a81a119-a81a120 462->464 463->464 469 a81a122-a81a124 464->469 470 a81a126 464->470 472 a81a12b-a81a136 469->472 470->472 473 a81a138-a81a13b 472->473 474 a81a15a 472->474 473->434 476 a81a13d-a81a143 473->476 474->434 477 a81a145-a81a148 476->477 478 a81a14a-a81a153 476->478 477->474 477->478 478->434 480 a81a155-a81a158 478->480 480->434 480->474
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1768783172.000000000A810000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A810000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_a810000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Hq$Hq$Hq$Hq$Hq$dx
                                                      • API String ID: 0-1559470966
                                                      • Opcode ID: fa7a4fcfb6f99b417150980e20b7087f56cc9529677f9d0c7d45c963a493e7fc
                                                      • Instruction ID: cc1b189c9d3aea74435a64603b44326aa5f5fcd9e6ba6a8f0eaaa9260e8f8f0e
                                                      • Opcode Fuzzy Hash: fa7a4fcfb6f99b417150980e20b7087f56cc9529677f9d0c7d45c963a493e7fc
                                                      • Instruction Fuzzy Hash: 3A328D30E042188FDB58DFA8C8907AEBBF6BF88340F548469D44AEB395DB349D45CB95
                                                      Function 0A819DC7 Relevance: 1.5, Strings: 1, Instructions: 283COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1768783172.000000000A810000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A810000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_a810000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: dx
                                                      • API String ID: 0-1288820366
                                                      • Opcode ID: 842f99e15efc92bec262fced1c53eca0e9fe88e6b751e5d0c65638fd8dd756b1
                                                      • Instruction ID: 8fd7b8adfce42720a7bcd839c89f6c2a29958f29c4a7f72e1492b9ca751b0cb1
                                                      • Opcode Fuzzy Hash: 842f99e15efc92bec262fced1c53eca0e9fe88e6b751e5d0c65638fd8dd756b1
                                                      • Instruction Fuzzy Hash: 52C18A70E052189FCB18CFA9C880799FBB6BF88300F15C5AAD449EB255EB34D985CF91
                                                      Function 0A81661F Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1768783172.000000000A810000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A810000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_a810000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: dx
                                                      • API String ID: 0-1288820366
                                                      • Opcode ID: a9c20720901ed62f317f17b69d8666ba9728b7bb2a935c6b0e65b0a15d288ef8
                                                      • Instruction ID: 5f6f2b586c3bf39bc5dfcb66c8aa6dacd537699247a7797b8cd8158e84533765
                                                      • Opcode Fuzzy Hash: a9c20720901ed62f317f17b69d8666ba9728b7bb2a935c6b0e65b0a15d288ef8
                                                      • Instruction Fuzzy Hash: C0C17A70E052189FCB18CFA9C880799FBB6BF88340F15C5AAD449EB255DB34D985CF91
                                                      Function 0A811110 Relevance: .1, Instructions: 137COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1768783172.000000000A810000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A810000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_a810000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: de992c118107e5937fceba2736754ad8422e4a3bd0962b373e935090d0393624
                                                      • Instruction ID: 6843915eb44b1af7ae81442c02cb4dadf769f91e0f1f67bf13d826214ae96cfb
                                                      • Opcode Fuzzy Hash: de992c118107e5937fceba2736754ad8422e4a3bd0962b373e935090d0393624
                                                      • Instruction Fuzzy Hash: 3151A2B4E04248DFCB14DFE5D8989EDBBB6FF89311F20902AE406AB258DB345941CF85
                                                      Function 063E92E8 Relevance: 4.1, Strings: 3, Instructions: 319COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 482 63e92e8-63e92f4 483 63e92f6-63e9317 482->483 484 63e9364-63e9380 482->484 565 63e9383 call 63eae38 484->565 566 63e9383 call 63eae27 484->566 567 63e9383 call 63eadd0 484->567 486 63e9389-63e9390 487 63e9398-63e939a 486->487 488 63e9392-63e9396 486->488 490 63e93a7-63e93ae 487->490 488->487 489 63e939c-63e93a0 488->489 491 63e93da-63e941c 489->491 492 63e93a2-63e93a5 489->492 573 63e93b0 call 63eb078 490->573 574 63e93b0 call 63eb062 490->574 498 63e958b-63e95bd 491->498 499 63e9422-63e9463 491->499 492->490 493 63e93b6-63e93c6 call 63e8834 496 63e93cb-63e93d7 493->496 503 63e95bf-63e95c2 498->503 504 63e95c3-63e95c5 498->504 568 63e9469 call 63e92e8 499->568 569 63e9469 call 63e9357 499->569 570 63e9469 call 63e95a2 499->570 506 63e95c7-63e95ee 504->506 507 63e95f0-63e95fc 504->507 513 63e95ef 506->513 512 63e95fd-63e9605 507->512 512->513 514 63e9606-63e962d 512->514 523 63e966e 514->523 524 63e962f-63e9638 514->524 519 63e946f 571 63e9471 call 63e9720 519->571 572 63e9471 call 63e9710 519->572 521 63e9477-63e9563 563 63e9569 call 63ea830 521->563 564 63e9569 call 63ea840 521->564 526 63e9669-63e966a 523->526 527 63e9670 523->527 528 63e964a-63e9668 524->528 529 63e963a-63e963c 524->529 526->523 527->512 530 63e9671-63e9673 527->530 528->526 531 63e963e 529->531 532 63e9679-63e9706 529->532 530->532 536 63e9646-63e9649 531->536 560 63e956f-63e957a 562 63e9580-63e958a 560->562 563->560 564->560 565->486 566->486 567->486 568->519 569->519 570->519 571->521 572->521 573->493 574->493
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (q$(q$(q
                                                      • API String ID: 0-2103260149
                                                      • Opcode ID: 453e47e2fef4cf15e29034a5f2063154b1314ec7c09d475048f2d03997ed7c26
                                                      • Instruction ID: f9ec98e4e54569a215382298e94482e8d530f9c6c64ec4d3efe17fed91c82c61
                                                      • Opcode Fuzzy Hash: 453e47e2fef4cf15e29034a5f2063154b1314ec7c09d475048f2d03997ed7c26
                                                      • Instruction Fuzzy Hash: 0CB11230A043099FCB55EFB4D8106AEBFF6EF85210F04816AD50A9B395DB349D0ACBE1
                                                      Function 063E1134 Relevance: 4.0, Strings: 3, Instructions: 236COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 575 63e1134-63e48ea 578 63e48ec-63e48ee 575->578 579 63e48f3-63e4903 575->579 582 63e49a2-63e49c7 578->582 580 63e49ce-63e4aa0 579->580 581 63e4909-63e4919 579->581 602 63e4aa7-63e4ad2 580->602 581->580 583 63e491f-63e4923 581->583 582->580 585 63e492b-63e494a 583->585 586 63e4925 583->586 588 63e494c-63e496c call 63e42c4 call 63e42d4 call 63e1124 585->588 589 63e4971-63e4976 585->589 586->580 586->585 588->589 592 63e497f-63e4992 call 63e42f4 589->592 593 63e4978-63e497a call 63e42e4 589->593 601 63e4998-63e499f 592->601 592->602 593->592 601->582 611 63e4ad9-63e4aea call 63e4300 602->611 612 63e4ad4 call 63e42c4 602->612 615 63e4aef-63e4af2 611->615 612->611 617 63e4af4-63e4af6 615->617 618 63e4b00-63e4b7d call 63e430c 615->618 619 63e4afc-63e4aff 617->619 620 63e4b84-63e4bb3 617->620 618->620
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (q$Hq$Hq
                                                      • API String ID: 0-3730031680
                                                      • Opcode ID: 3e42f4c0305b5d42cb1e9817481b970038526b2fa97ec8550f974e0a9e9e6b3d
                                                      • Instruction ID: 5240baa80b2d331c9377692d046471e117990cdf9124ecf64ea68c4607ac7c01
                                                      • Opcode Fuzzy Hash: 3e42f4c0305b5d42cb1e9817481b970038526b2fa97ec8550f974e0a9e9e6b3d
                                                      • Instruction Fuzzy Hash: 2B71C030B003158FDB68ABB8C85466F7BF6EBC8210B54896DE446DB395DE349C06C7E9
                                                      Function 063E77A4 Relevance: 3.8, Strings: 3, Instructions: 86COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 641 63e77a4-63ec0f8 call 63eb4d4 649 63ec11a-63ec13e 641->649 650 63ec0fa-63ec0fc 641->650 652 63ec145-63ec185 649->652 651 63ec0fe-63ec10d call 63eb4e4 650->651 650->652 659 63ec112-63ec119 651->659
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: #$(q$Hq
                                                      • API String ID: 0-2215681256
                                                      • Opcode ID: fe77ac3e699fb00d272ec3fae01549b1b547787675d938020eb536dd87501d32
                                                      • Instruction ID: d5249f9f5cdb2cdadbe0ea2dd318b73c2ee05f46eb20fce4d9414dca65914b40
                                                      • Opcode Fuzzy Hash: fe77ac3e699fb00d272ec3fae01549b1b547787675d938020eb536dd87501d32
                                                      • Instruction Fuzzy Hash: 16214721B043144FD709EB79982026EBBB2EFC5200B19849EC406DF3A2EF258D07C3E6
                                                      Function 063E628C Relevance: 2.7, Strings: 2, Instructions: 218COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 685 63e628c-63e6302 call 63e52d0 691 63e6368-63e6394 685->691 692 63e6304-63e6306 685->692 694 63e639b-63e63a3 691->694 693 63e630c-63e6318 692->693 692->694 699 63e631e-63e6320 693->699 700 63e63aa-63e64e5 693->700 694->700 702 63e632a-63e6367 call 63e52dc 699->702 718 63e64eb-63e64f9 700->718 719 63e64fb-63e6501 718->719 720 63e6502-63e6548 718->720 719->720 725 63e654a-63e654d 720->725 726 63e6555 720->726 725->726 727 63e6556 726->727 727->727
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Hq$Hq
                                                      • API String ID: 0-925789375
                                                      • Opcode ID: ffa5c09e797238b605d8b08ed92d008cc740fee8f9a184f70fdd081f62289a8e
                                                      • Instruction ID: d826c28b009480d474c8bf1846f6d3ee6b260f95182e3f5364f634ede4ebb0d1
                                                      • Opcode Fuzzy Hash: ffa5c09e797238b605d8b08ed92d008cc740fee8f9a184f70fdd081f62289a8e
                                                      • Instruction Fuzzy Hash: B9818070E003188FDB14DFA9C8546AEBBF2FF89310F54856AE405EB394DB349946CBA1
                                                      Function 063EE694 Relevance: 2.7, Strings: 2, Instructions: 207COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 728 63ee694-63eefa8 731 63eefae-63eefb0 728->731 732 63ef069-63ef08e 728->732 733 63eefb8-63eefbf 731->733 734 63eefb2-63eefb6 731->734 738 63ef095-63ef0e3 732->738 734->733 735 63eefc2-63eefc6 734->735 737 63eefcc-63eefe8 735->737 735->738 739 63eeffc-63eeffe 737->739 740 63eefea-63eeffa 737->740 743 63ef001-63ef051 call 63ec5cc call 63ee6a4 call 63ee6b4 739->743 740->743 753 63ef056-63ef066 call 63ee6c0 743->753
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (q$(q
                                                      • API String ID: 0-2485164810
                                                      • Opcode ID: 460ca767a7d0af642ec38073e30dc45aab36ca8b51bbbc789bb707d756ba8b17
                                                      • Instruction ID: 75a402c7e70b5988cf22db6fc35e123fbfa9d566035bde96baf1bd03a77cfdae
                                                      • Opcode Fuzzy Hash: 460ca767a7d0af642ec38073e30dc45aab36ca8b51bbbc789bb707d756ba8b17
                                                      • Instruction Fuzzy Hash: 77713671E002199FDF54CFA9D880AEEBBF1FF88310F54812AE919A7390D7349915CBA5
                                                      Function 063E1144 Relevance: 2.7, Strings: 2, Instructions: 156COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 909 63e1144-63e43d3 912 63e43da 909->912 913 63e43d5-63e43d8 909->913 914 63e43dc-63e43ea call 63e4274 912->914 913->914 917 63e43ec-63e43f0 914->917 918 63e43fb-63e4407 914->918 919 63e440a-63e440d 917->919 920 63e43f2-63e43f8 917->920 921 63e440f-63e445a 919->921 922 63e4461-63e4464 919->922 920->918 921->922 924 63e44b8-63e451b 922->924 925 63e4466-63e44b1 922->925 934 63e451d-63e4520 924->934 935 63e4523-63e4545 924->935 925->924 934->935 938 63e454b-63e4556 935->938 940 63e455f-63e457c 938->940 941 63e4558-63e455e 938->941 941->940
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Hq$Hq
                                                      • API String ID: 0-925789375
                                                      • Opcode ID: a7e2c7a84725f0f828afb69b8a2022ea70f1efd8a39308ba0cacda8f3bd93568
                                                      • Instruction ID: 03a340477347f9c7945bdb3a9771ab36d2519dbbef313023223c7b5b1cd354e5
                                                      • Opcode Fuzzy Hash: a7e2c7a84725f0f828afb69b8a2022ea70f1efd8a39308ba0cacda8f3bd93568
                                                      • Instruction Fuzzy Hash: 89517C71E003188FDB14DFA9D8546AEBBF6EF89210F54842ED446E7381DB389906CBE5
                                                      Function 063E48C9 Relevance: 2.6, Strings: 2, Instructions: 121COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1022 63e48c9-63e48ea 1023 63e48ec-63e48ee 1022->1023 1024 63e48f3-63e4903 1022->1024 1027 63e49a2-63e49c7 1023->1027 1025 63e49ce-63e4aa0 1024->1025 1026 63e4909-63e4919 1024->1026 1047 63e4aa7-63e4ad2 1025->1047 1026->1025 1028 63e491f-63e4923 1026->1028 1027->1025 1030 63e492b-63e494a 1028->1030 1031 63e4925 1028->1031 1033 63e494c-63e496c call 63e42c4 call 63e42d4 call 63e1124 1030->1033 1034 63e4971-63e4976 1030->1034 1031->1025 1031->1030 1033->1034 1037 63e497f-63e4992 call 63e42f4 1034->1037 1038 63e4978-63e497a call 63e42e4 1034->1038 1046 63e4998-63e499f 1037->1046 1037->1047 1038->1037 1046->1027 1056 63e4ad9-63e4aea call 63e4300 1047->1056 1057 63e4ad4 call 63e42c4 1047->1057 1060 63e4aef-63e4af2 1056->1060 1057->1056 1062 63e4af4-63e4af6 1060->1062 1063 63e4b00-63e4b7d call 63e430c 1060->1063 1064 63e4afc-63e4aff 1062->1064 1065 63e4b84-63e4bb3 1062->1065 1063->1065
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (q$Hq
                                                      • API String ID: 0-1154169777
                                                      • Opcode ID: 7d13432c62805b8f9c3f4762c0fe0fdc3af004cc027ed71ebb0c2721c376bd2e
                                                      • Instruction ID: 1f261c95b5045ea463be4a1d671232da8243c4875f2c3cfb73e8f7540715c7a9
                                                      • Opcode Fuzzy Hash: 7d13432c62805b8f9c3f4762c0fe0fdc3af004cc027ed71ebb0c2721c376bd2e
                                                      • Instruction Fuzzy Hash: C841C130B002059FDB595BA5986463F7EFBEFC8250B58846DD54AE7794CE348C06C3E8
                                                      Function 063EAFB0 Relevance: 2.6, Strings: 2, Instructions: 60COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Teq$Teq
                                                      • API String ID: 0-2938103587
                                                      • Opcode ID: 690cad46b6492513da822f12db5de9dfae4ef6129479bbb06faae26fd6626742
                                                      • Instruction ID: 4c8b507990d02ebd2f78529c8524ede6ed9f62996b9eec0a7f01b9c33c96bdf8
                                                      • Opcode Fuzzy Hash: 690cad46b6492513da822f12db5de9dfae4ef6129479bbb06faae26fd6626742
                                                      • Instruction Fuzzy Hash: 43119130B002159FCF949B69D918ADEB7EAAF88610F14006AE506E73A5CF759C06C7E1
                                                      Function 02F0734C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateActCtxA.KERNEL32(?), ref: 02F08991
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1762442353.0000000002F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F00000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2f00000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID: Create
                                                      • String ID:
                                                      • API String ID: 2289755597-0
                                                      • Opcode ID: 888665f97aa7e8671051a6b1de93cae28b7a75224ef529e33edd64268996442b
                                                      • Instruction ID: 1db56b64fd3514504b33b1084bc9db65d8882672d9c10160e6373848ea69d131
                                                      • Opcode Fuzzy Hash: 888665f97aa7e8671051a6b1de93cae28b7a75224ef529e33edd64268996442b
                                                      • Instruction Fuzzy Hash: EF41F171C0071DCBDB24DFAAC884B9DBBF1BF48354F20816AD509AB250DB756946CF90
                                                      Function 0A81A6F7 Relevance: 1.6, APIs: 1, Instructions: 89windowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?), ref: 0A81A7C7
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1768783172.000000000A810000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A810000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_a810000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID: CreateFromIconResource
                                                      • String ID:
                                                      • API String ID: 3668623891-0
                                                      • Opcode ID: d0a677fc8c63e365c4ed1ff3652cd607336deba1497409ad1473dd92bba99577
                                                      • Instruction ID: 693f8cefe19212b15e897af308f432515fa5fb1ec3b1dbb4937c9a52293de674
                                                      • Opcode Fuzzy Hash: d0a677fc8c63e365c4ed1ff3652cd607336deba1497409ad1473dd92bba99577
                                                      • Instruction Fuzzy Hash: 8C31A1718053899FCB12CFA9C840ADEBFF8EF09310F1484AAE954E7262C3359954CFA1
                                                      Function 0A81E449 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • MonitorFromPoint.USER32(?,?,00000002), ref: 0A81E4D7
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1768783172.000000000A810000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A810000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_a810000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID: FromMonitorPoint
                                                      • String ID:
                                                      • API String ID: 1566494148-0
                                                      • Opcode ID: 14b73e54168e251c41b642eaffc9019a616d4d0528f2098404873c93d4d2147f
                                                      • Instruction ID: c51f2e30738deadc5a87da2bed873eb5757954324f1434d67d8ebf3c06a0cda8
                                                      • Opcode Fuzzy Hash: 14b73e54168e251c41b642eaffc9019a616d4d0528f2098404873c93d4d2147f
                                                      • Instruction Fuzzy Hash: 0921BB709043498FCB109FA5C455BEEFFF5FB49320F14809AE895AB380CA35A944CFA1
                                                      Function 0909A9B3 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • DrawTextExW.USER32(?,?,?,?,?,?), ref: 0909AA4F
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1768404344.0000000009090000.00000040.00000800.00020000.00000000.sdmp, Offset: 09090000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_9090000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID: DrawText
                                                      • String ID:
                                                      • API String ID: 2175133113-0
                                                      • Opcode ID: 1b0706c3e49eeb1ba7a92220fb82515bb0143678f3fefe5cf2e68ca9b6404788
                                                      • Instruction ID: 84b02669d15570765dc1117b1f7fdbf59588d92b3cb7cccccca0e0b4884c7c9e
                                                      • Opcode Fuzzy Hash: 1b0706c3e49eeb1ba7a92220fb82515bb0143678f3fefe5cf2e68ca9b6404788
                                                      • Instruction Fuzzy Hash: 6C31DFB5D102499FDB10CF9AD884AEEBBF5AB48320F14842AE819A7210D775A945CFA4
                                                      Function 0909A9B8 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • DrawTextExW.USER32(?,?,?,?,?,?), ref: 0909AA4F
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1768404344.0000000009090000.00000040.00000800.00020000.00000000.sdmp, Offset: 09090000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_9090000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID: DrawText
                                                      • String ID:
                                                      • API String ID: 2175133113-0
                                                      • Opcode ID: 7f609327eb5852dc01b22a4b733cd8f927d6790dc46f6b2994d566bcd9dbeba2
                                                      • Instruction ID: 66b0df9db64db283e80d6e846f7d1d4f2c6edd8e6ede5a512d30a7b8722f4270
                                                      • Opcode Fuzzy Hash: 7f609327eb5852dc01b22a4b733cd8f927d6790dc46f6b2994d566bcd9dbeba2
                                                      • Instruction Fuzzy Hash: 7721DFB5D103099FDB10CF9AD984AAEFBF5FB48320F14842AE919A7210D775A945CFA0
                                                      Function 0A81A758 Relevance: 1.6, APIs: 1, Instructions: 53windowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?), ref: 0A81A7C7
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1768783172.000000000A810000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A810000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_a810000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID: CreateFromIconResource
                                                      • String ID:
                                                      • API String ID: 3668623891-0
                                                      • Opcode ID: 52eee5f427fb64f90b66d8c65a84a7e3b7c3b4dad46d94c322a82dea7901d157
                                                      • Instruction ID: 7709af7e2e617b1ec4cdfb5cfc404aa7cc6b6d83dcec630c15fcb530dca95098
                                                      • Opcode Fuzzy Hash: 52eee5f427fb64f90b66d8c65a84a7e3b7c3b4dad46d94c322a82dea7901d157
                                                      • Instruction Fuzzy Hash: 8B1149B58003499FDB10CF9AC884BDEBFF8EB48320F14841AE555A3250C339A954DFA5
                                                      Function 0A814549 Relevance: 1.6, APIs: 1, Instructions: 50timeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetTimer.USER32(?,0553AF30,?,?), ref: 0A8158FD
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1768783172.000000000A810000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A810000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_a810000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID: Timer
                                                      • String ID:
                                                      • API String ID: 2870079774-0
                                                      • Opcode ID: b67dd7e1b4814748b16973ff1c7fa8321877812546739310030a31fc51450fcc
                                                      • Instruction ID: 81ff15d8dc351bd5d7e52a27b52cc3e65513e8efbc3b7dd4609879bb9837f59d
                                                      • Opcode Fuzzy Hash: b67dd7e1b4814748b16973ff1c7fa8321877812546739310030a31fc51450fcc
                                                      • Instruction Fuzzy Hash: A51113B5804348DFDB20DF8AD885BEEBBF8EB48324F10841AD515A7240D375A944CFA5
                                                      Function 02F0FCE0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 02F0FD46
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1762442353.0000000002F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F00000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2f00000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID: HandleModule
                                                      • String ID:
                                                      • API String ID: 4139908857-0
                                                      • Opcode ID: 07974159168713d6f8f282a413c9459897dd86d88ebd0b2c944130cb342022d1
                                                      • Instruction ID: 574829b350af18c95bd429325cf78c75e241f8ad71f1a834b319c7b533ce6419
                                                      • Opcode Fuzzy Hash: 07974159168713d6f8f282a413c9459897dd86d88ebd0b2c944130cb342022d1
                                                      • Instruction Fuzzy Hash: 371102B5C003498FDB20DF9AC444A9EFBF4AF88314F10851AD519A7650C775A545CFA1
                                                      Function 0A814598 Relevance: 1.5, APIs: 1, Instructions: 47timeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetTimer.USER32(?,0553AF30,?,?), ref: 0A8158FD
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1768783172.000000000A810000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A810000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_a810000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID: Timer
                                                      • String ID:
                                                      • API String ID: 2870079774-0
                                                      • Opcode ID: 6da75a3c41297833e307a1e0630491ed92442f295d651a2908d7fd20f8ad5cc7
                                                      • Instruction ID: a5f3107e3f4500a7ffec83bc62a710b63e234d6d784aadc27bad42b79fc33d8e
                                                      • Opcode Fuzzy Hash: 6da75a3c41297833e307a1e0630491ed92442f295d651a2908d7fd20f8ad5cc7
                                                      • Instruction Fuzzy Hash: 9011F5B58043499FDB20DF9AD485BDEBBF8EB48320F10841AE915A7240D375A944CFA5
                                                      Function 063E7110 Relevance: 1.5, Strings: 1, Instructions: 295COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (q
                                                      • API String ID: 0-2414175341
                                                      • Opcode ID: 5882ffc3067c6ce3f8be73ef9f9a02fd50ff8793dcef37033bcd8a973b5a5066
                                                      • Instruction ID: 7c27046d2d4b1f36f6929202c576603aa5dbeac09f2df00ccab5e863ad667961
                                                      • Opcode Fuzzy Hash: 5882ffc3067c6ce3f8be73ef9f9a02fd50ff8793dcef37033bcd8a973b5a5066
                                                      • Instruction Fuzzy Hash: 0D910070E003589FCB58DFA9D844A9EBFF6FF89310F10846AE455A7391DB349806CBA1
                                                      Function 063E9FB8 Relevance: 1.5, Strings: 1, Instructions: 261COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ,q
                                                      • API String ID: 0-196045463
                                                      • Opcode ID: b01edbedeb245cad8162a69e736d392215923bf8c1f12ec7c315eb0f6169bfa7
                                                      • Instruction ID: 7a03a0433e412c494e4d174079d02597be68df4276b68c39a6acbc2588f05a6e
                                                      • Opcode Fuzzy Hash: b01edbedeb245cad8162a69e736d392215923bf8c1f12ec7c315eb0f6169bfa7
                                                      • Instruction Fuzzy Hash: B6819734F002298FEFE4977A881473926D66FC9241B2840A5D907CB7D0EE21CC06CBF2
                                                      Function 063EB4AC Relevance: 1.4, Strings: 1, Instructions: 182COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: LRq
                                                      • API String ID: 0-3187445251
                                                      • Opcode ID: a75e1c20304d64cdc966316b0f051507ab256f3917551416e987f97f1d6fadc0
                                                      • Instruction ID: 39b2037d25f5981931e9b7e3d6e0ce02f63397ad643bbe3686e07f62c6a6277a
                                                      • Opcode Fuzzy Hash: a75e1c20304d64cdc966316b0f051507ab256f3917551416e987f97f1d6fadc0
                                                      • Instruction Fuzzy Hash: E8616A75E102188FDB58DFA9C844B9EBBF5BF48310F158069E816AB391D7349806CFA5
                                                      Function 063EC514 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (q
                                                      • API String ID: 0-2414175341
                                                      • Opcode ID: 2e71faab8567c48a4fcac90cb1723d6fb5ad6752690860fe94666c85d32c31f2
                                                      • Instruction ID: 4e857c9fc3dcc26dfa1b941f7ad1bcdbd767134c26c613dd5ad468bacded7fce
                                                      • Opcode Fuzzy Hash: 2e71faab8567c48a4fcac90cb1723d6fb5ad6752690860fe94666c85d32c31f2
                                                      • Instruction Fuzzy Hash: 1D511471E00259DFCF05CFA9D8845DDBBB6FF89300F24812AE555BB254EB309966CBA0
                                                      Function 063E5948 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Hq
                                                      • API String ID: 0-1594803414
                                                      • Opcode ID: 3f4eb9a68161dcd2a0dd22fe97d0fdc323f002e7908f6673343c6b5824f34eb2
                                                      • Instruction ID: d897e9c8841f176b3b9c78cb8c71e2534316a419df830d820f6a219e6e52d0fa
                                                      • Opcode Fuzzy Hash: 3f4eb9a68161dcd2a0dd22fe97d0fdc323f002e7908f6673343c6b5824f34eb2
                                                      • Instruction Fuzzy Hash: 5241E374A00209ABCB059FB4E854A9EBBB7FFC8320F044569E502AB354DF359801CBE1
                                                      Function 063E8580 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: t?et
                                                      • API String ID: 0-2781634749
                                                      • Opcode ID: 72ba8ba8f10fdc38a361fe2853006b1a97a36ed7fe0b839cc11efe39e3f837ff
                                                      • Instruction ID: 0cdc1a0389f76fd5eb1df26b9194c0f1cc45444206a82568335dcc63d63b6fe4
                                                      • Opcode Fuzzy Hash: 72ba8ba8f10fdc38a361fe2853006b1a97a36ed7fe0b839cc11efe39e3f837ff
                                                      • Instruction Fuzzy Hash: B231B130A00208DFDB15AF60D9597AE7BBBEB84305F108038E506A77A5DF795D45CBE1
                                                      Function 063E7790 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: #
                                                      • API String ID: 0-1885708031
                                                      • Opcode ID: f3487709b314e60eb1ab0c6ae90800b3ca5ca9c9e0e801ca70c682453b9fdf06
                                                      • Instruction ID: 4a3ba00ee9d2415e437a04796fd815c7188e01a7639625dc9b74fa92ba4bad2f
                                                      • Opcode Fuzzy Hash: f3487709b314e60eb1ab0c6ae90800b3ca5ca9c9e0e801ca70c682453b9fdf06
                                                      • Instruction Fuzzy Hash: B1113432A107248BD700DFB9C8502EFBBB5EF84610B14819EC4198F2A1EB32C90BC7E1
                                                      Function 063EC082 Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: #
                                                      • API String ID: 0-1885708031
                                                      • Opcode ID: 1bf76cf47d147b3c87a9bff10e09ed9d38d6621d4389f4aa7cbfe8c856959677
                                                      • Instruction ID: 6bea70a6877d8cfcfbb813b14fff7d2c7bc865279c8f52078518083db287afb3
                                                      • Opcode Fuzzy Hash: 1bf76cf47d147b3c87a9bff10e09ed9d38d6621d4389f4aa7cbfe8c856959677
                                                      • Instruction Fuzzy Hash: 25012635B102148BC744CFA9C8406AFB7B6EF84700B1484AED8199B361EB71C907C7E1
                                                      Function 063E9720 Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (q
                                                      • API String ID: 0-2414175341
                                                      • Opcode ID: d9c624ded17b6ea1abdbcf5ec4b10162fa3addca62fdf51d16bca76b4e2efb4d
                                                      • Instruction ID: 57a50a8fd99d01730cdbb1242beb273d5157e95b34818ae99da2e6f8f1eb8113
                                                      • Opcode Fuzzy Hash: d9c624ded17b6ea1abdbcf5ec4b10162fa3addca62fdf51d16bca76b4e2efb4d
                                                      • Instruction Fuzzy Hash: DD01B530E1421B8FCB44EFB8D8142EE7BB6EF86211F104569D609F7244EA305A0ACBD0
                                                      Function 063EBE20 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: LRq
                                                      • API String ID: 0-3187445251
                                                      • Opcode ID: ee0a5ca917c5b00cdd3708bdd6aacc3fb058e8354b246bb66291fcfafae21195
                                                      • Instruction ID: efa5c8be016d00d4dd34741e9124be595919399aa49263a1050531b6ea71e95f
                                                      • Opcode Fuzzy Hash: ee0a5ca917c5b00cdd3708bdd6aacc3fb058e8354b246bb66291fcfafae21195
                                                      • Instruction Fuzzy Hash: B3F0F6317016105FD7555A2AAD50A6B6BBABBCAA10B1450AFF20BD73A6DD109C06C7F0
                                                      Function 063EA830 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID: 0-76226702
                                                      • Opcode ID: d07af2d6e97ec4ecdd5dd8cbde2c3c79bf958cf9e90720312c2fe78d46f44754
                                                      • Instruction ID: 8b9634770cd696ff7655661a3e872761477a79b84dbdba6414251cbef203f890
                                                      • Opcode Fuzzy Hash: d07af2d6e97ec4ecdd5dd8cbde2c3c79bf958cf9e90720312c2fe78d46f44754
                                                      • Instruction Fuzzy Hash: 3EF046353003046B83519379AC009DBBF97EEC1130705C62AD20A8F314EE216D0A83F6
                                                      Function 063E8C50 Relevance: 1.3, Strings: 1, Instructions: 39COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'q
                                                      • API String ID: 0-1807707664
                                                      • Opcode ID: 1f3e4238ddf49809d375969a1c1c6e522bf8d881f285b1084156ef52af68569e
                                                      • Instruction ID: 4b4bab54369d185b2b1d01bce1c02a6765049339323d3404e32ba3621a83deb5
                                                      • Opcode Fuzzy Hash: 1f3e4238ddf49809d375969a1c1c6e522bf8d881f285b1084156ef52af68569e
                                                      • Instruction Fuzzy Hash: 6D018F70E01209AFCB04EFB8E94A58C7FB6EF84311F1441A9D4069B305EA356E49CBA2
                                                      Function 063EA840 Relevance: 1.3, Strings: 1, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID: 0-76226702
                                                      • Opcode ID: dbeac4e37764daeb72abcf8e0da59485c445e4c13e68cec2713b41c80db7e897
                                                      • Instruction ID: b7c253bb5fc703afd93fffb827eca5f1f330e2000ab88b2089158ec6d41abd23
                                                      • Opcode Fuzzy Hash: dbeac4e37764daeb72abcf8e0da59485c445e4c13e68cec2713b41c80db7e897
                                                      • Instruction Fuzzy Hash: BFF0A735700304579354A769D84099FBB97EEC1171704CA39D61E8F354EE71BD0AC7E5
                                                      Function 063E8C60 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'q
                                                      • API String ID: 0-1807707664
                                                      • Opcode ID: 858d2a7623cc152cabe735fe5ee78ed9c2eed2407205044363a529d6051a197f
                                                      • Instruction ID: 32ccbb867e8db3385e2f6e2e4f5b9a57d2e50ddc4917d9325087203105f20b21
                                                      • Opcode Fuzzy Hash: 858d2a7623cc152cabe735fe5ee78ed9c2eed2407205044363a529d6051a197f
                                                      • Instruction Fuzzy Hash: B2F06930A00209EFCB04EFB8E94958CBFB6FF44301F1445A9D806AB304EA356E49CB95
                                                      Function 063ED448 Relevance: .8, Instructions: 752COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7fad93d950590c751a6a89a4bc355489824ba96f79d507046daa71c22d06ccff
                                                      • Instruction ID: e5c3d30e8223ce8b63c069cac852f1f0aadc927f89c4edd94a9469056450550a
                                                      • Opcode Fuzzy Hash: 7fad93d950590c751a6a89a4bc355489824ba96f79d507046daa71c22d06ccff
                                                      • Instruction Fuzzy Hash: C062FDB0D04B518FDFB4DB7494883AE76E2AF81340F10495FD1BADA2D0DB78944ACBA5
                                                      Function 063ED442 Relevance: .5, Instructions: 458COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 18356b42ef57b7aed76efbf87ca76f53cfe3169ad024dd5e40f807c789203d3a
                                                      • Instruction ID: 7d65d6d95db5bcc0dbde891289fd8a7554c8432c036de2f7d87e12d9f1837c02
                                                      • Opcode Fuzzy Hash: 18356b42ef57b7aed76efbf87ca76f53cfe3169ad024dd5e40f807c789203d3a
                                                      • Instruction Fuzzy Hash: 38126EB0D09B924EDFB4DF64848439EB6D1AF45380F20499BD0FAD9295C778908BCB99
                                                      Function 063EA3D0 Relevance: .2, Instructions: 186COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 84eb3cab0ee720953ec20c48151c34200c50b68e4c78109aa457634e4103cd2c
                                                      • Instruction ID: 569ff7819638a1824c7df0aabff1abbd4532ae5e73a8fb04f4e4959748c21b93
                                                      • Opcode Fuzzy Hash: 84eb3cab0ee720953ec20c48151c34200c50b68e4c78109aa457634e4103cd2c
                                                      • Instruction Fuzzy Hash: CE71DF30A006198FCB14CF58C4808AEBBF6FF84310B1589A9C55A9B391DB31FC96CBE4
                                                      Function 063E4DA8 Relevance: .2, Instructions: 167COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bcd4be5b3cde84c9ce6de6cc110218424dfad223ca6eded596b8d2bcd9c6d307
                                                      • Instruction ID: b7e4ae47245ea694a6670f23cac169fa58d8aad94de44a7c11f2aa75ecb89d23
                                                      • Opcode Fuzzy Hash: bcd4be5b3cde84c9ce6de6cc110218424dfad223ca6eded596b8d2bcd9c6d307
                                                      • Instruction Fuzzy Hash: A4518D30B006218FDB54DB69C894B6AB7F6AF8C600F104569D50ADB3E2DB75EC06CBA0
                                                      Function 063E4D98 Relevance: .1, Instructions: 136COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1c1b3665f8094e82369048ec50fb604dfc6f8d2d555c3d6915b485d0ed4a48f9
                                                      • Instruction ID: 56353b1b49acdd54c8e030da8bd1204da4216fef90eaffc8f91c31b3a3647c57
                                                      • Opcode Fuzzy Hash: 1c1b3665f8094e82369048ec50fb604dfc6f8d2d555c3d6915b485d0ed4a48f9
                                                      • Instruction Fuzzy Hash: 83418C34B006158FCB54DF68C884BAABBF6AF8D700F104469D50A9B792DB75EC06CBA0
                                                      Function 063EADD0 Relevance: .1, Instructions: 134COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 918997a327febf12afa056e84107207616e4066dffcdaa5953ba4932edd20d01
                                                      • Instruction ID: d55a8fbb8adc4c77bb22f2aa1e108b3898dfed3aa5d712b4a3aa9e767c578e86
                                                      • Opcode Fuzzy Hash: 918997a327febf12afa056e84107207616e4066dffcdaa5953ba4932edd20d01
                                                      • Instruction Fuzzy Hash: DC41F1347002149FDB18AB68D814B6F7BEBEBC8611F244069E406DB795CE359C4287E1
                                                      Function 063E8340 Relevance: .1, Instructions: 127COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 48baabd3251938d798fc0687657bfd5838c9aa299faf84ee2045c6c80538a6f5
                                                      • Instruction ID: 52c92a8e51c1cac12311f322b9da1b9f1e5d13552d5becf7f1aadb99429d24c5
                                                      • Opcode Fuzzy Hash: 48baabd3251938d798fc0687657bfd5838c9aa299faf84ee2045c6c80538a6f5
                                                      • Instruction Fuzzy Hash: ED411B34F142688FDB54DB69C994AADBBF6BF49704F1440A9E501EB3A1DA71D804CB60
                                                      Function 063E54E8 Relevance: .1, Instructions: 124COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 096bc24cde50b630e264008003a86141913db3df3e5e6ddcf9f28a84ab8985af
                                                      • Instruction ID: 86e8ab0562890142995f735bdb05c4eac8bf2a523c0e5ab3113592b826fa5ee4
                                                      • Opcode Fuzzy Hash: 096bc24cde50b630e264008003a86141913db3df3e5e6ddcf9f28a84ab8985af
                                                      • Instruction Fuzzy Hash: 82417F75E002288FDB94EFB4D4507AE7AB2EB88228F141439D512B72C0DB369985CBE5
                                                      Function 063E9B90 Relevance: .1, Instructions: 117COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9bab171b3490c8aee72fcb3308e4e04e5cf8ff5abee2291fee6542088d6d2ca9
                                                      • Instruction ID: 24ca43762efc6ac55da44471dcd1583b7c44c0a8568bf05ec7740b2fa3339085
                                                      • Opcode Fuzzy Hash: 9bab171b3490c8aee72fcb3308e4e04e5cf8ff5abee2291fee6542088d6d2ca9
                                                      • Instruction Fuzzy Hash: CE413D75F002188FDB55EBA9C8547EEBBF2AF88211F149469D402BB3C4DA749845CBE4
                                                      Function 063EA670 Relevance: .1, Instructions: 116COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 992da8b8a9aed6bb679d2a7dfb0d2f8089e5e7c94ac12b5944c0231afcfc8e43
                                                      • Instruction ID: 69cf0e992cde8c7423c346ab982804aba5d4af31de5402aedc6e67be9ab7ecc7
                                                      • Opcode Fuzzy Hash: 992da8b8a9aed6bb679d2a7dfb0d2f8089e5e7c94ac12b5944c0231afcfc8e43
                                                      • Instruction Fuzzy Hash: BC41A274E0021A8FCB50DFA8C881AAEBBB6FF44310F108559D554DB385D770E946CBE0
                                                      Function 063EB078 Relevance: .1, Instructions: 114COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4ac23cefc4e10c7d26210bb017428cb96b8aa9c57039b93c7ca00c8d08e87a3d
                                                      • Instruction ID: f73d15acac8f00a01c82f448647dc09545abd51b080e1c80c669e0d0671af5d8
                                                      • Opcode Fuzzy Hash: 4ac23cefc4e10c7d26210bb017428cb96b8aa9c57039b93c7ca00c8d08e87a3d
                                                      • Instruction Fuzzy Hash: 92418B75D103099FCB11DFA9C844ADEFBFAEF88310F10842AE606A7250DB35A945CBA1
                                                      Function 063EF860 Relevance: .1, Instructions: 112COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 77960821919d4342c5d16da68fdcd0bb348c5ca646647c004cf35d4a0ce963f3
                                                      • Instruction ID: 0749a663110c606abd748a4637454d38b08ac431e6fc8ea32a9effe485a216ae
                                                      • Opcode Fuzzy Hash: 77960821919d4342c5d16da68fdcd0bb348c5ca646647c004cf35d4a0ce963f3
                                                      • Instruction Fuzzy Hash: 93416035E02218AFDB44DFA8E984BDEBBB2EF8A300F144066E50577390DB706D45CB91
                                                      Function 063EE890 Relevance: .1, Instructions: 109COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b7299b215f6e42d39f9b0a3a16805f087a25451f38f589f5fcfef41951c017f1
                                                      • Instruction ID: fb1f4f9c17b8dc011e0f29c991c89755e184ea77c673a5a86d495245c93f1375
                                                      • Opcode Fuzzy Hash: b7299b215f6e42d39f9b0a3a16805f087a25451f38f589f5fcfef41951c017f1
                                                      • Instruction Fuzzy Hash: 3E415F35E02218AFDB44DFA8E984BEEBBB2EF85300F144469E50577390DB706D45CB91
                                                      Function 063ECD78 Relevance: .1, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 78ba54a09747ea2c7145f9d15cfb438bc2afa2713a1eebeee757cfdb8c244532
                                                      • Instruction ID: f6dacfeb04bd5e8ac0c9eacc7b6423634f7dfc2b4c2569f5a710aa99ec8f3ac1
                                                      • Opcode Fuzzy Hash: 78ba54a09747ea2c7145f9d15cfb438bc2afa2713a1eebeee757cfdb8c244532
                                                      • Instruction Fuzzy Hash: A431AE71A087569FC755AF19E48956FBFE4EBC4200F40A859E8F1822C4E7319839CBD2
                                                      Function 063E8B08 Relevance: .1, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7a0ca0b7518a81a12762320a9f536045071962c1e547ef6fdd5e3f755ee470d8
                                                      • Instruction ID: 91d6b458041a7a58bfcfedd277f7ff0dd206c6f2d52e9f3910785ccdd2aa911d
                                                      • Opcode Fuzzy Hash: 7a0ca0b7518a81a12762320a9f536045071962c1e547ef6fdd5e3f755ee470d8
                                                      • Instruction Fuzzy Hash: AD41C2B0E057558FDB20DFAAD80479EBBF5EB85310F04892AD41AD7390DB389845CBA5
                                                      Function 063E9D80 Relevance: .1, Instructions: 103COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e08b45d83ca54593aeb2f5e06bfc733f96edb23d10549cc72c5b56e310047e8f
                                                      • Instruction ID: 8387bf08ed8a977e3a60b0a5ef38cabac9b659f4225f50180d7d3642e665f744
                                                      • Opcode Fuzzy Hash: e08b45d83ca54593aeb2f5e06bfc733f96edb23d10549cc72c5b56e310047e8f
                                                      • Instruction Fuzzy Hash: 4041E974A002288FDB64DFA8D948BDD7BF5BB8C311F110254E905AB3E1DB759D05CBA0
                                                      Function 063E46E6 Relevance: .1, Instructions: 102COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 049e1af80a776a9b5ed9b25cac94555a25484b95bae29b7c8062dedf8ec375ef
                                                      • Instruction ID: 952db07b668155b7c2f2df2194b41868a9cd815eea46fc5135a2a487d57175e4
                                                      • Opcode Fuzzy Hash: 049e1af80a776a9b5ed9b25cac94555a25484b95bae29b7c8062dedf8ec375ef
                                                      • Instruction Fuzzy Hash: F341E2B1D00319DBDB24CFA9C984ACEBBF5BF48304F64802AD408AB255D7756A4ACF90
                                                      Function 063ED2C0 Relevance: .1, Instructions: 102COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 80a2ed7be7f7314fbec5c731e5e4e5bba0023fd94f7661da781920cdbf86e036
                                                      • Instruction ID: 045bfc21eba5ed44118378aef0f50ae304d9e27ab3998caacc3f20be3229a055
                                                      • Opcode Fuzzy Hash: 80a2ed7be7f7314fbec5c731e5e4e5bba0023fd94f7661da781920cdbf86e036
                                                      • Instruction Fuzzy Hash: A931C131A00629CBCB40DF68E8910BFBBB6FF45711B18846BE818DB291E735C845CBE1
                                                      Function 063EAE27 Relevance: .1, Instructions: 99COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0c15bcb73183d0e1b408bb36f7563c300dbdd9bc7bc5c6f487d9a6dde057e80f
                                                      • Instruction ID: d0a7a35dc17ab5437df118e479105a7e469802dcf76ebcd2f59dcd98b8738f26
                                                      • Opcode Fuzzy Hash: 0c15bcb73183d0e1b408bb36f7563c300dbdd9bc7bc5c6f487d9a6dde057e80f
                                                      • Instruction Fuzzy Hash: 3931F3307002149FEB18AB78D854B6E7AEBEBCC711F24407DE406A7795CE799C4287E0
                                                      Function 063E46F0 Relevance: .1, Instructions: 96COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 986a70f336752f7493b03cd664656e4887426cebbb82d14be7f9dbd4b0d0d6d1
                                                      • Instruction ID: 4d37a99664dd340e6bc7124ea2a138055dc912861662876071493aa4782fc393
                                                      • Opcode Fuzzy Hash: 986a70f336752f7493b03cd664656e4887426cebbb82d14be7f9dbd4b0d0d6d1
                                                      • Instruction Fuzzy Hash: 6041C2B1D00359CBDB24DFA9C984ACDBBF5BF48304F64802AD408AB255D7756A4ACF90
                                                      Function 063E54D8 Relevance: .1, Instructions: 93COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 67f104ad9fce599de0fa733092088132025b6267ce0e615ad5534223362dc89b
                                                      • Instruction ID: 169bf4f8014ebfedf5fb8b7757d3438bd2fa1032dca8253b3550277d4edaf5db
                                                      • Opcode Fuzzy Hash: 67f104ad9fce599de0fa733092088132025b6267ce0e615ad5534223362dc89b
                                                      • Instruction Fuzzy Hash: 4031C471D013188FDB68AF7584107EE7AA2EF84324F104839D402AB2C1DF3A8945CBE5
                                                      Function 063E6418 Relevance: .1, Instructions: 92COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8f7c159b3fe73eb9bf00c5489cc0dd952edc385ab6a4a14a7eaebaa05b790fc2
                                                      • Instruction ID: 62e487228f0bbc853501b57925952238de581f21741aa5b67d564d4c40c41dcc
                                                      • Opcode Fuzzy Hash: 8f7c159b3fe73eb9bf00c5489cc0dd952edc385ab6a4a14a7eaebaa05b790fc2
                                                      • Instruction Fuzzy Hash: 2941CFB1D10358DFDB14CF9AC885ADEFBB5BF88310F60812AE419AB254DB75A845CF90
                                                      Function 063E45D8 Relevance: .1, Instructions: 89COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5bb5fb1f6a3a7e4a7b06d0bba71ba0c53292bc4252901762d25beb712a8b6792
                                                      • Instruction ID: d4c3a66886fd691f852722bad718408cf9bba779c1e9230f9a48cd612ade16e2
                                                      • Opcode Fuzzy Hash: 5bb5fb1f6a3a7e4a7b06d0bba71ba0c53292bc4252901762d25beb712a8b6792
                                                      • Instruction Fuzzy Hash: 1D31C0316042019FC721DF78D85499BBBF6AF85210B5988AED546DB351DF31E80A8BE1
                                                      Function 063EAE38 Relevance: .1, Instructions: 89COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 046e68d239520a15e944a7dc68dae7f8972492f65fbfcf737688d10c1f777fa8
                                                      • Instruction ID: 9171b6c7777bf177f33a787881d4e6c6e870806759fa1db78df7cee2653c7cac
                                                      • Opcode Fuzzy Hash: 046e68d239520a15e944a7dc68dae7f8972492f65fbfcf737688d10c1f777fa8
                                                      • Instruction Fuzzy Hash: 0631B130B002159FEB18AB68C81876E7AE7EBCC711F24807DE406D7395CE799C0297E0
                                                      Function 063E1A60 Relevance: .1, Instructions: 87COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cacd8792b1c668a3b94eb900ea973d62192f1107615d903fc45c5ad72e310eb0
                                                      • Instruction ID: eaae39667ee3f5205bb70164167ac9011c96dc4941b093c65591267cbddb4ab2
                                                      • Opcode Fuzzy Hash: cacd8792b1c668a3b94eb900ea973d62192f1107615d903fc45c5ad72e310eb0
                                                      • Instruction Fuzzy Hash: F4213B323043945FCF634B64AD107BE7FA69B86200F08409BF55ACB2D2C635D89AC3B1
                                                      Function 063E0CD8 Relevance: .1, Instructions: 83COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 849584670dcf422aacb0ea3b6a9837e32cdfd9c926988bf0181c4c918ab8eb9e
                                                      • Instruction ID: df79d514354bf3290403243b9fc478897914d6f811c6475da93dde52f99d2da0
                                                      • Opcode Fuzzy Hash: 849584670dcf422aacb0ea3b6a9837e32cdfd9c926988bf0181c4c918ab8eb9e
                                                      • Instruction Fuzzy Hash: EB31F478E002099FDB44DFA9D944AAEBBF2FF89300F10946AE414B7354DB34A945CFA5
                                                      Function 063ED29B Relevance: .1, Instructions: 82COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 425de43bcbb20a20b9722024c1ab1c41d0e19c086bfb0a592ccb7d218b68a535
                                                      • Instruction ID: c795562940c847712703b9bbc76c21b001fdad928370984167a819746925e08d
                                                      • Opcode Fuzzy Hash: 425de43bcbb20a20b9722024c1ab1c41d0e19c086bfb0a592ccb7d218b68a535
                                                      • Instruction Fuzzy Hash: 7A31B47190939A8FCB41CF64DC901AF7FB5EF46200B0984A7E854DB292E7349D09C7B2
                                                      Function 063EC95D Relevance: .1, Instructions: 81COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 79817bf91399c692b38780ec5bbd934ce81260a57a5a8c3f264cdb41daf1d848
                                                      • Instruction ID: 469a4ead4d3c8d1a04503940d56a72424162b444dd8c7b07c1a5265b5908e0ec
                                                      • Opcode Fuzzy Hash: 79817bf91399c692b38780ec5bbd934ce81260a57a5a8c3f264cdb41daf1d848
                                                      • Instruction Fuzzy Hash: A6218135A102089BCF159FA4D854AEEBBFAEB8C300F048155F912A3391CB315C00CFA0
                                                      Function 063EC5DC Relevance: .1, Instructions: 79COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 68be7b353bb625111c73882a329a3f2a4ec1714360c8cced28f58b573312fcff
                                                      • Instruction ID: 685ae4f29c9b4938205a646380728b97a8315fddf4708a7317bb1931b5f8266a
                                                      • Opcode Fuzzy Hash: 68be7b353bb625111c73882a329a3f2a4ec1714360c8cced28f58b573312fcff
                                                      • Instruction Fuzzy Hash: B631CEB9900219AFCB50CF99D884ADEBBF5FF48310F10842AE919A7350D775A915CFA0
                                                      Function 063ED100 Relevance: .1, Instructions: 79COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 79c3d24b3df6581665958eae4f7c9aeb4887c70704c550d70447cefafe68648b
                                                      • Instruction ID: 6320a820cc45c4f0e0ac41ea6d24975cf1fccc980cebd218208ceaf799d132a1
                                                      • Opcode Fuzzy Hash: 79c3d24b3df6581665958eae4f7c9aeb4887c70704c550d70447cefafe68648b
                                                      • Instruction Fuzzy Hash: 2A31E2B5D002089FCB50CF99D884ADEBBF5EB48310F10852AE929A7350D775A955CFA0
                                                      Function 063E0CE8 Relevance: .1, Instructions: 77COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9a4c5240db28348c253c7f42f82771ac14682f48e1d43eb62d7b83ca9cf06c52
                                                      • Instruction ID: a63a443999159f7d1a8ea1051f6814e88594cd64bf9a4cc814aed7312be34396
                                                      • Opcode Fuzzy Hash: 9a4c5240db28348c253c7f42f82771ac14682f48e1d43eb62d7b83ca9cf06c52
                                                      • Instruction Fuzzy Hash: 0A31F478E002099FDB44DFA9D944AAEBBF6FF88300F109469E510B7354DB34A940CFA5
                                                      Function 0161D6A0 Relevance: .1, Instructions: 77COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1762111644.000000000161D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0161D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_161d000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d10e2a57c0e16528fbde5904548c524a9fbbb2b9e1a181d152492f45bda6815f
                                                      • Instruction ID: 59ea616525b05c76bf89a907db711c979bb5701211383aff4d6a691ce9522eb5
                                                      • Opcode Fuzzy Hash: d10e2a57c0e16528fbde5904548c524a9fbbb2b9e1a181d152492f45bda6815f
                                                      • Instruction Fuzzy Hash: E5210875504280DFDF05DF54DDC8B26BBA6FB88314F28C569E9090B35AC336D416CBA1
                                                      Function 0161D514 Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1762111644.000000000161D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0161D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_161d000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 77fb686b97099e1ceab6854e5d60c4feadd49c988a72d7903ad9cc98ef6c54e8
                                                      • Instruction ID: 2f72067153c1c68ff588ec36a08d34cd738e4df6327cf8bec41e62c7f71cdee3
                                                      • Opcode Fuzzy Hash: 77fb686b97099e1ceab6854e5d60c4feadd49c988a72d7903ad9cc98ef6c54e8
                                                      • Instruction Fuzzy Hash: 8F2103B1504240DFDB15DF54DDC8B26BF66FB88328F28C169E8090B35AC336D456CAA2
                                                      Function 063ECD68 Relevance: .1, Instructions: 73COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 33f342e05813ae746004e5b99c7d63f4d498344bda38d0dcd7ae58d91f5c4e29
                                                      • Instruction ID: 14a7d57ce2354e2c3d1674ad0fc08ff1411f460d8bfc8d86d6433570d4d50371
                                                      • Opcode Fuzzy Hash: 33f342e05813ae746004e5b99c7d63f4d498344bda38d0dcd7ae58d91f5c4e29
                                                      • Instruction Fuzzy Hash: 99219D71608756AFC745AF19E88955FBFE4EF80210F40A859E4E1922C9E6319835CBE2
                                                      Function 0162D104 Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1762150379.000000000162D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0162D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_162d000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 804d33e0eba1b38e41d74aa3b7bcffc8f9910f8b5945d59ccb405b2305b28640
                                                      • Instruction ID: 080097e783a9a8ee2ce1a0c5be558217300ef7d1337240eb69069ccef23626ce
                                                      • Opcode Fuzzy Hash: 804d33e0eba1b38e41d74aa3b7bcffc8f9910f8b5945d59ccb405b2305b28640
                                                      • Instruction Fuzzy Hash: 3C212271604604AFEB05DF94DDC8B26BBA1FB84315F30C5ADE8494BB82C336D846CE62
                                                      Function 0162D328 Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1762150379.000000000162D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0162D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_162d000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8f6f3e3af17e57584d4b5114fea819724bd99fc8de39e52a2dd5a5c778531b18
                                                      • Instruction ID: d2e18d0f8e3c1d8783ee4ae7aa19d369c6913b6e46d5c511d32d75a6310d371a
                                                      • Opcode Fuzzy Hash: 8f6f3e3af17e57584d4b5114fea819724bd99fc8de39e52a2dd5a5c778531b18
                                                      • Instruction Fuzzy Hash: 5E212271604640DFDB05DF94D9C0B26BB65FB85324F20C5ADD80A4B386C336D846CE62
                                                      Function 0162D01C Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1762150379.000000000162D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0162D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_162d000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6234d2d36e2119fb0647163cd55b0f9da191d44c65506dc5233cc29b1afdef09
                                                      • Instruction ID: 43487fa2e5ae3b904f66497732fd6b099ddbbe6c6fc78a60ba987b8787d801b8
                                                      • Opcode Fuzzy Hash: 6234d2d36e2119fb0647163cd55b0f9da191d44c65506dc5233cc29b1afdef09
                                                      • Instruction Fuzzy Hash: 94212271604740DFDB15DF54D9C4B16BB61EB84314F20C56DD84A0B3A6C33AD847CE62
                                                      Function 063B12EC Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767206699.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: true
                                                      • Associated: 00000000.00000002.1767047389.0000000006340000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6340000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d978fc431d945a595037d23ec452ff923d7c70ddb094aeb23b30cad498b8b1d9
                                                      • Instruction ID: fbccb8776e8c67c0e56012d0d69c479e61d47cfce789182a15cf524e44231fee
                                                      • Opcode Fuzzy Hash: d978fc431d945a595037d23ec452ff923d7c70ddb094aeb23b30cad498b8b1d9
                                                      • Instruction Fuzzy Hash: D0215B35B106149FCB649E19D4C0AAAB3AAFF88720F11542AE60787B50CF71E845CBA5
                                                      Function 063EE6B4 Relevance: .1, Instructions: 70COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 47cbcdc3ca31d930547edc9bf58d80b8f17100a2e34c67645ec7eb6256fbe986
                                                      • Instruction ID: 5c2b76079aa9d7851db870eda6cbba20fd509825a9ea08f4ce7d65ff11106555
                                                      • Opcode Fuzzy Hash: 47cbcdc3ca31d930547edc9bf58d80b8f17100a2e34c67645ec7eb6256fbe986
                                                      • Instruction Fuzzy Hash: E831EEB5D002099FDB10CF9AD884AEEBBF5FB48310F10842EE919A3350D375A905CFA0
                                                      Function 063E7F30 Relevance: .1, Instructions: 68COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 238987e4b5b760f320251aa44fa0d6115de7ee6a0931f73e7b96539de99d495b
                                                      • Instruction ID: 94f755f006827c35d239f714122c0579cbd8bea32b962a3ae0504670fef121c3
                                                      • Opcode Fuzzy Hash: 238987e4b5b760f320251aa44fa0d6115de7ee6a0931f73e7b96539de99d495b
                                                      • Instruction Fuzzy Hash: 3411A132B145310B4FA6E679A58097E77F78BC41A5314486AE14ACBAC4FE29D847D3F0
                                                      Function 063EE6F8 Relevance: .1, Instructions: 67COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4b4f1686760620b01546a10b975ad5b0225b68d16f2acf52596813045d5284fd
                                                      • Instruction ID: 5c9105784c7a5b257483ab4bc5c425b13169871945944b22df3d932232db115d
                                                      • Opcode Fuzzy Hash: 4b4f1686760620b01546a10b975ad5b0225b68d16f2acf52596813045d5284fd
                                                      • Instruction Fuzzy Hash: 0511C83270071147E7619A6DEC8476AB6E7EFC4311F18887EE11ACB6E9CA74984987F0
                                                      Function 063EE8F0 Relevance: .1, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2f1438d6bb61bd749dfa0ddaf2a3c6882a6d960aaaf3cdfea99e6b6c9459ebc0
                                                      • Instruction ID: 14f1170a864e29bc46b9f002d86f515925e1a05952b2b33008ac03dbe599cb27
                                                      • Opcode Fuzzy Hash: 2f1438d6bb61bd749dfa0ddaf2a3c6882a6d960aaaf3cdfea99e6b6c9459ebc0
                                                      • Instruction Fuzzy Hash: 3911D671B112199FCB906FA4D9055AF7F7AEBC4300F21482AE45563289E7758930CBF2
                                                      Function 063E7C50 Relevance: .1, Instructions: 65COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 101402403989f8da9ea831fc7bbffee99e636e44382e761df4531857a0ffcb27
                                                      • Instruction ID: f89f16bfecd971a59637c299a0e7ea64c7183c795dfaf6bd62f0009f4d08f6ac
                                                      • Opcode Fuzzy Hash: 101402403989f8da9ea831fc7bbffee99e636e44382e761df4531857a0ffcb27
                                                      • Instruction Fuzzy Hash: 682174B59003188FCB60DFA9D840BDABFF8EB48310F10845AE558E7251C734A949CFA1
                                                      Function 063EB062 Relevance: .1, Instructions: 64COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 30a4d1caa109d948fb7e75fa5846397193a0ab6c09dbebd4b391c0d82aca64d8
                                                      • Instruction ID: 59210d5cfbe430e971d2ec3d69113f78b6620b34fd0e2acc593390151543df96
                                                      • Opcode Fuzzy Hash: 30a4d1caa109d948fb7e75fa5846397193a0ab6c09dbebd4b391c0d82aca64d8
                                                      • Instruction Fuzzy Hash: 6611C435E103599FCF028BA4CC508DABF76EF9A300B454166E201AB151EB35A955CBB1
                                                      Function 0162D006 Relevance: .1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1762150379.000000000162D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0162D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_162d000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a852bc7d3ae5367d2ce321a86bda4d08638511b0522aff2721459ad5d0b3cbbd
                                                      • Instruction ID: be58964b369ea0086f9b24e425932220fcc7513d57051473d66a18b38d37b833
                                                      • Opcode Fuzzy Hash: a852bc7d3ae5367d2ce321a86bda4d08638511b0522aff2721459ad5d0b3cbbd
                                                      • Instruction Fuzzy Hash: 4D2192755087809FCB02CF64D994B11BF71EF46314F28C5DAD8498F2A7C33A9816CB62
                                                      Function 063B1340 Relevance: .1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767206699.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: true
                                                      • Associated: 00000000.00000002.1767047389.0000000006340000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6340000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a3b59f3ce71374bcaaeaf1f6977b134390a32bb45e3bb6bf9967390224d61a24
                                                      • Instruction ID: ab84857f9f23c8d981514db7875f2abae2420c0402c159109b7df55e64621678
                                                      • Opcode Fuzzy Hash: a3b59f3ce71374bcaaeaf1f6977b134390a32bb45e3bb6bf9967390224d61a24
                                                      • Instruction Fuzzy Hash: 6D21EF71E1020A9FCB44DFADC8849AFFBF9FF98310B10855AE515E7211EB70A956CB90
                                                      Function 063E830F Relevance: .1, Instructions: 61COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3ecd9775da900d8aa1002c78b681e8fa3906a2d0c16ae2a3b120ab0dcd9a5c9b
                                                      • Instruction ID: 4ec4af63f77a84d7b723f813c8f0141f7a464b5eb6ed008aba6754b9b87f405c
                                                      • Opcode Fuzzy Hash: 3ecd9775da900d8aa1002c78b681e8fa3906a2d0c16ae2a3b120ab0dcd9a5c9b
                                                      • Instruction Fuzzy Hash: 2611C274D582989FDB56DB68DC94EDE7FF5AF49200F144096E481F7392C23498058B71
                                                      Function 063EE900 Relevance: .1, Instructions: 60COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f4fb50c009216704dd0b001d6b00a76ddb9c9102bd0d7943019859a5d276dde4
                                                      • Instruction ID: 26e79e7b306e2fbe75c376bc266217373ddcf877ff2bb15781c49bd8c25ff14a
                                                      • Opcode Fuzzy Hash: f4fb50c009216704dd0b001d6b00a76ddb9c9102bd0d7943019859a5d276dde4
                                                      • Instruction Fuzzy Hash: DF11C471B11229DBCF907FA4D8046AF7FBAEBC4300F200829E45563289E7318930CBE2
                                                      Function 063E4274 Relevance: .1, Instructions: 58COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0360918588bb519153790f61ef1425d4a9837fcdca2e585242e92cf7da1c000f
                                                      • Instruction ID: 1f39e4f58f62634243f8a2ebe1ca5558d0802f167e374feeed9dff7c834bf479
                                                      • Opcode Fuzzy Hash: 0360918588bb519153790f61ef1425d4a9837fcdca2e585242e92cf7da1c000f
                                                      • Instruction Fuzzy Hash: 8621F4B5D013199FDB10DF9AD884A9EFBF4FB48310F50842EE919A7241C375A905CFA5
                                                      Function 0161D69B Relevance: .1, Instructions: 58COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1762111644.000000000161D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0161D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_161d000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5ce60a6613beba357b00576ac525f5d38281a445edcd2f7d64ba7977a5eeb665
                                                      • Instruction ID: 1898f2b0c8c774e81ae4f84c557ef791b5a6950f08fee5bb98e401a1507c0e42
                                                      • Opcode Fuzzy Hash: 5ce60a6613beba357b00576ac525f5d38281a445edcd2f7d64ba7977a5eeb665
                                                      • Instruction Fuzzy Hash: AF219076504280DFDB06CF54D9C4B16BF72FB88314F2886A9D9490B25AC33AD456CB91
                                                      Function 0161D50F Relevance: .1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1762111644.000000000161D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0161D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_161d000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                      • Instruction ID: 5871f7027b4f5ce35fe3dfcdafeb9655e17fe4fb8214adbda6db3aceebefb93e
                                                      • Opcode Fuzzy Hash: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                      • Instruction Fuzzy Hash: 5611AF76504280CFCB16CF54D9C4B16BF72FB84324F28C5A9D8494B65AC336D456CBA1
                                                      Function 063E4300 Relevance: .1, Instructions: 55COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e5208f4cbb9071b8c8a59047068abe1331b49ddeb68918e3e487766900595e6c
                                                      • Instruction ID: f7742e8e56e963c582559f3e0fbfc6f62c5fd716710808afd61bb8845420afad
                                                      • Opcode Fuzzy Hash: e5208f4cbb9071b8c8a59047068abe1331b49ddeb68918e3e487766900595e6c
                                                      • Instruction Fuzzy Hash: 822114B5D003099FDB60DF9AD884BDEFBF8EB48320F10841AE919A7241D375A945CFA1
                                                      Function 063E4BC2 Relevance: .1, Instructions: 55COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0913247402247dd074138b5d7390de0e7ed65a80f26b520fce2e2e54cd55b235
                                                      • Instruction ID: efc204472b95751946cf916bbfa8dd358f8e86f1c47ea1b6458cb3858bfda0da
                                                      • Opcode Fuzzy Hash: 0913247402247dd074138b5d7390de0e7ed65a80f26b520fce2e2e54cd55b235
                                                      • Instruction Fuzzy Hash: 742106B5D003499FCB10CF9AD884ADEFBF8EB48320F108419E959A7250C375A545CFA1
                                                      Function 063EC1B8 Relevance: .1, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 51687ed4b2ffc335bc698e2c8def616458e7d76568ccd3ac9b60914f00f91ca9
                                                      • Instruction ID: 8a8d7750b0b1ab1e16df28c19be192edffb591551437a2e8715d0256f2657d07
                                                      • Opcode Fuzzy Hash: 51687ed4b2ffc335bc698e2c8def616458e7d76568ccd3ac9b60914f00f91ca9
                                                      • Instruction Fuzzy Hash: A41148303403114BE751A728D81079B7AC6AF80355F00856DD1968F2C2CEFA59465BE1
                                                      Function 063EB4E4 Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d040a8c0161f82287135638a5307595eba6a2443ca082f043353cc425a2b40e7
                                                      • Instruction ID: 3409ffa721c870aa77b70fc6e559b8fd203f833091bd093a9db71ab5b7ecd380
                                                      • Opcode Fuzzy Hash: d040a8c0161f82287135638a5307595eba6a2443ca082f043353cc425a2b40e7
                                                      • Instruction Fuzzy Hash: B4115B34A00618DFCB40DFA4D884AAFBBFAFF8C310F10855AE959A7314D730A805CBA1
                                                      Function 063EC890 Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e2cc54a991dfe35f03ee144aa6f23f87511e022b9e9acd6e6c97c72f8a1e1f2a
                                                      • Instruction ID: aaae548e67e7c52bdbd40917cfcb64f1c67747aa741c888ca2103efb6485f662
                                                      • Opcode Fuzzy Hash: e2cc54a991dfe35f03ee144aa6f23f87511e022b9e9acd6e6c97c72f8a1e1f2a
                                                      • Instruction Fuzzy Hash: C7116A75A00605DFCB50DFA4D884AAFBBF6FF88300F04859AE99997315D730A915CBA2
                                                      Function 0162D323 Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1762150379.000000000162D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0162D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_162d000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                                      • Instruction ID: 14f98c836b61e69b39b0a4afaa372c43881bd791778066eb835f60aef1ea2e54
                                                      • Opcode Fuzzy Hash: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                                      • Instruction Fuzzy Hash: BB11BB75504680CFCB06CF58D9C4B15BBA2FB85324F24C6AAD8494B796C33AD80ACF61
                                                      Function 0162D0FF Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1762150379.000000000162D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0162D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_162d000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                                      • Instruction ID: f8294777dd5b112088eeb20f214d0fdf6e90b02d091b2c5de04e79f1dec312dd
                                                      • Opcode Fuzzy Hash: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                                      • Instruction Fuzzy Hash: C311BB75504684CFDB06CF54C9C8B15BBA2FB84324F24C6A9DC494BB92C33AD44ACF62
                                                      Function 063E6802 Relevance: .1, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e7a4db307261a6a49b8c1c0e4b85fc86e6c1b06d27eb9ab38537005ddefc517b
                                                      • Instruction ID: 1d0c736b980cec62c7cd258dc6c444e611471f1f604f0e2155fc0e1c7a7c21a7
                                                      • Opcode Fuzzy Hash: e7a4db307261a6a49b8c1c0e4b85fc86e6c1b06d27eb9ab38537005ddefc517b
                                                      • Instruction Fuzzy Hash: E81123B5C006088FDB20DFAAC845BCEFBF9EB89320F10841AD859A3340D774A505CFA1
                                                      Function 063EB4F4 Relevance: .1, Instructions: 51COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c1212975f78b02d24d179ec58d9444a5fe4bd474190dc36da48200ea43b8a7fe
                                                      • Instruction ID: 7b3f27500e9849e24d7b84c13d66e282c75bb21931ccb2fe4ddd98db4b2e3718
                                                      • Opcode Fuzzy Hash: c1212975f78b02d24d179ec58d9444a5fe4bd474190dc36da48200ea43b8a7fe
                                                      • Instruction Fuzzy Hash: C91122303403118BE754A768D85079A7ACAAF80715F10862DD19A8F3C2CEFA6D4A5BE2
                                                      Function 063E5314 Relevance: .1, Instructions: 51COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5938bfa29778e554118cdfd0a03a493a14658cba8ae327620874a2d38acdada9
                                                      • Instruction ID: 6b032a38e5d5f133803b8340048881c5e8fcb06ce63dab9fdf6f9e726c489092
                                                      • Opcode Fuzzy Hash: 5938bfa29778e554118cdfd0a03a493a14658cba8ae327620874a2d38acdada9
                                                      • Instruction Fuzzy Hash: 361119B5C007188FDB50DF9AC445B9EFBF4EB59320F10842AD519A7350D774A945CFA1
                                                      Function 063E6E80 Relevance: .0, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f1c1611b9319c081e8af1ad7bf47ae9f73f09baf5a0d51cb1db5fca7b31a2257
                                                      • Instruction ID: f934eaec8f260afac9e527c4e1654f21ca4fe50751b2515df480b62788755605
                                                      • Opcode Fuzzy Hash: f1c1611b9319c081e8af1ad7bf47ae9f73f09baf5a0d51cb1db5fca7b31a2257
                                                      • Instruction Fuzzy Hash: 8B012631F143182FDB08DBB9A8145EE7FFE8B85220F0484AAE409C3281E9359C4287F5
                                                      Function 063E9B50 Relevance: .0, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5f313429320a18abfdedd54c42043924a2b5585747a9b3c8e7d39299ee55e8f8
                                                      • Instruction ID: 642ffeb52d9983dd37687aca675b627772297a5926791cae38c62e26dec3ae9b
                                                      • Opcode Fuzzy Hash: 5f313429320a18abfdedd54c42043924a2b5585747a9b3c8e7d39299ee55e8f8
                                                      • Instruction Fuzzy Hash: 761116B58003489FDB20DF9AC545BDEFBF8EB48320F108419E919A7340D375A945CFA1
                                                      Function 063E9357 Relevance: .0, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8603c846379ee979e2517222cd936c79ef9fbc328ed870b8c0b305e566801ba3
                                                      • Instruction ID: ec619942eb3120bba76fce4bf66529d5a4ff3982a08458f59f74bf8a14c1324a
                                                      • Opcode Fuzzy Hash: 8603c846379ee979e2517222cd936c79ef9fbc328ed870b8c0b305e566801ba3
                                                      • Instruction Fuzzy Hash: 6801C031E013149FCB90DF68C84069FBBFAEF88610F10853AD559D3295D7309909C7E0
                                                      Function 063E7C91 Relevance: .0, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c8867637d799b81d7e175cac355078187fcb6f3d476c59b70846c4d839b2f85a
                                                      • Instruction ID: a7bc5a937d1b02f6e63e754e9646ec4344a8dc85ab37f22ae711e13ef8e85c70
                                                      • Opcode Fuzzy Hash: c8867637d799b81d7e175cac355078187fcb6f3d476c59b70846c4d839b2f85a
                                                      • Instruction Fuzzy Hash: 2E1125B9D003488FCB20DF9AD445BDEBBF8EB48320F108419D529A7240C735A945CFA1
                                                      Function 063B13D8 Relevance: .0, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767206699.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: true
                                                      • Associated: 00000000.00000002.1767047389.0000000006340000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6340000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ee2604e92d4deae0cceaea2bc969a42f4389612e765c0dbe90e45e81fbc9d44f
                                                      • Instruction ID: 3f6ec587e7f81835abc3031da2f9cfc165ef3cb4f14c98bbb55c6eca60233618
                                                      • Opcode Fuzzy Hash: ee2604e92d4deae0cceaea2bc969a42f4389612e765c0dbe90e45e81fbc9d44f
                                                      • Instruction Fuzzy Hash: F101A731D012086FD748EBA9D850BDEF775DF89350F45A065D91967640CE716805CB98
                                                      Function 063E5572 Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 45f212c5736eccf62f25164b0653c2ed4b160615b2dcf25dbbadbc37f0f71b4b
                                                      • Instruction ID: f5f519b8a40540579f2adc7a925caf7852b358d084320d369416644ab48d2a6c
                                                      • Opcode Fuzzy Hash: 45f212c5736eccf62f25164b0653c2ed4b160615b2dcf25dbbadbc37f0f71b4b
                                                      • Instruction Fuzzy Hash: 6B11A171D00219CFEF54AFB5D4147AD7AB2EF94328F140439C002A62C0CB7A4985CBF5
                                                      Function 063EB8F8 Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fbfeff80d50fd1c95dc589c64c9de91cefccad4ecac9b9e51c20516fbb2ca453
                                                      • Instruction ID: 3145088fde090d862c2d5240907c888a7ca52c23a9389a9c1586fd2324a56def
                                                      • Opcode Fuzzy Hash: fbfeff80d50fd1c95dc589c64c9de91cefccad4ecac9b9e51c20516fbb2ca453
                                                      • Instruction Fuzzy Hash: 2801A235B102169FC752AB29E94096AB3E7EBC1261B048439E10BCB744DF74EC0AC7E0
                                                      Function 0161D845 Relevance: .0, Instructions: 45COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1762111644.000000000161D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0161D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_161d000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 705a93fb621a3c473bec8ff02f91eaf8944695160d4bc1c192e63bcf0ae2cf59
                                                      • Instruction ID: e1c6e051869a4671a8f3fcb15441b93d6b2b0c3ee80b874f5c46e8a0c92a606f
                                                      • Opcode Fuzzy Hash: 705a93fb621a3c473bec8ff02f91eaf8944695160d4bc1c192e63bcf0ae2cf59
                                                      • Instruction Fuzzy Hash: F101F7315043409AF7605A99CC88727BF98DF41221F0CC56AED0D0A2CAC375A842CAB2
                                                      Function 063EE728 Relevance: .0, Instructions: 44COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1447259a749a36f7610becaa1a9a756471f7e188050b526690ed44078764e21a
                                                      • Instruction ID: f37a67047a46544f23ecc3e91cb0917e4bce7d1abd48e93390f6ffa0beccd188
                                                      • Opcode Fuzzy Hash: 1447259a749a36f7610becaa1a9a756471f7e188050b526690ed44078764e21a
                                                      • Instruction Fuzzy Hash: 70F049353161359B97A89A3A8C94A3A36EEAF84A91305406DE506C76A0DFB0EC06C7F5
                                                      Function 063E7C98 Relevance: .0, Instructions: 44COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a7dd832446dd3f55afcf27dd9c77fe9900e3e5ccea4b35ded179f56107b66901
                                                      • Instruction ID: 42959b5467a09a27b678bde383f1e03557e8dc9841b523e9d97d1bc3c6365540
                                                      • Opcode Fuzzy Hash: a7dd832446dd3f55afcf27dd9c77fe9900e3e5ccea4b35ded179f56107b66901
                                                      • Instruction Fuzzy Hash: B91100B5D003488FDB20DF9AC485B9EFBF8EB48320F20841AD959A7240C779A945CFA5
                                                      Function 063EB990 Relevance: .0, Instructions: 44COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 54fafe62f823a4bf7e113d95f0b925a90af0aaa8a1b6caf63e490af32ba97569
                                                      • Instruction ID: fc201b3a10e61a4a818126ed4aa2a657bdfd1f6bf8bbaa467a580b83cb64a11f
                                                      • Opcode Fuzzy Hash: 54fafe62f823a4bf7e113d95f0b925a90af0aaa8a1b6caf63e490af32ba97569
                                                      • Instruction Fuzzy Hash: EBF04477F100199B8F41DBA9E8449EFB7F9EB88225F044176E61ED3600EB3496158BD1
                                                      Function 063EF3C0 Relevance: .0, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: da782b0805e534eba71a2f73dac991992c7ab1743c3116931d068f06c6904089
                                                      • Instruction ID: c34969783bbbf521c4f780487c61394ccd7ec0fe2455409fc91bffc0770594c7
                                                      • Opcode Fuzzy Hash: da782b0805e534eba71a2f73dac991992c7ab1743c3116931d068f06c6904089
                                                      • Instruction Fuzzy Hash: 28017B323006424BE3219B2DDC80356A7A7AFC4210F1C88BAE058CB6AAC5748849C7B0
                                                      Function 063E9E7A Relevance: .0, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 579d56b211aeb3785e2b2232188d96f1cef6f503703bf8cc131d68a152fc9368
                                                      • Instruction ID: 0bf47db95cee3dff3c8678f1d96a8e07c0abdc1e58b46d419752fed26e1e263b
                                                      • Opcode Fuzzy Hash: 579d56b211aeb3785e2b2232188d96f1cef6f503703bf8cc131d68a152fc9368
                                                      • Instruction Fuzzy Hash: 96019E71A00229CFDB50CFA0D9047D97BF4FB88716F101055E606AB2C1D77A9988CBE0
                                                      Function 063E6EED Relevance: .0, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 03dce92d3b7eabbea5af06591610fb1a0fd0234c5a398cc062b2ca652c78bc34
                                                      • Instruction ID: f514afdb2f779b3519e55a93fb13675441924d073ce003773a4f67229f4214c3
                                                      • Opcode Fuzzy Hash: 03dce92d3b7eabbea5af06591610fb1a0fd0234c5a398cc062b2ca652c78bc34
                                                      • Instruction Fuzzy Hash: 8CF09675F011345B8FD5E6A85C51ABFBBAAAB88524F100129E515A73C0DE720A1187F6
                                                      Function 063EF6E0 Relevance: .0, Instructions: 40COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 69e3f959d62d5f4c184ea3eec83f0f2557ed3cbb13cc8c30ef41c30d7d8bf985
                                                      • Instruction ID: 9c664c4865b42c9509f703a8878a75ce01641d9f003e48cbcfbbc4a580cb09fe
                                                      • Opcode Fuzzy Hash: 69e3f959d62d5f4c184ea3eec83f0f2557ed3cbb13cc8c30ef41c30d7d8bf985
                                                      • Instruction Fuzzy Hash: 5FF0F0383110318FCB589A39D854AB93B9E9F81A8130800AEE506CB6E6DFB1DC03D7F0
                                                      Function 063E4D52 Relevance: .0, Instructions: 40COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 69a896e3276c1d9f0f0ea011a12efae4cdc82e641a222caa04b5272715f4068c
                                                      • Instruction ID: 238323790f1309043699c4105ac21d12a38830fbeb85eed1a616ace299261023
                                                      • Opcode Fuzzy Hash: 69a896e3276c1d9f0f0ea011a12efae4cdc82e641a222caa04b5272715f4068c
                                                      • Instruction Fuzzy Hash: EC01F976D043049FCB50CFA4E91469DFBB1EF45220F1480ABD445E3741C735595ADB55
                                                      Function 063E9710 Relevance: .0, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cfdc2bb975be0c9497a4f2f48b261d2fa9ca489b14392902fba730dbd66ba74b
                                                      • Instruction ID: 68b5633fcc5696bfbba20845954f16bc7e0298edc6c62e59f2c2320cf3da784a
                                                      • Opcode Fuzzy Hash: cfdc2bb975be0c9497a4f2f48b261d2fa9ca489b14392902fba730dbd66ba74b
                                                      • Instruction Fuzzy Hash: 76F03771D1021B9ECF41EFA8C8052EEBBBAEE86311F118566D114A7145E730268ACBD1
                                                      Function 063E43A8 Relevance: .0, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 88dc935831b44c2199ae1d2a8cb343d999c34b00ee6c96de5efede4681011534
                                                      • Instruction ID: a0f6277ae76d33447fc9fcf2a2207613b1616d4c53f0da0d868437f2d445d463
                                                      • Opcode Fuzzy Hash: 88dc935831b44c2199ae1d2a8cb343d999c34b00ee6c96de5efede4681011534
                                                      • Instruction Fuzzy Hash: 51F0F4B5E00204AFCB54CF69D8046DEBBF1EF88210F04C0ABD819D3281D7309519CFA1
                                                      Function 063ED3E8 Relevance: .0, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fb068ec7205e8053eebc574e825403a8eb44274a85d00814641751d17e45faac
                                                      • Instruction ID: 0fd447da7615e14faa163b60438f539a0e6bf8da932ec3e9a22935aa56bc006e
                                                      • Opcode Fuzzy Hash: fb068ec7205e8053eebc574e825403a8eb44274a85d00814641751d17e45faac
                                                      • Instruction Fuzzy Hash: 33F0672250E7A45FD7436B68A8547813F79AF03210F4B44E3E188DB493C62AAC4A87A2
                                                      Function 063E8E40 Relevance: .0, Instructions: 37COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 459ccd96a2ea6ca5fd0a9cdef6e92681f4a6878504d0028325d7371ad5c1ead2
                                                      • Instruction ID: 685adc291f120f96bd55645132f833536088c62c8280053f7b46facaa0df57f6
                                                      • Opcode Fuzzy Hash: 459ccd96a2ea6ca5fd0a9cdef6e92681f4a6878504d0028325d7371ad5c1ead2
                                                      • Instruction Fuzzy Hash: 43F0F0366163459FD327AF38D840E9A3BAAEF8635070505EAE2408B265CA759C02C7A1
                                                      Function 0632095B Relevance: .0, Instructions: 37COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1766995856.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: true
                                                      • Associated: 00000000.00000002.1766963780.0000000006310000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6310000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4f0cf46ccbcb736727d6f2fab3e39894e2ac811ec9e1759d8db5466e5707e623
                                                      • Instruction ID: f05804f569d9980f89e0384c8ea709df0b224f1abb9ae735a758f58d6801a6bc
                                                      • Opcode Fuzzy Hash: 4f0cf46ccbcb736727d6f2fab3e39894e2ac811ec9e1759d8db5466e5707e623
                                                      • Instruction Fuzzy Hash: A5F0CD3680D3848FC74ACB70D9A18993F70EF03210B1900DBD4419B2B3C6316E1DD7A1
                                                      Function 063E1AB0 Relevance: .0, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b9ee1e83f2e6b12e47e7f637adbde25994ffbe5d9203e6e7eaa31d49360fd08a
                                                      • Instruction ID: 2001797cbe42d32c7d5bd8caeee69fadceee7cf4eb2b0e80ee5528a84063a76e
                                                      • Opcode Fuzzy Hash: b9ee1e83f2e6b12e47e7f637adbde25994ffbe5d9203e6e7eaa31d49360fd08a
                                                      • Instruction Fuzzy Hash: 85F089363002546BCF95AEA59C509FF7FAB9BC9210B044015FA168B381CE75DD11D7F1
                                                      Function 0161D844 Relevance: .0, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1762111644.000000000161D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0161D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_161d000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9d0e180f1c4b8bc5b1ad45fbd35a2c007f636ddc0cc0a109d9fecec855c408cf
                                                      • Instruction ID: b2e65542211252cadaa33dc19eafccfc8ae7f7c41812621d1fc0851432dbb469
                                                      • Opcode Fuzzy Hash: 9d0e180f1c4b8bc5b1ad45fbd35a2c007f636ddc0cc0a109d9fecec855c408cf
                                                      • Instruction Fuzzy Hash: BFF0C2714043409EE7108E0ACC88B63FF98EB41634F18C05AED0C0A2D7C379A840CAB1
                                                      Function 06321310 Relevance: .0, Instructions: 34COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1766995856.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: true
                                                      • Associated: 00000000.00000002.1766963780.0000000006310000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6310000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ad48e7779a3ae3087fb0d6ea76361bec29f3231541f4af529d03b92409d10954
                                                      • Instruction ID: b739bf6f63e4d10382ef91d5804c8b1174594c23b0b9494dc6f41bb28795930e
                                                      • Opcode Fuzzy Hash: ad48e7779a3ae3087fb0d6ea76361bec29f3231541f4af529d03b92409d10954
                                                      • Instruction Fuzzy Hash: 71F03A3480E3C49FC7178B7498A11997F74AF07200B4A00D7D480DB2A3C6351D48D7B7
                                                      Function 063EA8A8 Relevance: .0, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b6fec9f48b5e86439a992a0b7a1fe5422a938b8e266c24ec30cc03f2737a9686
                                                      • Instruction ID: 9bc74d72b4f536ab5a61f614658ce85457e5ef5e3619985328be116c9de5bea4
                                                      • Opcode Fuzzy Hash: b6fec9f48b5e86439a992a0b7a1fe5422a938b8e266c24ec30cc03f2737a9686
                                                      • Instruction Fuzzy Hash: 1DE02B363003542FC311026C5C11B9A7BDE9BC6561F1940F6F505DB382DC51DC0783E2
                                                      Function 063209A7 Relevance: .0, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1766995856.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: true
                                                      • Associated: 00000000.00000002.1766963780.0000000006310000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6310000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1979dcc7fd8b146a0eaf9f0ed27f7fe51063c81d138f6cfc5ac6835377f0c438
                                                      • Instruction ID: de2415cfc82d752cca699dfdad3d83366d58191630a5fef9dadfb8382975292b
                                                      • Opcode Fuzzy Hash: 1979dcc7fd8b146a0eaf9f0ed27f7fe51063c81d138f6cfc5ac6835377f0c438
                                                      • Instruction Fuzzy Hash: DFF0BE3181E3848FD346EB7498A16983FB0AF03200B0901EBC081DB0B3E6245D5EC7A2
                                                      Function 063E84B0 Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e199d2e3cb04c6075fce2790922b35de89f7d0fa7c72e118dca75a1ff4b45ae4
                                                      • Instruction ID: 4dae85c02b79eaa22095ee290ec4e50af72c8e91a9539ef5723ad78741946a44
                                                      • Opcode Fuzzy Hash: e199d2e3cb04c6075fce2790922b35de89f7d0fa7c72e118dca75a1ff4b45ae4
                                                      • Instruction Fuzzy Hash: ECF08C367600508FC754CB2CC848D9677E9AF8962030640EAF109DB373DA71DC01CB60
                                                      Function 0632055F Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1766995856.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: true
                                                      • Associated: 00000000.00000002.1766963780.0000000006310000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6310000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3937ee1b06099f0d669e67b1c45066041d32f99dc4875be18c03daa4896d61d9
                                                      • Instruction ID: bdd959340f5fc0ee00f0323ac2c99f397550785f2b5ad8829746b47192964975
                                                      • Opcode Fuzzy Hash: 3937ee1b06099f0d669e67b1c45066041d32f99dc4875be18c03daa4896d61d9
                                                      • Instruction Fuzzy Hash: CDF0F46540D3C49FC753CBA8C865A497FF09E07220B2A01DBD5D4CB6B3D229594AD762
                                                      Function 06320DAF Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1766995856.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: true
                                                      • Associated: 00000000.00000002.1766963780.0000000006310000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6310000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6638c9ab1e723a111af9024e6102aa2aba508be853c5cc61be69cea021668145
                                                      • Instruction ID: 06e6ebe81ff7acd837df5bf733d4c8252799cd2629735a3662008a12fe6f39f5
                                                      • Opcode Fuzzy Hash: 6638c9ab1e723a111af9024e6102aa2aba508be853c5cc61be69cea021668145
                                                      • Instruction Fuzzy Hash: 68F09A3480A381DFC70ACF68D9A45983FB0AF03204B2940EBD844DB2A3C338AD1DCB52
                                                      Function 063EC2C0 Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bea44272c1a73f4ef22f50f5836d737811d6f321c591af6e1cb4ee4505dbc6fd
                                                      • Instruction ID: ee1aab9ed9b9e21cf140fc3a90ba1013afbd532b08a87c631e663062528efcd2
                                                      • Opcode Fuzzy Hash: bea44272c1a73f4ef22f50f5836d737811d6f321c591af6e1cb4ee4505dbc6fd
                                                      • Instruction Fuzzy Hash: ECF0F871A147548FAF68CF18D8829997BE5FB04258724196AE42ACF302E766EC038B94
                                                      Function 063E1A10 Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4589f9631293bdce6225868b459da29d425cd5295999f99570fc3af86f055e51
                                                      • Instruction ID: ae8df0962535da644872b7e3f6eca3fea136e0efa4755e1c77299335309acfe6
                                                      • Opcode Fuzzy Hash: 4589f9631293bdce6225868b459da29d425cd5295999f99570fc3af86f055e51
                                                      • Instruction Fuzzy Hash: E5F0A7323047905FD7274214AC14F9A7F9ACBD6711F0941AEF645CB592C5A56D05C3A2
                                                      Function 0632079F Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1766995856.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: true
                                                      • Associated: 00000000.00000002.1766963780.0000000006310000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6310000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a04f4c787a56d06ab9827545a77dd6ae7ac698891b316248a123f92ce257ce8a
                                                      • Instruction ID: 6c5300d871bb3648750c90c8ec2027990e586b7063a57dbcd891bbd5472e02c9
                                                      • Opcode Fuzzy Hash: a04f4c787a56d06ab9827545a77dd6ae7ac698891b316248a123f92ce257ce8a
                                                      • Instruction Fuzzy Hash: DEF0F935849384AFC7068B74D9649487F70AF07220B1A80DBE484AB6A2C3355959DB51
                                                      Function 063E55CD Relevance: .0, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: db29c6ffc534cb51394176012f3f51cfdeba140393dd486239cbd5829cdd2178
                                                      • Instruction ID: 3d0e456e07a543b29ff3a5edcff8d0a39f5dabb591452d3cd82eff8e99bf510d
                                                      • Opcode Fuzzy Hash: db29c6ffc534cb51394176012f3f51cfdeba140393dd486239cbd5829cdd2178
                                                      • Instruction Fuzzy Hash: 81F03A70A01219CFEB58AFB5D8147AE7AB2AF94329F144439C102AA2C0DFB94845CFE5
                                                      Function 063E42E4 Relevance: .0, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f246045483ff936894fb08e885f313ae307d24e66ef53a5fc3eedca9cdf8bc8c
                                                      • Instruction ID: 1cad845385e3d95c36eb8dff77c8cc8219d3bd57401d4a7adcbe681a9f52bccf
                                                      • Opcode Fuzzy Hash: f246045483ff936894fb08e885f313ae307d24e66ef53a5fc3eedca9cdf8bc8c
                                                      • Instruction Fuzzy Hash: 66E0D171D04311AF56B4D955EC40D67B7EDEB4C2213004E1DE44AC7681D531F809C7F0
                                                      Function 063E8E50 Relevance: .0, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 85c9f9f4122e644888783a7ce7cc2c4ac5784bd38a71e6b68230bf42916b378d
                                                      • Instruction ID: 5b709a845ab24896b932c49d2e7580d8ef15de1994501c3f39e5f26ac476853f
                                                      • Opcode Fuzzy Hash: 85c9f9f4122e644888783a7ce7cc2c4ac5784bd38a71e6b68230bf42916b378d
                                                      • Instruction Fuzzy Hash: C6F0A0357112169FD715EF28D440D9A37AAEF8535031045B9E2048B224CB769C02CBE0
                                                      Function 063EBDE0 Relevance: .0, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 021601f5db6b74fe5fbf645df8c835f8d7d9acb4890d73cfe7279869f5310125
                                                      • Instruction ID: 53d8c5a64e2d7c3c8acad18e181015a33aa5a9fe7e270e8d7fe3c3e1b2124ca5
                                                      • Opcode Fuzzy Hash: 021601f5db6b74fe5fbf645df8c835f8d7d9acb4890d73cfe7279869f5310125
                                                      • Instruction Fuzzy Hash: ACE0D8727452288FC79B6B389A1065D3BA24F4911130100EBD00ECF3B2D932CC4387D1
                                                      Function 06320E43 Relevance: .0, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1766995856.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: true
                                                      • Associated: 00000000.00000002.1766963780.0000000006310000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6310000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d9ef48d365d25bd38d7507f3fc404e9123072e7c923a13bf16a4192fa5271fe8
                                                      • Instruction ID: a235b70761469fa3a4009f2d699cc4b0d5f5277d5acd27ea39ec91833e5d364e
                                                      • Opcode Fuzzy Hash: d9ef48d365d25bd38d7507f3fc404e9123072e7c923a13bf16a4192fa5271fe8
                                                      • Instruction Fuzzy Hash: ACF0583091A384DFC706DB74C89496A7FB0AF07221B1942DBD444DB6F2C2349A4CDB52
                                                      Function 06320ACC Relevance: .0, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1766995856.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: true
                                                      • Associated: 00000000.00000002.1766963780.0000000006310000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6310000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 703312a1cfae188a02b10102ffabcafac1612ea15cacf9a6c2aecfc558031d6a
                                                      • Instruction ID: 96fd3f711cb4bed40097aba2a3dc50901733610ca5182318381a329332d66a0c
                                                      • Opcode Fuzzy Hash: 703312a1cfae188a02b10102ffabcafac1612ea15cacf9a6c2aecfc558031d6a
                                                      • Instruction Fuzzy Hash: 52F08C7091E3D59FC717CBA498605AD7F74AF4B205B0500DBE484CB2A2D2354E48EB61
                                                      Function 063EC2B0 Relevance: .0, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8d01632c6b535b61e31936a529516d64e589600abd6ea04067311e1e547480ba
                                                      • Instruction ID: fb42448ae35a73538bb71489bec508ba4d3cca56614c87befda81d58b3b2af24
                                                      • Opcode Fuzzy Hash: 8d01632c6b535b61e31936a529516d64e589600abd6ea04067311e1e547480ba
                                                      • Instruction Fuzzy Hash: 74E068316043604FCF658B58D8424D83FE2EB0231431A08AFE041DF702E721EC0B87C6
                                                      Function 063EBE47 Relevance: .0, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6d0cc86c0ce4eec9182458f099648bf1f91c9c9e3f5f6b0568322a7e47e9cd7e
                                                      • Instruction ID: 30cc4711332006855fa8b78a5c4165c267ae784c1fa3cef66ac230f178b6252d
                                                      • Opcode Fuzzy Hash: 6d0cc86c0ce4eec9182458f099648bf1f91c9c9e3f5f6b0568322a7e47e9cd7e
                                                      • Instruction Fuzzy Hash: C7E0D8307106205FEA445619ED40B3BA3AAEBC4A14F1040AEE707CB2E0EE10DC0446D0
                                                      Function 063E84C0 Relevance: .0, Instructions: 27COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ab9667396a62f5ec7388eac8ad916d32927dae2263cf5ad9d22d4e997f3e3306
                                                      • Instruction ID: 90ee9fd6fe7d2fbcf1def99188bb599137bd4f878f5d8b43ddd6013d791f8f49
                                                      • Opcode Fuzzy Hash: ab9667396a62f5ec7388eac8ad916d32927dae2263cf5ad9d22d4e997f3e3306
                                                      • Instruction Fuzzy Hash: 62E0C2357604148FC754DA2ED848D65B7E9EF89A2131640AAE209CB372DA61EC01CB90
                                                      Function 063ECEC7 Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c5c0b0d8ba5933bf31bb644342e26daad6ec61794e077d5d01cfc70f5f58a0b3
                                                      • Instruction ID: 8c7397551663fd4492c5f6ab0326d4fe17f3ac8022be0bc9fb55e19906d2a342
                                                      • Opcode Fuzzy Hash: c5c0b0d8ba5933bf31bb644342e26daad6ec61794e077d5d01cfc70f5f58a0b3
                                                      • Instruction Fuzzy Hash: 7AE0D833145254AEEB929654EC00BC43F62DB55314F14C196F1448F0A6C2AB58478396
                                                      Function 063EEF2B Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 030d03d1b8f761fbdabb2b9a00ddc1e708261ae30d3ad289d5f44db245f39e3e
                                                      • Instruction ID: 3db41600bab057b033e25b11b8c426e4e526192a0ed10ccfab597dea868dd259
                                                      • Opcode Fuzzy Hash: 030d03d1b8f761fbdabb2b9a00ddc1e708261ae30d3ad289d5f44db245f39e3e
                                                      • Instruction Fuzzy Hash: BFE06D71516209DFDB403FA8E94565ABFB0FF00310F1408A9FDC122189D7B19139DBA7
                                                      Function 063E4580 Relevance: .0, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 244b2d6e8ceb58e4229d9f5edd85e6d2c14a77e7e16a5f2d9f2fe846f104ca25
                                                      • Instruction ID: 8ce7a78f52525d645908ba57eb33d3ea7d03470638ec67726bb97e259784c323
                                                      • Opcode Fuzzy Hash: 244b2d6e8ceb58e4229d9f5edd85e6d2c14a77e7e16a5f2d9f2fe846f104ca25
                                                      • Instruction Fuzzy Hash: 9FF0A07090524AEFCB42EFB4E40069CBFB6EF86200B1485EAC845E7605C63A2E16DB15
                                                      Function 063ECF08 Relevance: .0, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9c073ba7aa26a6274dd7970ce838e79507461cd01f22d8d41a2c0f7adff90cc3
                                                      • Instruction ID: 3077e31c3aff25af11d727fe93ab247d78dbbc6c152b8f727debdfbff6651ae5
                                                      • Opcode Fuzzy Hash: 9c073ba7aa26a6274dd7970ce838e79507461cd01f22d8d41a2c0f7adff90cc3
                                                      • Instruction Fuzzy Hash: 47E0723248A348AEC7823AB81C02A997F391B02200F0800A3F8C0160A2C6304238C3B7
                                                      Function 063EA8B8 Relevance: .0, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4b4fe3d18399882ebb77d7230fb6df6edb0628f95908efeb4d37b2cf112e6429
                                                      • Instruction ID: e2ed2e3ed118e265eeb5651b72c05b4ef71ff6efd6aba3a56af0506a66d8b523
                                                      • Opcode Fuzzy Hash: 4b4fe3d18399882ebb77d7230fb6df6edb0628f95908efeb4d37b2cf112e6429
                                                      • Instruction Fuzzy Hash: 41E0CD3570021027C710515D9C15B6E77DEDBCAA65F188069F609DB381DD52EC0243E5
                                                      Function 063EE530 Relevance: .0, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dc541928a7402c8f7310dc88c18e1423174c07669bbb2123c2a8de0c97694d43
                                                      • Instruction ID: 115a7bf2e6789b971295487da9b9a01b578acab240b06c71d2e93d6dd302639b
                                                      • Opcode Fuzzy Hash: dc541928a7402c8f7310dc88c18e1423174c07669bbb2123c2a8de0c97694d43
                                                      • Instruction Fuzzy Hash: A9E0867151A108DFEB403FACA98566E7F74EB00310F044CA5F9C12518CD670D038DAEB
                                                      Function 063E9F67 Relevance: .0, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 18cb0f3a00e05b7f354221f3df1832344ee5640116a2062e28a91492b2cf4167
                                                      • Instruction ID: 657a6b0cd81f55f791f77a26df241fa7441aa15b90085f4293e8b33368c5209c
                                                      • Opcode Fuzzy Hash: 18cb0f3a00e05b7f354221f3df1832344ee5640116a2062e28a91492b2cf4167
                                                      • Instruction Fuzzy Hash: CEE026729183128FCA22BB28AC002C76B628B4022170483A2A064DB5D7C668994BC3E1
                                                      Function 063EBDB0 Relevance: .0, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d775fc88c57967808fcf7eb581f35a6dc040414c8876f3c0c75ebf0e6dde00df
                                                      • Instruction ID: 162c0926c6f286271a9cda04d342e650bbc908fe03547263cd04681bdec8b03b
                                                      • Opcode Fuzzy Hash: d775fc88c57967808fcf7eb581f35a6dc040414c8876f3c0c75ebf0e6dde00df
                                                      • Instruction Fuzzy Hash: 26E07D7124D3943FD34A32791C002997F9E0F83144B8984DBD0C44B247C416985783E6
                                                      Function 063E8DF8 Relevance: .0, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9ba0f21e35094790fc81d7980d01dc89bb4c9e807198f7158696be17ca8a8cf2
                                                      • Instruction ID: 1a8a5d1976976faa4c30cd74e5972fd963ec033f53b3860e82990ec731afb748
                                                      • Opcode Fuzzy Hash: 9ba0f21e35094790fc81d7980d01dc89bb4c9e807198f7158696be17ca8a8cf2
                                                      • Instruction Fuzzy Hash: E0F01575D04208AFCB11DBA4E8488DDBBB9EB44300F1082EAE809E3241EA315B54CF91
                                                      Function 063E1A20 Relevance: .0, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3add3a5c661d6cafac3194a3431183053b3458bbdf0c0a42d0dd90a4b1bf772a
                                                      • Instruction ID: f697b5ea3b3efa9622f0a2cf6784e1e4969c69f7faed5edcd33be221eb6e4d77
                                                      • Opcode Fuzzy Hash: 3add3a5c661d6cafac3194a3431183053b3458bbdf0c0a42d0dd90a4b1bf772a
                                                      • Instruction Fuzzy Hash: 3FE086323003146BD715964AEC00F9EBBDEDBD8711F044139F709DB691CAE6790183D5
                                                      Function 063E7246 Relevance: .0, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c7465a0e4b904ade29d0cc24a14f1d46a6c0926bd06de533c010e48a688568a6
                                                      • Instruction ID: 73301e82d7501c2b686c51f8ccfd97d4c303c85bd648c65f7f8a4fcd77eefdfe
                                                      • Opcode Fuzzy Hash: c7465a0e4b904ade29d0cc24a14f1d46a6c0926bd06de533c010e48a688568a6
                                                      • Instruction Fuzzy Hash: 79E04F71D5022DDADF559BC1E9147EDBBB0FB4825BF200412E121B1980C7710554CBF0
                                                      Function 063EC4F4 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c39b4a0cdc4d34b25759432d4c80f649fb90dbda1436d927409b29e79823a0d6
                                                      • Instruction ID: e9ef4685fb586e3164fdbebd3cbec307d6b3804e885d79cb698c76746f2a7173
                                                      • Opcode Fuzzy Hash: c39b4a0cdc4d34b25759432d4c80f649fb90dbda1436d927409b29e79823a0d6
                                                      • Instruction Fuzzy Hash: 26E07232280328BBE750AA88DC00FCABF49EB88311F10C951F2081E081C2B3A80783D6
                                                      Function 063EB4D4 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 75cc49a9079dd3d4ec4826e325e54df00445d7b094a53dc23598d26454be94e6
                                                      • Instruction ID: fec9c3e3af51686451eb620be8654a4fc5a907ce9cfe8bdb3a4dcf2a5ca5e68e
                                                      • Opcode Fuzzy Hash: 75cc49a9079dd3d4ec4826e325e54df00445d7b094a53dc23598d26454be94e6
                                                      • Instruction Fuzzy Hash: 87E02B323443281BD30D275CA450BEA7ACE9FC9341F44C07BE50A8B3C1CDB59C0106E5
                                                      Function 063E430C Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d615c9d2fd1f37ccbd5c13cd20f372542bddba9d5e27c90c390873f65590a21e
                                                      • Instruction ID: aefc44c735fb7f3c8b8dc275625d2159f690b8b67f899a7219ab6906c20c93b3
                                                      • Opcode Fuzzy Hash: d615c9d2fd1f37ccbd5c13cd20f372542bddba9d5e27c90c390873f65590a21e
                                                      • Instruction Fuzzy Hash: 69E012357442249FD7997B78D954A2E7BD99F8921231108BAA407CB361DD22DC0287D5
                                                      Function 063EF820 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 56b27a9e2a6bf03927e7eadfa9b6a28b7922cbb39074c5644ad8019f31ec4e30
                                                      • Instruction ID: a0e8fdaa0e841ecfe106236e1db334199a02908628b59aec448de54433b1aba1
                                                      • Opcode Fuzzy Hash: 56b27a9e2a6bf03927e7eadfa9b6a28b7922cbb39074c5644ad8019f31ec4e30
                                                      • Instruction Fuzzy Hash: F1E0C274C11208EBC380EBA0D8017AABBBCEB02600F201459D20813180DB716905CAE9
                                                      Function 063E856F Relevance: .0, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9617955432c252ca84e9a9328d96be3843f957e42ad88cfdd7b7412a4e0c8b56
                                                      • Instruction ID: a249be50b073f28ab2ebf1706e9c287cf2a862c354f10fff28a06a8eb6565ae2
                                                      • Opcode Fuzzy Hash: 9617955432c252ca84e9a9328d96be3843f957e42ad88cfdd7b7412a4e0c8b56
                                                      • Instruction Fuzzy Hash: 11E04F35844305CFC721AF64F448B893BAAEB81309F40C5B9E5045F1A6DB7DAC5ACBE1
                                                      Function 063E4590 Relevance: .0, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: be7fc9b493e43333b3a8074f30e6955839e2375ad4e09923a3b9306c4088bf80
                                                      • Instruction ID: 29a443c422aff6a2fb1909ee43e0c09ed02f5877106e60b3989e08837a3a56d8
                                                      • Opcode Fuzzy Hash: be7fc9b493e43333b3a8074f30e6955839e2375ad4e09923a3b9306c4088bf80
                                                      • Instruction Fuzzy Hash: 46E0867090020DEFCB40EFA5E80055CBFBAFB84310B1085B9D805A7700DA363F10DB55
                                                      Function 063207C0 Relevance: .0, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1766995856.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: true
                                                      • Associated: 00000000.00000002.1766963780.0000000006310000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6310000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 75645527f6280790378b3f9ee61f84606a38be0218200a7dd9529881c0d70fd8
                                                      • Instruction ID: 544c7af66919a99283f0c5cd2f4597c22eeff445ee3c0f55238e769d2502efa4
                                                      • Opcode Fuzzy Hash: 75645527f6280790378b3f9ee61f84606a38be0218200a7dd9529881c0d70fd8
                                                      • Instruction Fuzzy Hash: 42E04F38900208FFCB44DFA8D44495DBBB4FF09321F108095E90527360C731AE98EB94
                                                      Function 063EC504 Relevance: .0, Instructions: 18COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 65b250cf6c42481a947ea00b6475f78808beacd49d0055d23caa10bbcb5d46eb
                                                      • Instruction ID: 6fba79563f400a856f47d479d03c873669ffd7727cbea21b702807b7bf8f4db6
                                                      • Opcode Fuzzy Hash: 65b250cf6c42481a947ea00b6475f78808beacd49d0055d23caa10bbcb5d46eb
                                                      • Instruction Fuzzy Hash: DBD0A731559208FAEB803EE95845A2D7F64AB00300F006852F995260C08A70913CD6F7
                                                      Function 063E4D60 Relevance: .0, Instructions: 18COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8c7fd31f461e81f0ea028ee977b8643e0e8f373b212573343fb4e70d0318ab63
                                                      • Instruction ID: dee23b4d7a6b7b12aaebb1133f748f6f83c3124f29b028565a7d1a145a175416
                                                      • Opcode Fuzzy Hash: 8c7fd31f461e81f0ea028ee977b8643e0e8f373b212573343fb4e70d0318ab63
                                                      • Instruction Fuzzy Hash: DAE01D78D04208EBC704DF94D545A5DBBB5FF45314F1081A9DC0563741C7316D55DB95
                                                      Function 06320580 Relevance: .0, Instructions: 18COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1766995856.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: true
                                                      • Associated: 00000000.00000002.1766963780.0000000006310000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6310000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4fab7a58d24d442aa822e3a09538ee22234f12d54ce69a4c44677d9e119768cf
                                                      • Instruction ID: 71cd9a74800ddf1f9896dddf4b0182f955ef5e647e22a7f652b39d5e09b46163
                                                      • Opcode Fuzzy Hash: 4fab7a58d24d442aa822e3a09538ee22234f12d54ce69a4c44677d9e119768cf
                                                      • Instruction Fuzzy Hash: 4AE0B678D10208EFC744DFA8D58565DBFF4AF09201F6000A9D90997360E630AE48DB91
                                                      Function 063EC186 Relevance: .0, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7ac0bebb1d07aeda147b1cd25e3f746ab263d1f42bbe3dba4ab24f9334d98404
                                                      • Instruction ID: 6d6287aa587670597c737795ccb0887601f53623ddf799f72e689baaae9f22b6
                                                      • Opcode Fuzzy Hash: 7ac0bebb1d07aeda147b1cd25e3f746ab263d1f42bbe3dba4ab24f9334d98404
                                                      • Instruction Fuzzy Hash: 26D05E357401244BC7095648A61079A76CA4FC8351F0A806FE50AAB391D9B04C0106D0
                                                      Function 063EF830 Relevance: .0, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 75dd2a32b59d8fbc75ae28b5c264455bccba97853d454c13314db4df6ee69846
                                                      • Instruction ID: f86452f51cb0ae68e3fbef3cdf300175327f4b36d4e94f2078ae550c8096f835
                                                      • Opcode Fuzzy Hash: 75dd2a32b59d8fbc75ae28b5c264455bccba97853d454c13314db4df6ee69846
                                                      • Instruction Fuzzy Hash: 0BD0A930C1220CABC384EAA4980266EB77CAB02200F10249A860823280CA716D08D2E8
                                                      Function 06320E60 Relevance: .0, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1766995856.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: true
                                                      • Associated: 00000000.00000002.1766963780.0000000006310000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6310000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6f5d01a553e25e58c7bf2696d5fe476f974e9d3c929719be503a666070f1e880
                                                      • Instruction ID: eeeb76ccb0b22f092f31f09f57528465c563573df922ec2db6cea48fa5a7846a
                                                      • Opcode Fuzzy Hash: 6f5d01a553e25e58c7bf2696d5fe476f974e9d3c929719be503a666070f1e880
                                                      • Instruction Fuzzy Hash: 1FE01234D10208EFC744DFA8D445A5DBBB4FF49311F5041D9D90957360C7306D48DB95
                                                      Function 06320AE8 Relevance: .0, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1766995856.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: true
                                                      • Associated: 00000000.00000002.1766963780.0000000006310000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6310000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 96a7b2cc4ba435e1bc402072c5a09ed489c943238df0b52bd4175ae92537e0ea
                                                      • Instruction ID: cd7fb31978d78b22fbcfbc082425a820f181c24f13a444ad9eebd74d8e257205
                                                      • Opcode Fuzzy Hash: 96a7b2cc4ba435e1bc402072c5a09ed489c943238df0b52bd4175ae92537e0ea
                                                      • Instruction Fuzzy Hash: 9BE08C34D04218AFC704DFA8D44556CBBB8AF06201F1000D9E80817360C6306E48EB94
                                                      Function 06320DD0 Relevance: .0, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1766995856.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: true
                                                      • Associated: 00000000.00000002.1766963780.0000000006310000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6310000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ebe4f651e2af17d593ea471cfcdc0389d35b017c9f46720fad089b7c7ca26d4d
                                                      • Instruction ID: b53adfac274f3ffa8f9dad402ec4df7e7d15abe46d115fb46c5ec465658d9445
                                                      • Opcode Fuzzy Hash: ebe4f651e2af17d593ea471cfcdc0389d35b017c9f46720fad089b7c7ca26d4d
                                                      • Instruction Fuzzy Hash: A1E0EC34900208EFC704DFA8D54595DBBB4AF45301F104199D90957360D731AD48DB95
                                                      Function 063209C8 Relevance: .0, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1766995856.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: true
                                                      • Associated: 00000000.00000002.1766963780.0000000006310000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6310000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e2d714db8e32c0894ca24c2a1c3403f9e1fde13a0911e108a5311a6552ebf564
                                                      • Instruction ID: 57bad0e50a44a808f8b2435e01c4e11abf8abd008a49ea1a84bf61f007de1fe7
                                                      • Opcode Fuzzy Hash: e2d714db8e32c0894ca24c2a1c3403f9e1fde13a0911e108a5311a6552ebf564
                                                      • Instruction Fuzzy Hash: DCD01231811208AAC744FBA8D84169DBB78EF42300F40415AD50523150EB706A98D7E5
                                                      Function 063E853F Relevance: .0, Instructions: 16COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0100c0a4a489cd2066d22dfe7f7247525245212de440bf3686bd93d24766969c
                                                      • Instruction ID: 4a82dbbc2d994454277a6c2a3e684609d1502f8aef4470ff1a76a1a54ecedc88
                                                      • Opcode Fuzzy Hash: 0100c0a4a489cd2066d22dfe7f7247525245212de440bf3686bd93d24766969c
                                                      • Instruction Fuzzy Hash: 36D0A71270B2910BD35227A86D143BA6FB5CF9221470D02EFD29EC77E3CD154C05C7A1
                                                      Function 06321330 Relevance: .0, Instructions: 16COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1766995856.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: true
                                                      • Associated: 00000000.00000002.1766963780.0000000006310000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6310000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 822d4d6536fe1529751a9043421155cf5fbb4847ed96916f0d7f58a1235e4330
                                                      • Instruction ID: 526b269308d1d67d6758959edbe652ec0a3a43364d0ac0afbe4de5ee88cec624
                                                      • Opcode Fuzzy Hash: 822d4d6536fe1529751a9043421155cf5fbb4847ed96916f0d7f58a1235e4330
                                                      • Instruction Fuzzy Hash: ACD05E74C0520CEBC704EFA8D58169EBBB9BB41305F6041A9C90527740DB316E88EB95
                                                      Function 063EBDC0 Relevance: .0, Instructions: 15COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c34df5ea9143c3ef548cb2aa88195d1071abcaa0d8badd235e13f39c94399a1b
                                                      • Instruction ID: c46fc1c9b7278c2168d29cef53cccf680923090f44dd940313aa405c4fcb02b8
                                                      • Opcode Fuzzy Hash: c34df5ea9143c3ef548cb2aa88195d1071abcaa0d8badd235e13f39c94399a1b
                                                      • Instruction Fuzzy Hash: E8D022313003342BC7092274280032D7B894BC6210F1440AEE4480B382C923DC4243C4
                                                      Function 063E9F90 Relevance: .0, Instructions: 14COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 94edda84a686edde080cefb268859cf5fd4983da501a7d4fcbb2c06b65ee30ef
                                                      • Instruction ID: 6f8a8b225f1ea8a184f59293111331d98aa2a7920a445706f62f45cc21a6c7d7
                                                      • Opcode Fuzzy Hash: 94edda84a686edde080cefb268859cf5fd4983da501a7d4fcbb2c06b65ee30ef
                                                      • Instruction Fuzzy Hash: C4C0122601A3860FC7023760A8256C23F39D902101B008AA2B14C9B197C1A84E0A87E2
                                                      Function 063E5640 Relevance: .0, Instructions: 13COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bbd85d062c752ac6ee29ccb9ed309582ec25a8c9bd327b650e116ec9b0009d66
                                                      • Instruction ID: 370c9b215e2c7d5b0f03e3df221b823fa84444697db99bef1c5ff911e21434fc
                                                      • Opcode Fuzzy Hash: bbd85d062c752ac6ee29ccb9ed309582ec25a8c9bd327b650e116ec9b0009d66
                                                      • Instruction Fuzzy Hash: A9E01775940209CFE740CF64D098EADBFB0EF0C324F249019D412E72A0CBB19804CFA0
                                                      Function 063E8550 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 43156de441475126763728f47bc2052258221e94cdff8879c7df9ac4cdf82850
                                                      • Instruction ID: de37735a562682fde22e3203067f585bb9d9e936a99379ad61f5e8b381fb697f
                                                      • Opcode Fuzzy Hash: 43156de441475126763728f47bc2052258221e94cdff8879c7df9ac4cdf82850
                                                      • Instruction Fuzzy Hash: 8FC08C21310024038344229C680417A72EECB88220B04007AAA0DC33828C524C0142E5
                                                      Function 063E54B1 Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 606d8ef1b97b3456d33dea7a93bc9d01083e62f0458e9d8e4e6260b8d818f021
                                                      • Instruction ID: 1b420ef61d66cc0314cb0321b36faaf43eb1eedb8060f078c5dc314efd896d7e
                                                      • Opcode Fuzzy Hash: 606d8ef1b97b3456d33dea7a93bc9d01083e62f0458e9d8e4e6260b8d818f021
                                                      • Instruction Fuzzy Hash: 13C0123086E22ECFDF11CF28ECC54883B22F650364B104034A842BBE46D6B8A806C782
                                                      Function 063E1114 Relevance: .0, Instructions: 9COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 16724539e138be729321b62977399c4c06cae3bdb75b7304a72c16b107f98c1d
                                                      • Instruction ID: d8e0d249dbcdc944c6cc58c358474b77b167cfeba28e9c0fad1d03d43087f69e
                                                      • Opcode Fuzzy Hash: 16724539e138be729321b62977399c4c06cae3bdb75b7304a72c16b107f98c1d
                                                      • Instruction Fuzzy Hash: 4BC02B2414830046D2C0D3A404407196B409BB1B01F00CC066008092C1C031881AD7BB
                                                      Function 063E9FA0 Relevance: .0, Instructions: 7COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bc94944334cc3557170fdac9f2f2722bd2e51b757d0fc1093c1308c79eb7adea
                                                      • Instruction ID: 77dafac41a2418b826bf7fc1e5e86a9c79a7e786a6ab10c6d0eef088bd089f1e
                                                      • Opcode Fuzzy Hash: bc94944334cc3557170fdac9f2f2722bd2e51b757d0fc1093c1308c79eb7adea
                                                      • Instruction Fuzzy Hash: 57B0123602030D4FC5007B50F804745371EE940205F404930A20C0B5495A7C3C4A8AC5
                                                      Function 063E1B62 Relevance: .0, Instructions: 7COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a056f6e4eb2677bff9f78d6dd7dc58dbf9f2d46d7624aa039afb36ca4a01b976
                                                      • Instruction ID: 418ad9fa8639512b076f360c6982415eb209828647473f851ff6d45d5db41039
                                                      • Opcode Fuzzy Hash: a056f6e4eb2677bff9f78d6dd7dc58dbf9f2d46d7624aa039afb36ca4a01b976
                                                      • Instruction Fuzzy Hash: 96B092961CD2D808FAC9D2A818427945B111BB2604F89C89AD684080C2C0524117D76A
                                                      Function 063EC950 Relevance: .0, Instructions: 3COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767326771.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_63e0000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 17be5c7ae9d37a6e6fbd2b06bafd87635187cfe2052d9f2dca825f0e7e7e410b
                                                      • Instruction ID: 5e5670bba3577127f6c563e00290d00e0e967624557c8bc53cd2858df442ed42
                                                      • Opcode Fuzzy Hash: 17be5c7ae9d37a6e6fbd2b06bafd87635187cfe2052d9f2dca825f0e7e7e410b
                                                      • Instruction Fuzzy Hash:

                                                      Non-executed Functions

                                                      Function 0A811D17 Relevance: 15.3, Strings: 12, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1768783172.000000000A810000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A810000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_a810000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4V$4V$4V$4V$4V$4V$4V$4V$4V$4V$4V$4V
                                                      • API String ID: 0-497174993
                                                      • Opcode ID: fbba52ab9b700596a2275826cd6d76d74c3051d5e6545ba6872efef9e7bf6adb
                                                      • Instruction ID: 2d0df65785570ed86a06da2be81baa1ae4148f234b83a4d752fa2136dab464e6
                                                      • Opcode Fuzzy Hash: fbba52ab9b700596a2275826cd6d76d74c3051d5e6545ba6872efef9e7bf6adb
                                                      • Instruction Fuzzy Hash: 1BD1E535C10B5A8ACB10EFA4D85069DF7B1FF95300F608BAAE0097B614EB746A85CF91
                                                      Function 0A811D28 Relevance: 15.3, Strings: 12, Instructions: 264COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1768783172.000000000A810000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A810000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_a810000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4V$4V$4V$4V$4V$4V$4V$4V$4V$4V$4V$4V
                                                      • API String ID: 0-497174993
                                                      • Opcode ID: 494bb275a3bc18098a45faeee27ab0f3fb485bfdc0f01d839f8f56f239e48fcc
                                                      • Instruction ID: c0910403b654b60d54f0fa2e20688416a1583ebec98bc977a0a35c89753df32c
                                                      • Opcode Fuzzy Hash: 494bb275a3bc18098a45faeee27ab0f3fb485bfdc0f01d839f8f56f239e48fcc
                                                      • Instruction Fuzzy Hash: 22D1E635C10B5A8ACB10EFA4D85069DF7B1FF95200F60CBAAE0097B614EB746AC5CF91
                                                      Function 06343BAF Relevance: 3.2, Strings: 2, Instructions: 718COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767047389.0000000006340000.00000004.08000000.00040000.00000000.sdmp, Offset: 06340000, based on PE: true
                                                      • Associated: 00000000.00000002.1767206699.00000000063B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6340000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: &$:
                                                      • API String ID: 0-4100315988
                                                      • Opcode ID: 0c93044f0dfe7ef033d43361d8fc544c49a29c5934c0d63a69400f290ab71bae
                                                      • Instruction ID: 0a35708dfb3419c8dacd917f89a7922ffea6309bd93899d40a9fa5909509d2f1
                                                      • Opcode Fuzzy Hash: 0c93044f0dfe7ef033d43361d8fc544c49a29c5934c0d63a69400f290ab71bae
                                                      • Instruction Fuzzy Hash: C3622CB086DF919ED711DF78D8896C27FE4EB0E214F4401AED4F89A296EE350052CB79
                                                      Function 06343CFF Relevance: 3.1, Strings: 2, Instructions: 638COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767047389.0000000006340000.00000004.08000000.00040000.00000000.sdmp, Offset: 06340000, based on PE: true
                                                      • Associated: 00000000.00000002.1767206699.00000000063B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6340000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: &$:
                                                      • API String ID: 0-4100315988
                                                      • Opcode ID: e7892ef59a3cd8bfea9ed0ce757b13c74b5567e6c7631b13bf3ced3a0d1801ed
                                                      • Instruction ID: 949a52f2da6c40cc70fe0492a04554791112cb4c9baa9b249e120049644f77c6
                                                      • Opcode Fuzzy Hash: e7892ef59a3cd8bfea9ed0ce757b13c74b5567e6c7631b13bf3ced3a0d1801ed
                                                      • Instruction Fuzzy Hash: 53523CB086EF919ED711DF78D8496C27FE4EB0E214F0441AED4F89A296EE350052CB79
                                                      Function 06343E85 Relevance: 3.0, Strings: 2, Instructions: 544COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767047389.0000000006340000.00000004.08000000.00040000.00000000.sdmp, Offset: 06340000, based on PE: true
                                                      • Associated: 00000000.00000002.1767206699.00000000063B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6340000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: &$:
                                                      • API String ID: 0-4100315988
                                                      • Opcode ID: 2a99318b93e6d9d9f7d880b11d2fb623129775d654c9ad7d12f864b25e3e5e38
                                                      • Instruction ID: 388becdb9f301de5a2a35dee176f017590569ede7704d3566df836b90f642f67
                                                      • Opcode Fuzzy Hash: 2a99318b93e6d9d9f7d880b11d2fb623129775d654c9ad7d12f864b25e3e5e38
                                                      • Instruction Fuzzy Hash: BD323DB086EF919FD711DF78D8496827FE4EB0E214F0442AED4F49A196EE350062CB79
                                                      Function 06344155 Relevance: 2.9, Strings: 2, Instructions: 357COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767047389.0000000006340000.00000004.08000000.00040000.00000000.sdmp, Offset: 06340000, based on PE: true
                                                      • Associated: 00000000.00000002.1767206699.00000000063B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6340000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: &$:
                                                      • API String ID: 0-4100315988
                                                      • Opcode ID: eb03a3d1bfe3db07c227793aac3c578d0f57eac5320b3387dd2f6efc21b91a2c
                                                      • Instruction ID: 5091f754ba4921e1fa03a0bafefc87b66874799bf7e288b0b3bbe36e65c6c656
                                                      • Opcode Fuzzy Hash: eb03a3d1bfe3db07c227793aac3c578d0f57eac5320b3387dd2f6efc21b91a2c
                                                      • Instruction Fuzzy Hash: F9F15EB086EF919FD711CF78D8496827FE4EB0E214F1801AED4F49A196EE344062CB79
                                                      Function 06344687 Relevance: 1.5, Strings: 1, Instructions: 278COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767047389.0000000006340000.00000004.08000000.00040000.00000000.sdmp, Offset: 06340000, based on PE: true
                                                      • Associated: 00000000.00000002.1767206699.00000000063B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6340000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $
                                                      • API String ID: 0-3993045852
                                                      • Opcode ID: 758c9c3ff44ea48b0c974ea0a72c8c01839901152826d877f375fefab75147cc
                                                      • Instruction ID: 7d732be2f408ab7673d608fe318b978e0df1bb7f1df184993c7a319c80b5ae8a
                                                      • Opcode Fuzzy Hash: 758c9c3ff44ea48b0c974ea0a72c8c01839901152826d877f375fefab75147cc
                                                      • Instruction Fuzzy Hash: 23C139B0C2EB919ED711DF78D8492D17FE4EB0E214F0901AFD4E49A296EE350056CBB8
                                                      Function 06346A0D Relevance: .4, Instructions: 355COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1767047389.0000000006340000.00000004.08000000.00040000.00000000.sdmp, Offset: 06340000, based on PE: true
                                                      • Associated: 00000000.00000002.1767206699.00000000063B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6340000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 194a5f006b5d52154cb7ce2b9acee9b36842614ea3e02fcd795d992f12dc909f
                                                      • Instruction ID: de870f350b2f78d7eaddbb258f810d08fb3ea043e4b8e00e42ef6d7c84dd2b50
                                                      • Opcode Fuzzy Hash: 194a5f006b5d52154cb7ce2b9acee9b36842614ea3e02fcd795d992f12dc909f
                                                      • Instruction Fuzzy Hash: A4E1E06644E7C14FD7438B3458B62917FB09E5722875E89DBC0C08F4A3E21E585FDB22
                                                      Function 0A81785B Relevance: .1, Instructions: 105COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1768783172.000000000A810000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A810000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_a810000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8f534c6e12f7043262dd0ccefc5b9a69c926584308608272c822fbd44b8ceffd
                                                      • Instruction ID: add94e8890927102e8f8de0c5ecef359ba3526c322e605963a3305f23d3dba36
                                                      • Opcode Fuzzy Hash: 8f534c6e12f7043262dd0ccefc5b9a69c926584308608272c822fbd44b8ceffd
                                                      • Instruction Fuzzy Hash: 31412774E042199FDB04CFA8D484BEEBBF5EB49311F11846AE511F7290D738AA48CFA5
                                                      Function 0A817868 Relevance: .1, Instructions: 100COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1768783172.000000000A810000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A810000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_a810000_ReanProject.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0951c21dd39d57c85f8c3f730d6883bcbaa660e77ccc402385a91de66a99fb45
                                                      • Instruction ID: 6a00950838b1d3e721b5100e421883ffc0b3085216dac66194ed62493eabe40b
                                                      • Opcode Fuzzy Hash: 0951c21dd39d57c85f8c3f730d6883bcbaa660e77ccc402385a91de66a99fb45
                                                      • Instruction Fuzzy Hash: EB311574E002198FDB04CFA8D484BEEBBF6EB49311F118469D411B7280D738AA88CFA5